1// Copyright 2021 Google LLC. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5// Code generated file. DO NOT EDIT. 6 7// Package binaryauthorization provides access to the Binary Authorization API. 8// 9// For product documentation, see: https://cloud.google.com/binary-authorization/ 10// 11// Creating a client 12// 13// Usage example: 14// 15// import "google.golang.org/api/binaryauthorization/v1" 16// ... 17// ctx := context.Background() 18// binaryauthorizationService, err := binaryauthorization.NewService(ctx) 19// 20// In this example, Google Application Default Credentials are used for authentication. 21// 22// For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. 23// 24// Other authentication options 25// 26// To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey: 27// 28// binaryauthorizationService, err := binaryauthorization.NewService(ctx, option.WithAPIKey("AIza...")) 29// 30// To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource: 31// 32// config := &oauth2.Config{...} 33// // ... 34// token, err := config.Exchange(ctx, ...) 35// binaryauthorizationService, err := binaryauthorization.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) 36// 37// See https://godoc.org/google.golang.org/api/option/ for details on options. 38package binaryauthorization // import "google.golang.org/api/binaryauthorization/v1" 39 40import ( 41 "bytes" 42 "context" 43 "encoding/json" 44 "errors" 45 "fmt" 46 "io" 47 "net/http" 48 "net/url" 49 "strconv" 50 "strings" 51 52 googleapi "google.golang.org/api/googleapi" 53 gensupport "google.golang.org/api/internal/gensupport" 54 option "google.golang.org/api/option" 55 internaloption "google.golang.org/api/option/internaloption" 56 htransport "google.golang.org/api/transport/http" 57) 58 59// Always reference these packages, just in case the auto-generated code 60// below doesn't. 61var _ = bytes.NewBuffer 62var _ = strconv.Itoa 63var _ = fmt.Sprintf 64var _ = json.NewDecoder 65var _ = io.Copy 66var _ = url.Parse 67var _ = gensupport.MarshalJSON 68var _ = googleapi.Version 69var _ = errors.New 70var _ = strings.Replace 71var _ = context.Canceled 72var _ = internaloption.WithDefaultEndpoint 73 74const apiId = "binaryauthorization:v1" 75const apiName = "binaryauthorization" 76const apiVersion = "v1" 77const basePath = "https://binaryauthorization.googleapis.com/" 78const mtlsBasePath = "https://binaryauthorization.mtls.googleapis.com/" 79 80// OAuth2 scopes used by this API. 81const ( 82 // See, edit, configure, and delete your Google Cloud Platform data 83 CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" 84) 85 86// NewService creates a new Service. 87func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { 88 scopesOption := option.WithScopes( 89 "https://www.googleapis.com/auth/cloud-platform", 90 ) 91 // NOTE: prepend, so we don't override user-specified scopes. 92 opts = append([]option.ClientOption{scopesOption}, opts...) 93 opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) 94 opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) 95 client, endpoint, err := htransport.NewClient(ctx, opts...) 96 if err != nil { 97 return nil, err 98 } 99 s, err := New(client) 100 if err != nil { 101 return nil, err 102 } 103 if endpoint != "" { 104 s.BasePath = endpoint 105 } 106 return s, nil 107} 108 109// New creates a new Service. It uses the provided http.Client for requests. 110// 111// Deprecated: please use NewService instead. 112// To provide a custom HTTP client, use option.WithHTTPClient. 113// If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. 114func New(client *http.Client) (*Service, error) { 115 if client == nil { 116 return nil, errors.New("client is nil") 117 } 118 s := &Service{client: client, BasePath: basePath} 119 s.Projects = NewProjectsService(s) 120 s.Systempolicy = NewSystempolicyService(s) 121 return s, nil 122} 123 124type Service struct { 125 client *http.Client 126 BasePath string // API endpoint base URL 127 UserAgent string // optional additional User-Agent fragment 128 129 Projects *ProjectsService 130 131 Systempolicy *SystempolicyService 132} 133 134func (s *Service) userAgent() string { 135 if s.UserAgent == "" { 136 return googleapi.UserAgent 137 } 138 return googleapi.UserAgent + " " + s.UserAgent 139} 140 141func NewProjectsService(s *Service) *ProjectsService { 142 rs := &ProjectsService{s: s} 143 rs.Attestors = NewProjectsAttestorsService(s) 144 rs.Policy = NewProjectsPolicyService(s) 145 return rs 146} 147 148type ProjectsService struct { 149 s *Service 150 151 Attestors *ProjectsAttestorsService 152 153 Policy *ProjectsPolicyService 154} 155 156func NewProjectsAttestorsService(s *Service) *ProjectsAttestorsService { 157 rs := &ProjectsAttestorsService{s: s} 158 return rs 159} 160 161type ProjectsAttestorsService struct { 162 s *Service 163} 164 165func NewProjectsPolicyService(s *Service) *ProjectsPolicyService { 166 rs := &ProjectsPolicyService{s: s} 167 return rs 168} 169 170type ProjectsPolicyService struct { 171 s *Service 172} 173 174func NewSystempolicyService(s *Service) *SystempolicyService { 175 rs := &SystempolicyService{s: s} 176 return rs 177} 178 179type SystempolicyService struct { 180 s *Service 181} 182 183// AdmissionRule: An admission rule specifies either that all container 184// images used in a pod creation request must be attested to by one or 185// more attestors, that all pod creations will be allowed, or that all 186// pod creations will be denied. Images matching an admission allowlist 187// pattern are exempted from admission rules and will never block a pod 188// creation. 189type AdmissionRule struct { 190 // EnforcementMode: Required. The action when a pod creation is denied 191 // by the admission rule. 192 // 193 // Possible values: 194 // "ENFORCEMENT_MODE_UNSPECIFIED" - Do not use. 195 // "ENFORCED_BLOCK_AND_AUDIT_LOG" - Enforce the admission rule by 196 // blocking the pod creation. 197 // "DRYRUN_AUDIT_LOG_ONLY" - Dryrun mode: Audit logging only. This 198 // will allow the pod creation as if the admission request had specified 199 // break-glass. 200 EnforcementMode string `json:"enforcementMode,omitempty"` 201 202 // EvaluationMode: Required. How this admission rule will be evaluated. 203 // 204 // Possible values: 205 // "EVALUATION_MODE_UNSPECIFIED" - Do not use. 206 // "ALWAYS_ALLOW" - This rule allows all all pod creations. 207 // "REQUIRE_ATTESTATION" - This rule allows a pod creation if all the 208 // attestors listed in 'require_attestations_by' have valid attestations 209 // for all of the images in the pod spec. 210 // "ALWAYS_DENY" - This rule denies all pod creations. 211 EvaluationMode string `json:"evaluationMode,omitempty"` 212 213 // RequireAttestationsBy: Optional. The resource names of the attestors 214 // that must attest to a container image, in the format 215 // `projects/*/attestors/*`. Each attestor must exist before a policy 216 // can reference it. To add an attestor to a policy the principal 217 // issuing the policy change request must be able to read the attestor 218 // resource. Note: this field must be non-empty when the evaluation_mode 219 // field specifies REQUIRE_ATTESTATION, otherwise it must be empty. 220 RequireAttestationsBy []string `json:"requireAttestationsBy,omitempty"` 221 222 // ForceSendFields is a list of field names (e.g. "EnforcementMode") to 223 // unconditionally include in API requests. By default, fields with 224 // empty or default values are omitted from API requests. However, any 225 // non-pointer, non-interface field appearing in ForceSendFields will be 226 // sent to the server regardless of whether the field is empty or not. 227 // This may be used to include empty fields in Patch requests. 228 ForceSendFields []string `json:"-"` 229 230 // NullFields is a list of field names (e.g. "EnforcementMode") to 231 // include in API requests with the JSON null value. By default, fields 232 // with empty values are omitted from API requests. However, any field 233 // with an empty value appearing in NullFields will be sent to the 234 // server as null. It is an error if a field in this list has a 235 // non-empty value. This may be used to include null fields in Patch 236 // requests. 237 NullFields []string `json:"-"` 238} 239 240func (s *AdmissionRule) MarshalJSON() ([]byte, error) { 241 type NoMethod AdmissionRule 242 raw := NoMethod(*s) 243 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 244} 245 246// AdmissionWhitelistPattern: An admission allowlist pattern exempts 247// images from checks by admission rules. 248type AdmissionWhitelistPattern struct { 249 // NamePattern: An image name pattern to allowlist, in the form 250 // `registry/path/to/image`. This supports a trailing `*` wildcard, but 251 // this is allowed only in text after the `registry/` part. This also 252 // supports a trailing `**` wildcard which matches subdirectories of a 253 // given entry. 254 NamePattern string `json:"namePattern,omitempty"` 255 256 // ForceSendFields is a list of field names (e.g. "NamePattern") to 257 // unconditionally include in API requests. By default, fields with 258 // empty or default values are omitted from API requests. However, any 259 // non-pointer, non-interface field appearing in ForceSendFields will be 260 // sent to the server regardless of whether the field is empty or not. 261 // This may be used to include empty fields in Patch requests. 262 ForceSendFields []string `json:"-"` 263 264 // NullFields is a list of field names (e.g. "NamePattern") to include 265 // in API requests with the JSON null value. By default, fields with 266 // empty values are omitted from API requests. However, any field with 267 // an empty value appearing in NullFields will be sent to the server as 268 // null. It is an error if a field in this list has a non-empty value. 269 // This may be used to include null fields in Patch requests. 270 NullFields []string `json:"-"` 271} 272 273func (s *AdmissionWhitelistPattern) MarshalJSON() ([]byte, error) { 274 type NoMethod AdmissionWhitelistPattern 275 raw := NoMethod(*s) 276 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 277} 278 279// AttestationOccurrence: Occurrence that represents a single 280// "attestation". The authenticity of an attestation can be verified 281// using the attached signature. If the verifier trusts the public key 282// of the signer, then verifying the signature is sufficient to 283// establish trust. In this circumstance, the authority to which this 284// attestation is attached is primarily useful for lookup (how to find 285// this attestation if you already know the authority and artifact to be 286// verified) and intent (for which authority this attestation was 287// intended to sign. 288type AttestationOccurrence struct { 289 // Jwts: One or more JWTs encoding a self-contained attestation. Each 290 // JWT encodes the payload that it verifies within the JWT itself. 291 // Verifier implementation SHOULD ignore the `serialized_payload` field 292 // when verifying these JWTs. If only JWTs are present on this 293 // AttestationOccurrence, then the `serialized_payload` SHOULD be left 294 // empty. Each JWT SHOULD encode a claim specific to the `resource_uri` 295 // of this Occurrence, but this is not validated by Grafeas metadata API 296 // implementations. The JWT itself is opaque to Grafeas. 297 Jwts []*Jwt `json:"jwts,omitempty"` 298 299 // SerializedPayload: Required. The serialized payload that is verified 300 // by one or more `signatures`. 301 SerializedPayload string `json:"serializedPayload,omitempty"` 302 303 // Signatures: One or more signatures over `serialized_payload`. 304 // Verifier implementations should consider this attestation message 305 // verified if at least one `signature` verifies `serialized_payload`. 306 // See `Signature` in common.proto for more details on signature 307 // structure and verification. 308 Signatures []*Signature `json:"signatures,omitempty"` 309 310 // ForceSendFields is a list of field names (e.g. "Jwts") to 311 // unconditionally include in API requests. By default, fields with 312 // empty or default values are omitted from API requests. However, any 313 // non-pointer, non-interface field appearing in ForceSendFields will be 314 // sent to the server regardless of whether the field is empty or not. 315 // This may be used to include empty fields in Patch requests. 316 ForceSendFields []string `json:"-"` 317 318 // NullFields is a list of field names (e.g. "Jwts") to include in API 319 // requests with the JSON null value. By default, fields with empty 320 // values are omitted from API requests. However, any field with an 321 // empty value appearing in NullFields will be sent to the server as 322 // null. It is an error if a field in this list has a non-empty value. 323 // This may be used to include null fields in Patch requests. 324 NullFields []string `json:"-"` 325} 326 327func (s *AttestationOccurrence) MarshalJSON() ([]byte, error) { 328 type NoMethod AttestationOccurrence 329 raw := NoMethod(*s) 330 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 331} 332 333// Attestor: An attestor that attests to container image artifacts. An 334// existing attestor cannot be modified except where indicated. 335type Attestor struct { 336 // Description: Optional. A descriptive comment. This field may be 337 // updated. The field may be displayed in chooser dialogs. 338 Description string `json:"description,omitempty"` 339 340 // Name: Required. The resource name, in the format: 341 // `projects/*/attestors/*`. This field may not be updated. 342 Name string `json:"name,omitempty"` 343 344 // UpdateTime: Output only. Time when the attestor was last updated. 345 UpdateTime string `json:"updateTime,omitempty"` 346 347 // UserOwnedGrafeasNote: This specifies how an attestation will be read, 348 // and how it will be used during policy enforcement. 349 UserOwnedGrafeasNote *UserOwnedGrafeasNote `json:"userOwnedGrafeasNote,omitempty"` 350 351 // ServerResponse contains the HTTP response code and headers from the 352 // server. 353 googleapi.ServerResponse `json:"-"` 354 355 // ForceSendFields is a list of field names (e.g. "Description") to 356 // unconditionally include in API requests. By default, fields with 357 // empty or default values are omitted from API requests. However, any 358 // non-pointer, non-interface field appearing in ForceSendFields will be 359 // sent to the server regardless of whether the field is empty or not. 360 // This may be used to include empty fields in Patch requests. 361 ForceSendFields []string `json:"-"` 362 363 // NullFields is a list of field names (e.g. "Description") to include 364 // in API requests with the JSON null value. By default, fields with 365 // empty values are omitted from API requests. However, any field with 366 // an empty value appearing in NullFields will be sent to the server as 367 // null. It is an error if a field in this list has a non-empty value. 368 // This may be used to include null fields in Patch requests. 369 NullFields []string `json:"-"` 370} 371 372func (s *Attestor) MarshalJSON() ([]byte, error) { 373 type NoMethod Attestor 374 raw := NoMethod(*s) 375 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 376} 377 378// AttestorPublicKey: An attestor public key that will be used to verify 379// attestations signed by this attestor. 380type AttestorPublicKey struct { 381 // AsciiArmoredPgpPublicKey: ASCII-armored representation of a PGP 382 // public key, as the entire output by the command `gpg --export --armor 383 // foo@example.com` (either LF or CRLF line endings). When using this 384 // field, `id` should be left blank. The BinAuthz API handlers will 385 // calculate the ID and fill it in automatically. BinAuthz computes this 386 // ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case 387 // hex. If `id` is provided by the caller, it will be overwritten by the 388 // API-calculated ID. 389 AsciiArmoredPgpPublicKey string `json:"asciiArmoredPgpPublicKey,omitempty"` 390 391 // Comment: Optional. A descriptive comment. This field may be updated. 392 Comment string `json:"comment,omitempty"` 393 394 // Id: The ID of this public key. Signatures verified by BinAuthz must 395 // include the ID of the public key that can be used to verify them, and 396 // that ID must match the contents of this field exactly. Additional 397 // restrictions on this field can be imposed based on which public key 398 // type is encapsulated. See the documentation on `public_key` cases 399 // below for details. 400 Id string `json:"id,omitempty"` 401 402 // PkixPublicKey: A raw PKIX SubjectPublicKeyInfo format public key. 403 // NOTE: `id` may be explicitly provided by the caller when using this 404 // type of public key, but it MUST be a valid RFC3986 URI. If `id` is 405 // left blank, a default one will be computed based on the digest of the 406 // DER encoding of the public key. 407 PkixPublicKey *PkixPublicKey `json:"pkixPublicKey,omitempty"` 408 409 // ForceSendFields is a list of field names (e.g. 410 // "AsciiArmoredPgpPublicKey") to unconditionally include in API 411 // requests. By default, fields with empty or default values are omitted 412 // from API requests. However, any non-pointer, non-interface field 413 // appearing in ForceSendFields will be sent to the server regardless of 414 // whether the field is empty or not. This may be used to include empty 415 // fields in Patch requests. 416 ForceSendFields []string `json:"-"` 417 418 // NullFields is a list of field names (e.g. "AsciiArmoredPgpPublicKey") 419 // to include in API requests with the JSON null value. By default, 420 // fields with empty values are omitted from API requests. However, any 421 // field with an empty value appearing in NullFields will be sent to the 422 // server as null. It is an error if a field in this list has a 423 // non-empty value. This may be used to include null fields in Patch 424 // requests. 425 NullFields []string `json:"-"` 426} 427 428func (s *AttestorPublicKey) MarshalJSON() ([]byte, error) { 429 type NoMethod AttestorPublicKey 430 raw := NoMethod(*s) 431 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 432} 433 434// Binding: Associates `members` with a `role`. 435type Binding struct { 436 // Condition: The condition that is associated with this binding. If the 437 // condition evaluates to `true`, then this binding applies to the 438 // current request. If the condition evaluates to `false`, then this 439 // binding does not apply to the current request. However, a different 440 // role binding might grant the same role to one or more of the members 441 // in this binding. To learn which resources support conditions in their 442 // IAM policies, see the IAM documentation 443 // (https://cloud.google.com/iam/help/conditions/resource-policies). 444 Condition *Expr `json:"condition,omitempty"` 445 446 // Members: Specifies the identities requesting access for a Cloud 447 // Platform resource. `members` can have the following values: * 448 // `allUsers`: A special identifier that represents anyone who is on the 449 // internet; with or without a Google account. * 450 // `allAuthenticatedUsers`: A special identifier that represents anyone 451 // who is authenticated with a Google account or a service account. * 452 // `user:{emailid}`: An email address that represents a specific Google 453 // account. For example, `alice@example.com` . * 454 // `serviceAccount:{emailid}`: An email address that represents a 455 // service account. For example, 456 // `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An 457 // email address that represents a Google group. For example, 458 // `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An 459 // email address (plus unique identifier) representing a user that has 460 // been recently deleted. For example, 461 // `alice@example.com?uid=123456789012345678901`. If the user is 462 // recovered, this value reverts to `user:{emailid}` and the recovered 463 // user retains the role in the binding. * 464 // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address 465 // (plus unique identifier) representing a service account that has been 466 // recently deleted. For example, 467 // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. 468 // If the service account is undeleted, this value reverts to 469 // `serviceAccount:{emailid}` and the undeleted service account retains 470 // the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: 471 // An email address (plus unique identifier) representing a Google group 472 // that has been recently deleted. For example, 473 // `admins@example.com?uid=123456789012345678901`. If the group is 474 // recovered, this value reverts to `group:{emailid}` and the recovered 475 // group retains the role in the binding. * `domain:{domain}`: The G 476 // Suite domain (primary) that represents all the users of that domain. 477 // For example, `google.com` or `example.com`. 478 Members []string `json:"members,omitempty"` 479 480 // Role: Role that is assigned to `members`. For example, 481 // `roles/viewer`, `roles/editor`, or `roles/owner`. 482 Role string `json:"role,omitempty"` 483 484 // ForceSendFields is a list of field names (e.g. "Condition") to 485 // unconditionally include in API requests. By default, fields with 486 // empty or default values are omitted from API requests. However, any 487 // non-pointer, non-interface field appearing in ForceSendFields will be 488 // sent to the server regardless of whether the field is empty or not. 489 // This may be used to include empty fields in Patch requests. 490 ForceSendFields []string `json:"-"` 491 492 // NullFields is a list of field names (e.g. "Condition") to include in 493 // API requests with the JSON null value. By default, fields with empty 494 // values are omitted from API requests. However, any field with an 495 // empty value appearing in NullFields will be sent to the server as 496 // null. It is an error if a field in this list has a non-empty value. 497 // This may be used to include null fields in Patch requests. 498 NullFields []string `json:"-"` 499} 500 501func (s *Binding) MarshalJSON() ([]byte, error) { 502 type NoMethod Binding 503 raw := NoMethod(*s) 504 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 505} 506 507// Empty: A generic empty message that you can re-use to avoid defining 508// duplicated empty messages in your APIs. A typical example is to use 509// it as the request or the response type of an API method. For 510// instance: service Foo { rpc Bar(google.protobuf.Empty) returns 511// (google.protobuf.Empty); } The JSON representation for `Empty` is 512// empty JSON object `{}`. 513type Empty struct { 514 // ServerResponse contains the HTTP response code and headers from the 515 // server. 516 googleapi.ServerResponse `json:"-"` 517} 518 519// Expr: Represents a textual expression in the Common Expression 520// Language (CEL) syntax. CEL is a C-like expression language. The 521// syntax and semantics of CEL are documented at 522// https://github.com/google/cel-spec. Example (Comparison): title: 523// "Summary size limit" description: "Determines if a summary is less 524// than 100 chars" expression: "document.summary.size() < 100" Example 525// (Equality): title: "Requestor is owner" description: "Determines if 526// requestor is the document owner" expression: "document.owner == 527// request.auth.claims.email" Example (Logic): title: "Public documents" 528// description: "Determine whether the document should be publicly 529// visible" expression: "document.type != 'private' && document.type != 530// 'internal'" Example (Data Manipulation): title: "Notification string" 531// description: "Create a notification string with a timestamp." 532// expression: "'New message received at ' + 533// string(document.create_time)" The exact variables and functions that 534// may be referenced within an expression are determined by the service 535// that evaluates it. See the service documentation for additional 536// information. 537type Expr struct { 538 // Description: Optional. Description of the expression. This is a 539 // longer text which describes the expression, e.g. when hovered over it 540 // in a UI. 541 Description string `json:"description,omitempty"` 542 543 // Expression: Textual representation of an expression in Common 544 // Expression Language syntax. 545 Expression string `json:"expression,omitempty"` 546 547 // Location: Optional. String indicating the location of the expression 548 // for error reporting, e.g. a file name and a position in the file. 549 Location string `json:"location,omitempty"` 550 551 // Title: Optional. Title for the expression, i.e. a short string 552 // describing its purpose. This can be used e.g. in UIs which allow to 553 // enter the expression. 554 Title string `json:"title,omitempty"` 555 556 // ForceSendFields is a list of field names (e.g. "Description") to 557 // unconditionally include in API requests. By default, fields with 558 // empty or default values are omitted from API requests. However, any 559 // non-pointer, non-interface field appearing in ForceSendFields will be 560 // sent to the server regardless of whether the field is empty or not. 561 // This may be used to include empty fields in Patch requests. 562 ForceSendFields []string `json:"-"` 563 564 // NullFields is a list of field names (e.g. "Description") to include 565 // in API requests with the JSON null value. By default, fields with 566 // empty values are omitted from API requests. However, any field with 567 // an empty value appearing in NullFields will be sent to the server as 568 // null. It is an error if a field in this list has a non-empty value. 569 // This may be used to include null fields in Patch requests. 570 NullFields []string `json:"-"` 571} 572 573func (s *Expr) MarshalJSON() ([]byte, error) { 574 type NoMethod Expr 575 raw := NoMethod(*s) 576 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 577} 578 579// IamPolicy: An Identity and Access Management (IAM) policy, which 580// specifies access controls for Google Cloud resources. A `Policy` is a 581// collection of `bindings`. A `binding` binds one or more `members` to 582// a single `role`. Members can be user accounts, service accounts, 583// Google groups, and domains (such as G Suite). A `role` is a named 584// list of permissions; each `role` can be an IAM predefined role or a 585// user-created custom role. For some types of Google Cloud resources, a 586// `binding` can also specify a `condition`, which is a logical 587// expression that allows access to a resource only if the expression 588// evaluates to `true`. A condition can add constraints based on 589// attributes of the request, the resource, or both. To learn which 590// resources support conditions in their IAM policies, see the IAM 591// documentation 592// (https://cloud.google.com/iam/help/conditions/resource-policies). 593// **JSON example:** { "bindings": [ { "role": 594// "roles/resourcemanager.organizationAdmin", "members": [ 595// "user:mike@example.com", "group:admins@example.com", 596// "domain:google.com", 597// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { 598// "role": "roles/resourcemanager.organizationViewer", "members": [ 599// "user:eve@example.com" ], "condition": { "title": "expirable access", 600// "description": "Does not grant access after Sep 2020", "expression": 601// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], 602// "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - 603// members: - user:mike@example.com - group:admins@example.com - 604// domain:google.com - 605// serviceAccount:my-project-id@appspot.gserviceaccount.com role: 606// roles/resourcemanager.organizationAdmin - members: - 607// user:eve@example.com role: roles/resourcemanager.organizationViewer 608// condition: title: expirable access description: Does not grant access 609// after Sep 2020 expression: request.time < 610// timestamp('2020-10-01T00:00:00.000Z') - etag: BwWWja0YfJA= - version: 611// 3 For a description of IAM and its features, see the IAM 612// documentation (https://cloud.google.com/iam/docs/). 613type IamPolicy struct { 614 // Bindings: Associates a list of `members` to a `role`. Optionally, may 615 // specify a `condition` that determines how and when the `bindings` are 616 // applied. Each of the `bindings` must contain at least one member. 617 Bindings []*Binding `json:"bindings,omitempty"` 618 619 // Etag: `etag` is used for optimistic concurrency control as a way to 620 // help prevent simultaneous updates of a policy from overwriting each 621 // other. It is strongly suggested that systems make use of the `etag` 622 // in the read-modify-write cycle to perform policy updates in order to 623 // avoid race conditions: An `etag` is returned in the response to 624 // `getIamPolicy`, and systems are expected to put that etag in the 625 // request to `setIamPolicy` to ensure that their change will be applied 626 // to the same version of the policy. **Important:** If you use IAM 627 // Conditions, you must include the `etag` field whenever you call 628 // `setIamPolicy`. If you omit this field, then IAM allows you to 629 // overwrite a version `3` policy with a version `1` policy, and all of 630 // the conditions in the version `3` policy are lost. 631 Etag string `json:"etag,omitempty"` 632 633 // Version: Specifies the format of the policy. Valid values are `0`, 634 // `1`, and `3`. Requests that specify an invalid value are rejected. 635 // Any operation that affects conditional role bindings must specify 636 // version `3`. This requirement applies to the following operations: * 637 // Getting a policy that includes a conditional role binding * Adding a 638 // conditional role binding to a policy * Changing a conditional role 639 // binding in a policy * Removing any role binding, with or without a 640 // condition, from a policy that includes conditions **Important:** If 641 // you use IAM Conditions, you must include the `etag` field whenever 642 // you call `setIamPolicy`. If you omit this field, then IAM allows you 643 // to overwrite a version `3` policy with a version `1` policy, and all 644 // of the conditions in the version `3` policy are lost. If a policy 645 // does not include any conditions, operations on that policy may 646 // specify any valid version or leave the field unset. To learn which 647 // resources support conditions in their IAM policies, see the IAM 648 // documentation 649 // (https://cloud.google.com/iam/help/conditions/resource-policies). 650 Version int64 `json:"version,omitempty"` 651 652 // ServerResponse contains the HTTP response code and headers from the 653 // server. 654 googleapi.ServerResponse `json:"-"` 655 656 // ForceSendFields is a list of field names (e.g. "Bindings") to 657 // unconditionally include in API requests. By default, fields with 658 // empty or default values are omitted from API requests. However, any 659 // non-pointer, non-interface field appearing in ForceSendFields will be 660 // sent to the server regardless of whether the field is empty or not. 661 // This may be used to include empty fields in Patch requests. 662 ForceSendFields []string `json:"-"` 663 664 // NullFields is a list of field names (e.g. "Bindings") to include in 665 // API requests with the JSON null value. By default, fields with empty 666 // values are omitted from API requests. However, any field with an 667 // empty value appearing in NullFields will be sent to the server as 668 // null. It is an error if a field in this list has a non-empty value. 669 // This may be used to include null fields in Patch requests. 670 NullFields []string `json:"-"` 671} 672 673func (s *IamPolicy) MarshalJSON() ([]byte, error) { 674 type NoMethod IamPolicy 675 raw := NoMethod(*s) 676 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 677} 678 679type Jwt struct { 680 // CompactJwt: The compact encoding of a JWS, which is always three 681 // base64 encoded strings joined by periods. For details, see: 682 // https://tools.ietf.org/html/rfc7515.html#section-3.1 683 CompactJwt string `json:"compactJwt,omitempty"` 684 685 // ForceSendFields is a list of field names (e.g. "CompactJwt") to 686 // unconditionally include in API requests. By default, fields with 687 // empty or default values are omitted from API requests. However, any 688 // non-pointer, non-interface field appearing in ForceSendFields will be 689 // sent to the server regardless of whether the field is empty or not. 690 // This may be used to include empty fields in Patch requests. 691 ForceSendFields []string `json:"-"` 692 693 // NullFields is a list of field names (e.g. "CompactJwt") to include in 694 // API requests with the JSON null value. By default, fields with empty 695 // values are omitted from API requests. However, any field with an 696 // empty value appearing in NullFields will be sent to the server as 697 // null. It is an error if a field in this list has a non-empty value. 698 // This may be used to include null fields in Patch requests. 699 NullFields []string `json:"-"` 700} 701 702func (s *Jwt) MarshalJSON() ([]byte, error) { 703 type NoMethod Jwt 704 raw := NoMethod(*s) 705 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 706} 707 708// ListAttestorsResponse: Response message for 709// BinauthzManagementService.ListAttestors. 710type ListAttestorsResponse struct { 711 // Attestors: The list of attestors. 712 Attestors []*Attestor `json:"attestors,omitempty"` 713 714 // NextPageToken: A token to retrieve the next page of results. Pass 715 // this value in the ListAttestorsRequest.page_token field in the 716 // subsequent call to the `ListAttestors` method to retrieve the next 717 // page of results. 718 NextPageToken string `json:"nextPageToken,omitempty"` 719 720 // ServerResponse contains the HTTP response code and headers from the 721 // server. 722 googleapi.ServerResponse `json:"-"` 723 724 // ForceSendFields is a list of field names (e.g. "Attestors") to 725 // unconditionally include in API requests. By default, fields with 726 // empty or default values are omitted from API requests. However, any 727 // non-pointer, non-interface field appearing in ForceSendFields will be 728 // sent to the server regardless of whether the field is empty or not. 729 // This may be used to include empty fields in Patch requests. 730 ForceSendFields []string `json:"-"` 731 732 // NullFields is a list of field names (e.g. "Attestors") to include in 733 // API requests with the JSON null value. By default, fields with empty 734 // values are omitted from API requests. However, any field with an 735 // empty value appearing in NullFields will be sent to the server as 736 // null. It is an error if a field in this list has a non-empty value. 737 // This may be used to include null fields in Patch requests. 738 NullFields []string `json:"-"` 739} 740 741func (s *ListAttestorsResponse) MarshalJSON() ([]byte, error) { 742 type NoMethod ListAttestorsResponse 743 raw := NoMethod(*s) 744 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 745} 746 747// PkixPublicKey: A public key in the PkixPublicKey format (see 748// https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). 749// Public keys of this type are typically textually encoded using the 750// PEM format. 751type PkixPublicKey struct { 752 // PublicKeyPem: A PEM-encoded public key, as described in 753 // https://tools.ietf.org/html/rfc7468#section-13 754 PublicKeyPem string `json:"publicKeyPem,omitempty"` 755 756 // SignatureAlgorithm: The signature algorithm used to verify a message 757 // against a signature using this key. These signature algorithm must 758 // match the structure and any object identifiers encoded in 759 // `public_key_pem` (i.e. this algorithm must match that of the public 760 // key). 761 // 762 // Possible values: 763 // "SIGNATURE_ALGORITHM_UNSPECIFIED" - Not specified. 764 // "RSA_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 765 // digest. 766 // "RSA_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 767 // digest. 768 // "RSA_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 769 // digest. 770 // "RSA_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 771 // digest. 772 // "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit 773 // key and a SHA256 digest. 774 // "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit 775 // key and a SHA256 digest. 776 // "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit 777 // key and a SHA256 digest. 778 // "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit 779 // key and a SHA512 digest. 780 // "ECDSA_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 781 // digest. 782 // "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 783 // digest. 784 // "ECDSA_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 785 // digest. 786 // "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 787 // digest. 788 // "ECDSA_P521_SHA512" - ECDSA on the NIST P-521 curve with a SHA512 789 // digest. 790 // "EC_SIGN_P521_SHA512" - ECDSA on the NIST P-521 curve with a SHA512 791 // digest. 792 SignatureAlgorithm string `json:"signatureAlgorithm,omitempty"` 793 794 // ForceSendFields is a list of field names (e.g. "PublicKeyPem") to 795 // unconditionally include in API requests. By default, fields with 796 // empty or default values are omitted from API requests. However, any 797 // non-pointer, non-interface field appearing in ForceSendFields will be 798 // sent to the server regardless of whether the field is empty or not. 799 // This may be used to include empty fields in Patch requests. 800 ForceSendFields []string `json:"-"` 801 802 // NullFields is a list of field names (e.g. "PublicKeyPem") to include 803 // in API requests with the JSON null value. By default, fields with 804 // empty values are omitted from API requests. However, any field with 805 // an empty value appearing in NullFields will be sent to the server as 806 // null. It is an error if a field in this list has a non-empty value. 807 // This may be used to include null fields in Patch requests. 808 NullFields []string `json:"-"` 809} 810 811func (s *PkixPublicKey) MarshalJSON() ([]byte, error) { 812 type NoMethod PkixPublicKey 813 raw := NoMethod(*s) 814 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 815} 816 817// Policy: A policy for container image binary authorization. 818type Policy struct { 819 // AdmissionWhitelistPatterns: Optional. Admission policy allowlisting. 820 // A matching admission request will always be permitted. This feature 821 // is typically used to exclude Google or third-party infrastructure 822 // images from Binary Authorization policies. 823 AdmissionWhitelistPatterns []*AdmissionWhitelistPattern `json:"admissionWhitelistPatterns,omitempty"` 824 825 // ClusterAdmissionRules: Optional. Per-cluster admission rules. Cluster 826 // spec format: `location.clusterId`. There can be at most one admission 827 // rule per cluster spec. A `location` is either a compute zone (e.g. 828 // us-central1-a) or a region (e.g. us-central1). For `clusterId` syntax 829 // restrictions see 830 // https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters. 831 ClusterAdmissionRules map[string]AdmissionRule `json:"clusterAdmissionRules,omitempty"` 832 833 // DefaultAdmissionRule: Required. Default admission rule for a cluster 834 // without a per-cluster, per- kubernetes-service-account, or 835 // per-istio-service-identity admission rule. 836 DefaultAdmissionRule *AdmissionRule `json:"defaultAdmissionRule,omitempty"` 837 838 // Description: Optional. A descriptive comment. 839 Description string `json:"description,omitempty"` 840 841 // GlobalPolicyEvaluationMode: Optional. Controls the evaluation of a 842 // Google-maintained global admission policy for common system-level 843 // images. Images not covered by the global policy will be subject to 844 // the project admission policy. This setting has no effect when 845 // specified inside a global admission policy. 846 // 847 // Possible values: 848 // "GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED" - Not specified: 849 // DISABLE is assumed. 850 // "ENABLE" - Enables system policy evaluation. 851 // "DISABLE" - Disables system policy evaluation. 852 GlobalPolicyEvaluationMode string `json:"globalPolicyEvaluationMode,omitempty"` 853 854 // IstioServiceIdentityAdmissionRules: Optional. 855 // Per-istio-service-identity admission rules. Istio service identity 856 // spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. 857 // spiffe://example.com/ns/test-ns/sa/default 858 IstioServiceIdentityAdmissionRules map[string]AdmissionRule `json:"istioServiceIdentityAdmissionRules,omitempty"` 859 860 // KubernetesNamespaceAdmissionRules: Optional. Per-kubernetes-namespace 861 // admission rules. K8s namespace spec format: [a-z.-]+, e.g. 862 // 'some-namespace' 863 KubernetesNamespaceAdmissionRules map[string]AdmissionRule `json:"kubernetesNamespaceAdmissionRules,omitempty"` 864 865 // KubernetesServiceAccountAdmissionRules: Optional. 866 // Per-kubernetes-service-account admission rules. Service account spec 867 // format: `namespace:serviceaccount`. e.g. 'test-ns:default' 868 KubernetesServiceAccountAdmissionRules map[string]AdmissionRule `json:"kubernetesServiceAccountAdmissionRules,omitempty"` 869 870 // Name: Output only. The resource name, in the format 871 // `projects/*/policy`. There is at most one policy per project. 872 Name string `json:"name,omitempty"` 873 874 // UpdateTime: Output only. Time when the policy was last updated. 875 UpdateTime string `json:"updateTime,omitempty"` 876 877 // ServerResponse contains the HTTP response code and headers from the 878 // server. 879 googleapi.ServerResponse `json:"-"` 880 881 // ForceSendFields is a list of field names (e.g. 882 // "AdmissionWhitelistPatterns") to unconditionally include in API 883 // requests. By default, fields with empty or default values are omitted 884 // from API requests. However, any non-pointer, non-interface field 885 // appearing in ForceSendFields will be sent to the server regardless of 886 // whether the field is empty or not. This may be used to include empty 887 // fields in Patch requests. 888 ForceSendFields []string `json:"-"` 889 890 // NullFields is a list of field names (e.g. 891 // "AdmissionWhitelistPatterns") to include in API requests with the 892 // JSON null value. By default, fields with empty values are omitted 893 // from API requests. However, any field with an empty value appearing 894 // in NullFields will be sent to the server as null. It is an error if a 895 // field in this list has a non-empty value. This may be used to include 896 // null fields in Patch requests. 897 NullFields []string `json:"-"` 898} 899 900func (s *Policy) MarshalJSON() ([]byte, error) { 901 type NoMethod Policy 902 raw := NoMethod(*s) 903 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 904} 905 906// SetIamPolicyRequest: Request message for `SetIamPolicy` method. 907type SetIamPolicyRequest struct { 908 // Policy: REQUIRED: The complete policy to be applied to the 909 // `resource`. The size of the policy is limited to a few 10s of KB. An 910 // empty policy is a valid policy but certain Cloud Platform services 911 // (such as Projects) might reject them. 912 Policy *IamPolicy `json:"policy,omitempty"` 913 914 // ForceSendFields is a list of field names (e.g. "Policy") to 915 // unconditionally include in API requests. By default, fields with 916 // empty or default values are omitted from API requests. However, any 917 // non-pointer, non-interface field appearing in ForceSendFields will be 918 // sent to the server regardless of whether the field is empty or not. 919 // This may be used to include empty fields in Patch requests. 920 ForceSendFields []string `json:"-"` 921 922 // NullFields is a list of field names (e.g. "Policy") to include in API 923 // requests with the JSON null value. By default, fields with empty 924 // values are omitted from API requests. However, any field with an 925 // empty value appearing in NullFields will be sent to the server as 926 // null. It is an error if a field in this list has a non-empty value. 927 // This may be used to include null fields in Patch requests. 928 NullFields []string `json:"-"` 929} 930 931func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error) { 932 type NoMethod SetIamPolicyRequest 933 raw := NoMethod(*s) 934 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 935} 936 937// Signature: Verifiers (e.g. Kritis implementations) MUST verify 938// signatures with respect to the trust anchors defined in policy (e.g. 939// a Kritis policy). Typically this means that the verifier has been 940// configured with a map from `public_key_id` to public key material 941// (and any required parameters, e.g. signing algorithm). In particular, 942// verification implementations MUST NOT treat the signature 943// `public_key_id` as anything more than a key lookup hint. The 944// `public_key_id` DOES NOT validate or authenticate a public key; it 945// only provides a mechanism for quickly selecting a public key ALREADY 946// CONFIGURED on the verifier through a trusted channel. Verification 947// implementations MUST reject signatures in any of the following 948// circumstances: * The `public_key_id` is not recognized by the 949// verifier. * The public key that `public_key_id` refers to does not 950// verify the signature with respect to the payload. The `signature` 951// contents SHOULD NOT be "attached" (where the payload is included with 952// the serialized `signature` bytes). Verifiers MUST ignore any 953// "attached" payload and only verify signatures with respect to 954// explicitly provided payload (e.g. a `payload` field on the proto 955// message that holds this Signature, or the canonical serialization of 956// the proto message that holds this signature). 957type Signature struct { 958 // PublicKeyId: The identifier for the public key that verifies this 959 // signature. * The `public_key_id` is required. * The `public_key_id` 960 // SHOULD be an RFC3986 conformant URI. * When possible, the 961 // `public_key_id` SHOULD be an immutable reference, such as a 962 // cryptographic digest. Examples of valid `public_key_id`s: OpenPGP V4 963 // public key fingerprint: * 964 // "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See 965 // https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for 966 // more details on this scheme. RFC6920 digest-named 967 // SubjectPublicKeyInfo (digest of the DER serialization): * 968 // "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * 969 // "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95 970 // a1271589a5" 971 PublicKeyId string `json:"publicKeyId,omitempty"` 972 973 // Signature: The content of the signature, an opaque bytestring. The 974 // payload that this signature verifies MUST be unambiguously provided 975 // with the Signature during verification. A wrapper message might 976 // provide the payload explicitly. Alternatively, a message might have a 977 // canonical serialization that can always be unambiguously computed to 978 // derive the payload. 979 Signature string `json:"signature,omitempty"` 980 981 // ForceSendFields is a list of field names (e.g. "PublicKeyId") to 982 // unconditionally include in API requests. By default, fields with 983 // empty or default values are omitted from API requests. However, any 984 // non-pointer, non-interface field appearing in ForceSendFields will be 985 // sent to the server regardless of whether the field is empty or not. 986 // This may be used to include empty fields in Patch requests. 987 ForceSendFields []string `json:"-"` 988 989 // NullFields is a list of field names (e.g. "PublicKeyId") to include 990 // in API requests with the JSON null value. By default, fields with 991 // empty values are omitted from API requests. However, any field with 992 // an empty value appearing in NullFields will be sent to the server as 993 // null. It is an error if a field in this list has a non-empty value. 994 // This may be used to include null fields in Patch requests. 995 NullFields []string `json:"-"` 996} 997 998func (s *Signature) MarshalJSON() ([]byte, error) { 999 type NoMethod Signature 1000 raw := NoMethod(*s) 1001 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1002} 1003 1004// TestIamPermissionsRequest: Request message for `TestIamPermissions` 1005// method. 1006type TestIamPermissionsRequest struct { 1007 // Permissions: The set of permissions to check for the `resource`. 1008 // Permissions with wildcards (such as '*' or 'storage.*') are not 1009 // allowed. For more information see IAM Overview 1010 // (https://cloud.google.com/iam/docs/overview#permissions). 1011 Permissions []string `json:"permissions,omitempty"` 1012 1013 // ForceSendFields is a list of field names (e.g. "Permissions") to 1014 // unconditionally include in API requests. By default, fields with 1015 // empty or default values are omitted from API requests. However, any 1016 // non-pointer, non-interface field appearing in ForceSendFields will be 1017 // sent to the server regardless of whether the field is empty or not. 1018 // This may be used to include empty fields in Patch requests. 1019 ForceSendFields []string `json:"-"` 1020 1021 // NullFields is a list of field names (e.g. "Permissions") to include 1022 // in API requests with the JSON null value. By default, fields with 1023 // empty values are omitted from API requests. However, any field with 1024 // an empty value appearing in NullFields will be sent to the server as 1025 // null. It is an error if a field in this list has a non-empty value. 1026 // This may be used to include null fields in Patch requests. 1027 NullFields []string `json:"-"` 1028} 1029 1030func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error) { 1031 type NoMethod TestIamPermissionsRequest 1032 raw := NoMethod(*s) 1033 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1034} 1035 1036// TestIamPermissionsResponse: Response message for `TestIamPermissions` 1037// method. 1038type TestIamPermissionsResponse struct { 1039 // Permissions: A subset of `TestPermissionsRequest.permissions` that 1040 // the caller is allowed. 1041 Permissions []string `json:"permissions,omitempty"` 1042 1043 // ServerResponse contains the HTTP response code and headers from the 1044 // server. 1045 googleapi.ServerResponse `json:"-"` 1046 1047 // ForceSendFields is a list of field names (e.g. "Permissions") to 1048 // unconditionally include in API requests. By default, fields with 1049 // empty or default values are omitted from API requests. However, any 1050 // non-pointer, non-interface field appearing in ForceSendFields will be 1051 // sent to the server regardless of whether the field is empty or not. 1052 // This may be used to include empty fields in Patch requests. 1053 ForceSendFields []string `json:"-"` 1054 1055 // NullFields is a list of field names (e.g. "Permissions") to include 1056 // in API requests with the JSON null value. By default, fields with 1057 // empty values are omitted from API requests. However, any field with 1058 // an empty value appearing in NullFields will be sent to the server as 1059 // null. It is an error if a field in this list has a non-empty value. 1060 // This may be used to include null fields in Patch requests. 1061 NullFields []string `json:"-"` 1062} 1063 1064func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) { 1065 type NoMethod TestIamPermissionsResponse 1066 raw := NoMethod(*s) 1067 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1068} 1069 1070// UserOwnedGrafeasNote: An user owned Grafeas note references a Grafeas 1071// Attestation.Authority Note created by the user. 1072type UserOwnedGrafeasNote struct { 1073 // DelegationServiceAccountEmail: Output only. This field will contain 1074 // the service account email address that this Attestor will use as the 1075 // principal when querying Container Analysis. Attestor administrators 1076 // must grant this service account the IAM role needed to read 1077 // attestations from the note_reference in Container Analysis 1078 // (`containeranalysis.notes.occurrences.viewer`). This email address is 1079 // fixed for the lifetime of the Attestor, but callers should not make 1080 // any other assumptions about the service account email; future 1081 // versions may use an email based on a different naming pattern. 1082 DelegationServiceAccountEmail string `json:"delegationServiceAccountEmail,omitempty"` 1083 1084 // NoteReference: Required. The Grafeas resource name of a 1085 // Attestation.Authority Note, created by the user, in the format: 1086 // `projects/*/notes/*`. This field may not be updated. An attestation 1087 // by this attestor is stored as a Grafeas Attestation.Authority 1088 // Occurrence that names a container image and that links to this Note. 1089 // Grafeas is an external dependency. 1090 NoteReference string `json:"noteReference,omitempty"` 1091 1092 // PublicKeys: Optional. Public keys that verify attestations signed by 1093 // this attestor. This field may be updated. If this field is non-empty, 1094 // one of the specified public keys must verify that an attestation was 1095 // signed by this attestor for the image specified in the admission 1096 // request. If this field is empty, this attestor always returns that no 1097 // valid attestations exist. 1098 PublicKeys []*AttestorPublicKey `json:"publicKeys,omitempty"` 1099 1100 // ForceSendFields is a list of field names (e.g. 1101 // "DelegationServiceAccountEmail") to unconditionally include in API 1102 // requests. By default, fields with empty or default values are omitted 1103 // from API requests. However, any non-pointer, non-interface field 1104 // appearing in ForceSendFields will be sent to the server regardless of 1105 // whether the field is empty or not. This may be used to include empty 1106 // fields in Patch requests. 1107 ForceSendFields []string `json:"-"` 1108 1109 // NullFields is a list of field names (e.g. 1110 // "DelegationServiceAccountEmail") to include in API requests with the 1111 // JSON null value. By default, fields with empty values are omitted 1112 // from API requests. However, any field with an empty value appearing 1113 // in NullFields will be sent to the server as null. It is an error if a 1114 // field in this list has a non-empty value. This may be used to include 1115 // null fields in Patch requests. 1116 NullFields []string `json:"-"` 1117} 1118 1119func (s *UserOwnedGrafeasNote) MarshalJSON() ([]byte, error) { 1120 type NoMethod UserOwnedGrafeasNote 1121 raw := NoMethod(*s) 1122 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1123} 1124 1125// ValidateAttestationOccurrenceRequest: Request message for 1126// ValidationHelperV1.ValidateAttestationOccurrence. 1127type ValidateAttestationOccurrenceRequest struct { 1128 // Attestation: Required. An AttestationOccurrence to be checked that it 1129 // can be verified by the Attestor. It does not have to be an existing 1130 // entity in Container Analysis. It must otherwise be a valid 1131 // AttestationOccurrence. 1132 Attestation *AttestationOccurrence `json:"attestation,omitempty"` 1133 1134 // OccurrenceNote: Required. The resource name of the Note to which the 1135 // containing Occurrence is associated. 1136 OccurrenceNote string `json:"occurrenceNote,omitempty"` 1137 1138 // OccurrenceResourceUri: Required. The URI of the artifact (e.g. 1139 // container image) that is the subject of the containing Occurrence. 1140 OccurrenceResourceUri string `json:"occurrenceResourceUri,omitempty"` 1141 1142 // ForceSendFields is a list of field names (e.g. "Attestation") to 1143 // unconditionally include in API requests. By default, fields with 1144 // empty or default values are omitted from API requests. However, any 1145 // non-pointer, non-interface field appearing in ForceSendFields will be 1146 // sent to the server regardless of whether the field is empty or not. 1147 // This may be used to include empty fields in Patch requests. 1148 ForceSendFields []string `json:"-"` 1149 1150 // NullFields is a list of field names (e.g. "Attestation") to include 1151 // in API requests with the JSON null value. By default, fields with 1152 // empty values are omitted from API requests. However, any field with 1153 // an empty value appearing in NullFields will be sent to the server as 1154 // null. It is an error if a field in this list has a non-empty value. 1155 // This may be used to include null fields in Patch requests. 1156 NullFields []string `json:"-"` 1157} 1158 1159func (s *ValidateAttestationOccurrenceRequest) MarshalJSON() ([]byte, error) { 1160 type NoMethod ValidateAttestationOccurrenceRequest 1161 raw := NoMethod(*s) 1162 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1163} 1164 1165// ValidateAttestationOccurrenceResponse: Response message for 1166// ValidationHelperV1.ValidateAttestationOccurrence. 1167type ValidateAttestationOccurrenceResponse struct { 1168 // DenialReason: The reason for denial if the Attestation couldn't be 1169 // validated. 1170 DenialReason string `json:"denialReason,omitempty"` 1171 1172 // Result: The result of the Attestation validation. 1173 // 1174 // Possible values: 1175 // "RESULT_UNSPECIFIED" - Unspecified. 1176 // "VERIFIED" - The Attestation was able to verified by the Attestor. 1177 // "ATTESTATION_NOT_VERIFIABLE" - The Attestation was not able to 1178 // verified by the Attestor. 1179 Result string `json:"result,omitempty"` 1180 1181 // ServerResponse contains the HTTP response code and headers from the 1182 // server. 1183 googleapi.ServerResponse `json:"-"` 1184 1185 // ForceSendFields is a list of field names (e.g. "DenialReason") to 1186 // unconditionally include in API requests. By default, fields with 1187 // empty or default values are omitted from API requests. However, any 1188 // non-pointer, non-interface field appearing in ForceSendFields will be 1189 // sent to the server regardless of whether the field is empty or not. 1190 // This may be used to include empty fields in Patch requests. 1191 ForceSendFields []string `json:"-"` 1192 1193 // NullFields is a list of field names (e.g. "DenialReason") to include 1194 // in API requests with the JSON null value. By default, fields with 1195 // empty values are omitted from API requests. However, any field with 1196 // an empty value appearing in NullFields will be sent to the server as 1197 // null. It is an error if a field in this list has a non-empty value. 1198 // This may be used to include null fields in Patch requests. 1199 NullFields []string `json:"-"` 1200} 1201 1202func (s *ValidateAttestationOccurrenceResponse) MarshalJSON() ([]byte, error) { 1203 type NoMethod ValidateAttestationOccurrenceResponse 1204 raw := NoMethod(*s) 1205 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1206} 1207 1208// method id "binaryauthorization.projects.getPolicy": 1209 1210type ProjectsGetPolicyCall struct { 1211 s *Service 1212 name string 1213 urlParams_ gensupport.URLParams 1214 ifNoneMatch_ string 1215 ctx_ context.Context 1216 header_ http.Header 1217} 1218 1219// GetPolicy: A policy specifies the attestors that must attest to a 1220// container image, before the project is allowed to deploy that image. 1221// There is at most one policy per project. All image admission requests 1222// are permitted if a project has no policy. Gets the policy for this 1223// project. Returns a default policy if the project does not have one. 1224// 1225// - name: The resource name of the policy to retrieve, in the format 1226// `projects/*/policy`. 1227func (r *ProjectsService) GetPolicy(name string) *ProjectsGetPolicyCall { 1228 c := &ProjectsGetPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1229 c.name = name 1230 return c 1231} 1232 1233// Fields allows partial responses to be retrieved. See 1234// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1235// for more information. 1236func (c *ProjectsGetPolicyCall) Fields(s ...googleapi.Field) *ProjectsGetPolicyCall { 1237 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1238 return c 1239} 1240 1241// IfNoneMatch sets the optional parameter which makes the operation 1242// fail if the object's ETag matches the given value. This is useful for 1243// getting updates only after the object has changed since the last 1244// request. Use googleapi.IsNotModified to check whether the response 1245// error from Do is the result of In-None-Match. 1246func (c *ProjectsGetPolicyCall) IfNoneMatch(entityTag string) *ProjectsGetPolicyCall { 1247 c.ifNoneMatch_ = entityTag 1248 return c 1249} 1250 1251// Context sets the context to be used in this call's Do method. Any 1252// pending HTTP request will be aborted if the provided context is 1253// canceled. 1254func (c *ProjectsGetPolicyCall) Context(ctx context.Context) *ProjectsGetPolicyCall { 1255 c.ctx_ = ctx 1256 return c 1257} 1258 1259// Header returns an http.Header that can be modified by the caller to 1260// add HTTP headers to the request. 1261func (c *ProjectsGetPolicyCall) Header() http.Header { 1262 if c.header_ == nil { 1263 c.header_ = make(http.Header) 1264 } 1265 return c.header_ 1266} 1267 1268func (c *ProjectsGetPolicyCall) doRequest(alt string) (*http.Response, error) { 1269 reqHeaders := make(http.Header) 1270 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 1271 for k, v := range c.header_ { 1272 reqHeaders[k] = v 1273 } 1274 reqHeaders.Set("User-Agent", c.s.userAgent()) 1275 if c.ifNoneMatch_ != "" { 1276 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1277 } 1278 var body io.Reader = nil 1279 c.urlParams_.Set("alt", alt) 1280 c.urlParams_.Set("prettyPrint", "false") 1281 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") 1282 urls += "?" + c.urlParams_.Encode() 1283 req, err := http.NewRequest("GET", urls, body) 1284 if err != nil { 1285 return nil, err 1286 } 1287 req.Header = reqHeaders 1288 googleapi.Expand(req.URL, map[string]string{ 1289 "name": c.name, 1290 }) 1291 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1292} 1293 1294// Do executes the "binaryauthorization.projects.getPolicy" call. 1295// Exactly one of *Policy or error will be non-nil. Any non-2xx status 1296// code is an error. Response headers are in either 1297// *Policy.ServerResponse.Header or (if a response was returned at all) 1298// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 1299// check whether the returned error was because http.StatusNotModified 1300// was returned. 1301func (c *ProjectsGetPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 1302 gensupport.SetOptions(c.urlParams_, opts...) 1303 res, err := c.doRequest("json") 1304 if res != nil && res.StatusCode == http.StatusNotModified { 1305 if res.Body != nil { 1306 res.Body.Close() 1307 } 1308 return nil, &googleapi.Error{ 1309 Code: res.StatusCode, 1310 Header: res.Header, 1311 } 1312 } 1313 if err != nil { 1314 return nil, err 1315 } 1316 defer googleapi.CloseBody(res) 1317 if err := googleapi.CheckResponse(res); err != nil { 1318 return nil, err 1319 } 1320 ret := &Policy{ 1321 ServerResponse: googleapi.ServerResponse{ 1322 Header: res.Header, 1323 HTTPStatusCode: res.StatusCode, 1324 }, 1325 } 1326 target := &ret 1327 if err := gensupport.DecodeResponse(target, res); err != nil { 1328 return nil, err 1329 } 1330 return ret, nil 1331 // { 1332 // "description": "A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image. There is at most one policy per project. All image admission requests are permitted if a project has no policy. Gets the policy for this project. Returns a default policy if the project does not have one.", 1333 // "flatPath": "v1/projects/{projectsId}/policy", 1334 // "httpMethod": "GET", 1335 // "id": "binaryauthorization.projects.getPolicy", 1336 // "parameterOrder": [ 1337 // "name" 1338 // ], 1339 // "parameters": { 1340 // "name": { 1341 // "description": "Required. The resource name of the policy to retrieve, in the format `projects/*/policy`.", 1342 // "location": "path", 1343 // "pattern": "^projects/[^/]+/policy$", 1344 // "required": true, 1345 // "type": "string" 1346 // } 1347 // }, 1348 // "path": "v1/{+name}", 1349 // "response": { 1350 // "$ref": "Policy" 1351 // }, 1352 // "scopes": [ 1353 // "https://www.googleapis.com/auth/cloud-platform" 1354 // ] 1355 // } 1356 1357} 1358 1359// method id "binaryauthorization.projects.updatePolicy": 1360 1361type ProjectsUpdatePolicyCall struct { 1362 s *Service 1363 name string 1364 policy *Policy 1365 urlParams_ gensupport.URLParams 1366 ctx_ context.Context 1367 header_ http.Header 1368} 1369 1370// UpdatePolicy: Creates or updates a project's policy, and returns a 1371// copy of the new policy. A policy is always updated as a whole, to 1372// avoid race conditions with concurrent policy enforcement (or 1373// management!) requests. Returns NOT_FOUND if the project does not 1374// exist, INVALID_ARGUMENT if the request is malformed. 1375// 1376// - name: Output only. The resource name, in the format 1377// `projects/*/policy`. There is at most one policy per project. 1378func (r *ProjectsService) UpdatePolicy(name string, policy *Policy) *ProjectsUpdatePolicyCall { 1379 c := &ProjectsUpdatePolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1380 c.name = name 1381 c.policy = policy 1382 return c 1383} 1384 1385// Fields allows partial responses to be retrieved. See 1386// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1387// for more information. 1388func (c *ProjectsUpdatePolicyCall) Fields(s ...googleapi.Field) *ProjectsUpdatePolicyCall { 1389 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1390 return c 1391} 1392 1393// Context sets the context to be used in this call's Do method. Any 1394// pending HTTP request will be aborted if the provided context is 1395// canceled. 1396func (c *ProjectsUpdatePolicyCall) Context(ctx context.Context) *ProjectsUpdatePolicyCall { 1397 c.ctx_ = ctx 1398 return c 1399} 1400 1401// Header returns an http.Header that can be modified by the caller to 1402// add HTTP headers to the request. 1403func (c *ProjectsUpdatePolicyCall) Header() http.Header { 1404 if c.header_ == nil { 1405 c.header_ = make(http.Header) 1406 } 1407 return c.header_ 1408} 1409 1410func (c *ProjectsUpdatePolicyCall) doRequest(alt string) (*http.Response, error) { 1411 reqHeaders := make(http.Header) 1412 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 1413 for k, v := range c.header_ { 1414 reqHeaders[k] = v 1415 } 1416 reqHeaders.Set("User-Agent", c.s.userAgent()) 1417 var body io.Reader = nil 1418 body, err := googleapi.WithoutDataWrapper.JSONReader(c.policy) 1419 if err != nil { 1420 return nil, err 1421 } 1422 reqHeaders.Set("Content-Type", "application/json") 1423 c.urlParams_.Set("alt", alt) 1424 c.urlParams_.Set("prettyPrint", "false") 1425 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") 1426 urls += "?" + c.urlParams_.Encode() 1427 req, err := http.NewRequest("PUT", urls, body) 1428 if err != nil { 1429 return nil, err 1430 } 1431 req.Header = reqHeaders 1432 googleapi.Expand(req.URL, map[string]string{ 1433 "name": c.name, 1434 }) 1435 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1436} 1437 1438// Do executes the "binaryauthorization.projects.updatePolicy" call. 1439// Exactly one of *Policy or error will be non-nil. Any non-2xx status 1440// code is an error. Response headers are in either 1441// *Policy.ServerResponse.Header or (if a response was returned at all) 1442// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 1443// check whether the returned error was because http.StatusNotModified 1444// was returned. 1445func (c *ProjectsUpdatePolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 1446 gensupport.SetOptions(c.urlParams_, opts...) 1447 res, err := c.doRequest("json") 1448 if res != nil && res.StatusCode == http.StatusNotModified { 1449 if res.Body != nil { 1450 res.Body.Close() 1451 } 1452 return nil, &googleapi.Error{ 1453 Code: res.StatusCode, 1454 Header: res.Header, 1455 } 1456 } 1457 if err != nil { 1458 return nil, err 1459 } 1460 defer googleapi.CloseBody(res) 1461 if err := googleapi.CheckResponse(res); err != nil { 1462 return nil, err 1463 } 1464 ret := &Policy{ 1465 ServerResponse: googleapi.ServerResponse{ 1466 Header: res.Header, 1467 HTTPStatusCode: res.StatusCode, 1468 }, 1469 } 1470 target := &ret 1471 if err := gensupport.DecodeResponse(target, res); err != nil { 1472 return nil, err 1473 } 1474 return ret, nil 1475 // { 1476 // "description": "Creates or updates a project's policy, and returns a copy of the new policy. A policy is always updated as a whole, to avoid race conditions with concurrent policy enforcement (or management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed.", 1477 // "flatPath": "v1/projects/{projectsId}/policy", 1478 // "httpMethod": "PUT", 1479 // "id": "binaryauthorization.projects.updatePolicy", 1480 // "parameterOrder": [ 1481 // "name" 1482 // ], 1483 // "parameters": { 1484 // "name": { 1485 // "description": "Output only. The resource name, in the format `projects/*/policy`. There is at most one policy per project.", 1486 // "location": "path", 1487 // "pattern": "^projects/[^/]+/policy$", 1488 // "required": true, 1489 // "type": "string" 1490 // } 1491 // }, 1492 // "path": "v1/{+name}", 1493 // "request": { 1494 // "$ref": "Policy" 1495 // }, 1496 // "response": { 1497 // "$ref": "Policy" 1498 // }, 1499 // "scopes": [ 1500 // "https://www.googleapis.com/auth/cloud-platform" 1501 // ] 1502 // } 1503 1504} 1505 1506// method id "binaryauthorization.projects.attestors.create": 1507 1508type ProjectsAttestorsCreateCall struct { 1509 s *Service 1510 parent string 1511 attestor *Attestor 1512 urlParams_ gensupport.URLParams 1513 ctx_ context.Context 1514 header_ http.Header 1515} 1516 1517// Create: Creates an attestor, and returns a copy of the new attestor. 1518// Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if 1519// the request is malformed, ALREADY_EXISTS if the attestor already 1520// exists. 1521// 1522// - parent: The parent of this attestor. 1523func (r *ProjectsAttestorsService) Create(parent string, attestor *Attestor) *ProjectsAttestorsCreateCall { 1524 c := &ProjectsAttestorsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1525 c.parent = parent 1526 c.attestor = attestor 1527 return c 1528} 1529 1530// AttestorId sets the optional parameter "attestorId": Required. The 1531// attestors ID. 1532func (c *ProjectsAttestorsCreateCall) AttestorId(attestorId string) *ProjectsAttestorsCreateCall { 1533 c.urlParams_.Set("attestorId", attestorId) 1534 return c 1535} 1536 1537// Fields allows partial responses to be retrieved. See 1538// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1539// for more information. 1540func (c *ProjectsAttestorsCreateCall) Fields(s ...googleapi.Field) *ProjectsAttestorsCreateCall { 1541 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1542 return c 1543} 1544 1545// Context sets the context to be used in this call's Do method. Any 1546// pending HTTP request will be aborted if the provided context is 1547// canceled. 1548func (c *ProjectsAttestorsCreateCall) Context(ctx context.Context) *ProjectsAttestorsCreateCall { 1549 c.ctx_ = ctx 1550 return c 1551} 1552 1553// Header returns an http.Header that can be modified by the caller to 1554// add HTTP headers to the request. 1555func (c *ProjectsAttestorsCreateCall) Header() http.Header { 1556 if c.header_ == nil { 1557 c.header_ = make(http.Header) 1558 } 1559 return c.header_ 1560} 1561 1562func (c *ProjectsAttestorsCreateCall) doRequest(alt string) (*http.Response, error) { 1563 reqHeaders := make(http.Header) 1564 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 1565 for k, v := range c.header_ { 1566 reqHeaders[k] = v 1567 } 1568 reqHeaders.Set("User-Agent", c.s.userAgent()) 1569 var body io.Reader = nil 1570 body, err := googleapi.WithoutDataWrapper.JSONReader(c.attestor) 1571 if err != nil { 1572 return nil, err 1573 } 1574 reqHeaders.Set("Content-Type", "application/json") 1575 c.urlParams_.Set("alt", alt) 1576 c.urlParams_.Set("prettyPrint", "false") 1577 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/attestors") 1578 urls += "?" + c.urlParams_.Encode() 1579 req, err := http.NewRequest("POST", urls, body) 1580 if err != nil { 1581 return nil, err 1582 } 1583 req.Header = reqHeaders 1584 googleapi.Expand(req.URL, map[string]string{ 1585 "parent": c.parent, 1586 }) 1587 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1588} 1589 1590// Do executes the "binaryauthorization.projects.attestors.create" call. 1591// Exactly one of *Attestor or error will be non-nil. Any non-2xx status 1592// code is an error. Response headers are in either 1593// *Attestor.ServerResponse.Header or (if a response was returned at 1594// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 1595// to check whether the returned error was because 1596// http.StatusNotModified was returned. 1597func (c *ProjectsAttestorsCreateCall) Do(opts ...googleapi.CallOption) (*Attestor, error) { 1598 gensupport.SetOptions(c.urlParams_, opts...) 1599 res, err := c.doRequest("json") 1600 if res != nil && res.StatusCode == http.StatusNotModified { 1601 if res.Body != nil { 1602 res.Body.Close() 1603 } 1604 return nil, &googleapi.Error{ 1605 Code: res.StatusCode, 1606 Header: res.Header, 1607 } 1608 } 1609 if err != nil { 1610 return nil, err 1611 } 1612 defer googleapi.CloseBody(res) 1613 if err := googleapi.CheckResponse(res); err != nil { 1614 return nil, err 1615 } 1616 ret := &Attestor{ 1617 ServerResponse: googleapi.ServerResponse{ 1618 Header: res.Header, 1619 HTTPStatusCode: res.StatusCode, 1620 }, 1621 } 1622 target := &ret 1623 if err := gensupport.DecodeResponse(target, res); err != nil { 1624 return nil, err 1625 } 1626 return ret, nil 1627 // { 1628 // "description": "Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the attestor already exists.", 1629 // "flatPath": "v1/projects/{projectsId}/attestors", 1630 // "httpMethod": "POST", 1631 // "id": "binaryauthorization.projects.attestors.create", 1632 // "parameterOrder": [ 1633 // "parent" 1634 // ], 1635 // "parameters": { 1636 // "attestorId": { 1637 // "description": "Required. The attestors ID.", 1638 // "location": "query", 1639 // "type": "string" 1640 // }, 1641 // "parent": { 1642 // "description": "Required. The parent of this attestor.", 1643 // "location": "path", 1644 // "pattern": "^projects/[^/]+$", 1645 // "required": true, 1646 // "type": "string" 1647 // } 1648 // }, 1649 // "path": "v1/{+parent}/attestors", 1650 // "request": { 1651 // "$ref": "Attestor" 1652 // }, 1653 // "response": { 1654 // "$ref": "Attestor" 1655 // }, 1656 // "scopes": [ 1657 // "https://www.googleapis.com/auth/cloud-platform" 1658 // ] 1659 // } 1660 1661} 1662 1663// method id "binaryauthorization.projects.attestors.delete": 1664 1665type ProjectsAttestorsDeleteCall struct { 1666 s *Service 1667 name string 1668 urlParams_ gensupport.URLParams 1669 ctx_ context.Context 1670 header_ http.Header 1671} 1672 1673// Delete: Deletes an attestor. Returns NOT_FOUND if the attestor does 1674// not exist. 1675// 1676// - name: The name of the attestors to delete, in the format 1677// `projects/*/attestors/*`. 1678func (r *ProjectsAttestorsService) Delete(name string) *ProjectsAttestorsDeleteCall { 1679 c := &ProjectsAttestorsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1680 c.name = name 1681 return c 1682} 1683 1684// Fields allows partial responses to be retrieved. See 1685// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1686// for more information. 1687func (c *ProjectsAttestorsDeleteCall) Fields(s ...googleapi.Field) *ProjectsAttestorsDeleteCall { 1688 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1689 return c 1690} 1691 1692// Context sets the context to be used in this call's Do method. Any 1693// pending HTTP request will be aborted if the provided context is 1694// canceled. 1695func (c *ProjectsAttestorsDeleteCall) Context(ctx context.Context) *ProjectsAttestorsDeleteCall { 1696 c.ctx_ = ctx 1697 return c 1698} 1699 1700// Header returns an http.Header that can be modified by the caller to 1701// add HTTP headers to the request. 1702func (c *ProjectsAttestorsDeleteCall) Header() http.Header { 1703 if c.header_ == nil { 1704 c.header_ = make(http.Header) 1705 } 1706 return c.header_ 1707} 1708 1709func (c *ProjectsAttestorsDeleteCall) doRequest(alt string) (*http.Response, error) { 1710 reqHeaders := make(http.Header) 1711 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 1712 for k, v := range c.header_ { 1713 reqHeaders[k] = v 1714 } 1715 reqHeaders.Set("User-Agent", c.s.userAgent()) 1716 var body io.Reader = nil 1717 c.urlParams_.Set("alt", alt) 1718 c.urlParams_.Set("prettyPrint", "false") 1719 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") 1720 urls += "?" + c.urlParams_.Encode() 1721 req, err := http.NewRequest("DELETE", urls, body) 1722 if err != nil { 1723 return nil, err 1724 } 1725 req.Header = reqHeaders 1726 googleapi.Expand(req.URL, map[string]string{ 1727 "name": c.name, 1728 }) 1729 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1730} 1731 1732// Do executes the "binaryauthorization.projects.attestors.delete" call. 1733// Exactly one of *Empty or error will be non-nil. Any non-2xx status 1734// code is an error. Response headers are in either 1735// *Empty.ServerResponse.Header or (if a response was returned at all) 1736// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 1737// check whether the returned error was because http.StatusNotModified 1738// was returned. 1739func (c *ProjectsAttestorsDeleteCall) Do(opts ...googleapi.CallOption) (*Empty, error) { 1740 gensupport.SetOptions(c.urlParams_, opts...) 1741 res, err := c.doRequest("json") 1742 if res != nil && res.StatusCode == http.StatusNotModified { 1743 if res.Body != nil { 1744 res.Body.Close() 1745 } 1746 return nil, &googleapi.Error{ 1747 Code: res.StatusCode, 1748 Header: res.Header, 1749 } 1750 } 1751 if err != nil { 1752 return nil, err 1753 } 1754 defer googleapi.CloseBody(res) 1755 if err := googleapi.CheckResponse(res); err != nil { 1756 return nil, err 1757 } 1758 ret := &Empty{ 1759 ServerResponse: googleapi.ServerResponse{ 1760 Header: res.Header, 1761 HTTPStatusCode: res.StatusCode, 1762 }, 1763 } 1764 target := &ret 1765 if err := gensupport.DecodeResponse(target, res); err != nil { 1766 return nil, err 1767 } 1768 return ret, nil 1769 // { 1770 // "description": "Deletes an attestor. Returns NOT_FOUND if the attestor does not exist.", 1771 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}", 1772 // "httpMethod": "DELETE", 1773 // "id": "binaryauthorization.projects.attestors.delete", 1774 // "parameterOrder": [ 1775 // "name" 1776 // ], 1777 // "parameters": { 1778 // "name": { 1779 // "description": "Required. The name of the attestors to delete, in the format `projects/*/attestors/*`.", 1780 // "location": "path", 1781 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 1782 // "required": true, 1783 // "type": "string" 1784 // } 1785 // }, 1786 // "path": "v1/{+name}", 1787 // "response": { 1788 // "$ref": "Empty" 1789 // }, 1790 // "scopes": [ 1791 // "https://www.googleapis.com/auth/cloud-platform" 1792 // ] 1793 // } 1794 1795} 1796 1797// method id "binaryauthorization.projects.attestors.get": 1798 1799type ProjectsAttestorsGetCall struct { 1800 s *Service 1801 name string 1802 urlParams_ gensupport.URLParams 1803 ifNoneMatch_ string 1804 ctx_ context.Context 1805 header_ http.Header 1806} 1807 1808// Get: Gets an attestor. Returns NOT_FOUND if the attestor does not 1809// exist. 1810// 1811// - name: The name of the attestor to retrieve, in the format 1812// `projects/*/attestors/*`. 1813func (r *ProjectsAttestorsService) Get(name string) *ProjectsAttestorsGetCall { 1814 c := &ProjectsAttestorsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1815 c.name = name 1816 return c 1817} 1818 1819// Fields allows partial responses to be retrieved. See 1820// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1821// for more information. 1822func (c *ProjectsAttestorsGetCall) Fields(s ...googleapi.Field) *ProjectsAttestorsGetCall { 1823 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1824 return c 1825} 1826 1827// IfNoneMatch sets the optional parameter which makes the operation 1828// fail if the object's ETag matches the given value. This is useful for 1829// getting updates only after the object has changed since the last 1830// request. Use googleapi.IsNotModified to check whether the response 1831// error from Do is the result of In-None-Match. 1832func (c *ProjectsAttestorsGetCall) IfNoneMatch(entityTag string) *ProjectsAttestorsGetCall { 1833 c.ifNoneMatch_ = entityTag 1834 return c 1835} 1836 1837// Context sets the context to be used in this call's Do method. Any 1838// pending HTTP request will be aborted if the provided context is 1839// canceled. 1840func (c *ProjectsAttestorsGetCall) Context(ctx context.Context) *ProjectsAttestorsGetCall { 1841 c.ctx_ = ctx 1842 return c 1843} 1844 1845// Header returns an http.Header that can be modified by the caller to 1846// add HTTP headers to the request. 1847func (c *ProjectsAttestorsGetCall) Header() http.Header { 1848 if c.header_ == nil { 1849 c.header_ = make(http.Header) 1850 } 1851 return c.header_ 1852} 1853 1854func (c *ProjectsAttestorsGetCall) doRequest(alt string) (*http.Response, error) { 1855 reqHeaders := make(http.Header) 1856 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 1857 for k, v := range c.header_ { 1858 reqHeaders[k] = v 1859 } 1860 reqHeaders.Set("User-Agent", c.s.userAgent()) 1861 if c.ifNoneMatch_ != "" { 1862 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1863 } 1864 var body io.Reader = nil 1865 c.urlParams_.Set("alt", alt) 1866 c.urlParams_.Set("prettyPrint", "false") 1867 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") 1868 urls += "?" + c.urlParams_.Encode() 1869 req, err := http.NewRequest("GET", urls, body) 1870 if err != nil { 1871 return nil, err 1872 } 1873 req.Header = reqHeaders 1874 googleapi.Expand(req.URL, map[string]string{ 1875 "name": c.name, 1876 }) 1877 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1878} 1879 1880// Do executes the "binaryauthorization.projects.attestors.get" call. 1881// Exactly one of *Attestor or error will be non-nil. Any non-2xx status 1882// code is an error. Response headers are in either 1883// *Attestor.ServerResponse.Header or (if a response was returned at 1884// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 1885// to check whether the returned error was because 1886// http.StatusNotModified was returned. 1887func (c *ProjectsAttestorsGetCall) Do(opts ...googleapi.CallOption) (*Attestor, error) { 1888 gensupport.SetOptions(c.urlParams_, opts...) 1889 res, err := c.doRequest("json") 1890 if res != nil && res.StatusCode == http.StatusNotModified { 1891 if res.Body != nil { 1892 res.Body.Close() 1893 } 1894 return nil, &googleapi.Error{ 1895 Code: res.StatusCode, 1896 Header: res.Header, 1897 } 1898 } 1899 if err != nil { 1900 return nil, err 1901 } 1902 defer googleapi.CloseBody(res) 1903 if err := googleapi.CheckResponse(res); err != nil { 1904 return nil, err 1905 } 1906 ret := &Attestor{ 1907 ServerResponse: googleapi.ServerResponse{ 1908 Header: res.Header, 1909 HTTPStatusCode: res.StatusCode, 1910 }, 1911 } 1912 target := &ret 1913 if err := gensupport.DecodeResponse(target, res); err != nil { 1914 return nil, err 1915 } 1916 return ret, nil 1917 // { 1918 // "description": "Gets an attestor. Returns NOT_FOUND if the attestor does not exist.", 1919 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}", 1920 // "httpMethod": "GET", 1921 // "id": "binaryauthorization.projects.attestors.get", 1922 // "parameterOrder": [ 1923 // "name" 1924 // ], 1925 // "parameters": { 1926 // "name": { 1927 // "description": "Required. The name of the attestor to retrieve, in the format `projects/*/attestors/*`.", 1928 // "location": "path", 1929 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 1930 // "required": true, 1931 // "type": "string" 1932 // } 1933 // }, 1934 // "path": "v1/{+name}", 1935 // "response": { 1936 // "$ref": "Attestor" 1937 // }, 1938 // "scopes": [ 1939 // "https://www.googleapis.com/auth/cloud-platform" 1940 // ] 1941 // } 1942 1943} 1944 1945// method id "binaryauthorization.projects.attestors.getIamPolicy": 1946 1947type ProjectsAttestorsGetIamPolicyCall struct { 1948 s *Service 1949 resource string 1950 urlParams_ gensupport.URLParams 1951 ifNoneMatch_ string 1952 ctx_ context.Context 1953 header_ http.Header 1954} 1955 1956// GetIamPolicy: Gets the access control policy for a resource. Returns 1957// an empty policy if the resource exists and does not have a policy 1958// set. 1959// 1960// - resource: REQUIRED: The resource for which the policy is being 1961// requested. See the operation documentation for the appropriate 1962// value for this field. 1963func (r *ProjectsAttestorsService) GetIamPolicy(resource string) *ProjectsAttestorsGetIamPolicyCall { 1964 c := &ProjectsAttestorsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1965 c.resource = resource 1966 return c 1967} 1968 1969// OptionsRequestedPolicyVersion sets the optional parameter 1970// "options.requestedPolicyVersion": The policy format version to be 1971// returned. Valid values are 0, 1, and 3. Requests specifying an 1972// invalid value will be rejected. Requests for policies with any 1973// conditional bindings must specify version 3. Policies without any 1974// conditional bindings may specify any valid value or leave the field 1975// unset. To learn which resources support conditions in their IAM 1976// policies, see the IAM documentation 1977// (https://cloud.google.com/iam/help/conditions/resource-policies). 1978func (c *ProjectsAttestorsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsAttestorsGetIamPolicyCall { 1979 c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion)) 1980 return c 1981} 1982 1983// Fields allows partial responses to be retrieved. See 1984// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1985// for more information. 1986func (c *ProjectsAttestorsGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsAttestorsGetIamPolicyCall { 1987 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1988 return c 1989} 1990 1991// IfNoneMatch sets the optional parameter which makes the operation 1992// fail if the object's ETag matches the given value. This is useful for 1993// getting updates only after the object has changed since the last 1994// request. Use googleapi.IsNotModified to check whether the response 1995// error from Do is the result of In-None-Match. 1996func (c *ProjectsAttestorsGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsAttestorsGetIamPolicyCall { 1997 c.ifNoneMatch_ = entityTag 1998 return c 1999} 2000 2001// Context sets the context to be used in this call's Do method. Any 2002// pending HTTP request will be aborted if the provided context is 2003// canceled. 2004func (c *ProjectsAttestorsGetIamPolicyCall) Context(ctx context.Context) *ProjectsAttestorsGetIamPolicyCall { 2005 c.ctx_ = ctx 2006 return c 2007} 2008 2009// Header returns an http.Header that can be modified by the caller to 2010// add HTTP headers to the request. 2011func (c *ProjectsAttestorsGetIamPolicyCall) Header() http.Header { 2012 if c.header_ == nil { 2013 c.header_ = make(http.Header) 2014 } 2015 return c.header_ 2016} 2017 2018func (c *ProjectsAttestorsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 2019 reqHeaders := make(http.Header) 2020 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 2021 for k, v := range c.header_ { 2022 reqHeaders[k] = v 2023 } 2024 reqHeaders.Set("User-Agent", c.s.userAgent()) 2025 if c.ifNoneMatch_ != "" { 2026 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2027 } 2028 var body io.Reader = nil 2029 c.urlParams_.Set("alt", alt) 2030 c.urlParams_.Set("prettyPrint", "false") 2031 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy") 2032 urls += "?" + c.urlParams_.Encode() 2033 req, err := http.NewRequest("GET", urls, body) 2034 if err != nil { 2035 return nil, err 2036 } 2037 req.Header = reqHeaders 2038 googleapi.Expand(req.URL, map[string]string{ 2039 "resource": c.resource, 2040 }) 2041 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2042} 2043 2044// Do executes the "binaryauthorization.projects.attestors.getIamPolicy" call. 2045// Exactly one of *IamPolicy or error will be non-nil. Any non-2xx 2046// status code is an error. Response headers are in either 2047// *IamPolicy.ServerResponse.Header or (if a response was returned at 2048// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 2049// to check whether the returned error was because 2050// http.StatusNotModified was returned. 2051func (c *ProjectsAttestorsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 2052 gensupport.SetOptions(c.urlParams_, opts...) 2053 res, err := c.doRequest("json") 2054 if res != nil && res.StatusCode == http.StatusNotModified { 2055 if res.Body != nil { 2056 res.Body.Close() 2057 } 2058 return nil, &googleapi.Error{ 2059 Code: res.StatusCode, 2060 Header: res.Header, 2061 } 2062 } 2063 if err != nil { 2064 return nil, err 2065 } 2066 defer googleapi.CloseBody(res) 2067 if err := googleapi.CheckResponse(res); err != nil { 2068 return nil, err 2069 } 2070 ret := &IamPolicy{ 2071 ServerResponse: googleapi.ServerResponse{ 2072 Header: res.Header, 2073 HTTPStatusCode: res.StatusCode, 2074 }, 2075 } 2076 target := &ret 2077 if err := gensupport.DecodeResponse(target, res); err != nil { 2078 return nil, err 2079 } 2080 return ret, nil 2081 // { 2082 // "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.", 2083 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}:getIamPolicy", 2084 // "httpMethod": "GET", 2085 // "id": "binaryauthorization.projects.attestors.getIamPolicy", 2086 // "parameterOrder": [ 2087 // "resource" 2088 // ], 2089 // "parameters": { 2090 // "options.requestedPolicyVersion": { 2091 // "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).", 2092 // "format": "int32", 2093 // "location": "query", 2094 // "type": "integer" 2095 // }, 2096 // "resource": { 2097 // "description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.", 2098 // "location": "path", 2099 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2100 // "required": true, 2101 // "type": "string" 2102 // } 2103 // }, 2104 // "path": "v1/{+resource}:getIamPolicy", 2105 // "response": { 2106 // "$ref": "IamPolicy" 2107 // }, 2108 // "scopes": [ 2109 // "https://www.googleapis.com/auth/cloud-platform" 2110 // ] 2111 // } 2112 2113} 2114 2115// method id "binaryauthorization.projects.attestors.list": 2116 2117type ProjectsAttestorsListCall struct { 2118 s *Service 2119 parent string 2120 urlParams_ gensupport.URLParams 2121 ifNoneMatch_ string 2122 ctx_ context.Context 2123 header_ http.Header 2124} 2125 2126// List: Lists attestors. Returns INVALID_ARGUMENT if the project does 2127// not exist. 2128// 2129// - parent: The resource name of the project associated with the 2130// attestors, in the format `projects/*`. 2131func (r *ProjectsAttestorsService) List(parent string) *ProjectsAttestorsListCall { 2132 c := &ProjectsAttestorsListCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2133 c.parent = parent 2134 return c 2135} 2136 2137// PageSize sets the optional parameter "pageSize": Requested page size. 2138// The server may return fewer results than requested. If unspecified, 2139// the server will pick an appropriate default. 2140func (c *ProjectsAttestorsListCall) PageSize(pageSize int64) *ProjectsAttestorsListCall { 2141 c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) 2142 return c 2143} 2144 2145// PageToken sets the optional parameter "pageToken": A token 2146// identifying a page of results the server should return. Typically, 2147// this is the value of ListAttestorsResponse.next_page_token returned 2148// from the previous call to the `ListAttestors` method. 2149func (c *ProjectsAttestorsListCall) PageToken(pageToken string) *ProjectsAttestorsListCall { 2150 c.urlParams_.Set("pageToken", pageToken) 2151 return c 2152} 2153 2154// Fields allows partial responses to be retrieved. See 2155// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2156// for more information. 2157func (c *ProjectsAttestorsListCall) Fields(s ...googleapi.Field) *ProjectsAttestorsListCall { 2158 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2159 return c 2160} 2161 2162// IfNoneMatch sets the optional parameter which makes the operation 2163// fail if the object's ETag matches the given value. This is useful for 2164// getting updates only after the object has changed since the last 2165// request. Use googleapi.IsNotModified to check whether the response 2166// error from Do is the result of In-None-Match. 2167func (c *ProjectsAttestorsListCall) IfNoneMatch(entityTag string) *ProjectsAttestorsListCall { 2168 c.ifNoneMatch_ = entityTag 2169 return c 2170} 2171 2172// Context sets the context to be used in this call's Do method. Any 2173// pending HTTP request will be aborted if the provided context is 2174// canceled. 2175func (c *ProjectsAttestorsListCall) Context(ctx context.Context) *ProjectsAttestorsListCall { 2176 c.ctx_ = ctx 2177 return c 2178} 2179 2180// Header returns an http.Header that can be modified by the caller to 2181// add HTTP headers to the request. 2182func (c *ProjectsAttestorsListCall) Header() http.Header { 2183 if c.header_ == nil { 2184 c.header_ = make(http.Header) 2185 } 2186 return c.header_ 2187} 2188 2189func (c *ProjectsAttestorsListCall) doRequest(alt string) (*http.Response, error) { 2190 reqHeaders := make(http.Header) 2191 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 2192 for k, v := range c.header_ { 2193 reqHeaders[k] = v 2194 } 2195 reqHeaders.Set("User-Agent", c.s.userAgent()) 2196 if c.ifNoneMatch_ != "" { 2197 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2198 } 2199 var body io.Reader = nil 2200 c.urlParams_.Set("alt", alt) 2201 c.urlParams_.Set("prettyPrint", "false") 2202 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+parent}/attestors") 2203 urls += "?" + c.urlParams_.Encode() 2204 req, err := http.NewRequest("GET", urls, body) 2205 if err != nil { 2206 return nil, err 2207 } 2208 req.Header = reqHeaders 2209 googleapi.Expand(req.URL, map[string]string{ 2210 "parent": c.parent, 2211 }) 2212 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2213} 2214 2215// Do executes the "binaryauthorization.projects.attestors.list" call. 2216// Exactly one of *ListAttestorsResponse or error will be non-nil. Any 2217// non-2xx status code is an error. Response headers are in either 2218// *ListAttestorsResponse.ServerResponse.Header or (if a response was 2219// returned at all) in error.(*googleapi.Error).Header. Use 2220// googleapi.IsNotModified to check whether the returned error was 2221// because http.StatusNotModified was returned. 2222func (c *ProjectsAttestorsListCall) Do(opts ...googleapi.CallOption) (*ListAttestorsResponse, error) { 2223 gensupport.SetOptions(c.urlParams_, opts...) 2224 res, err := c.doRequest("json") 2225 if res != nil && res.StatusCode == http.StatusNotModified { 2226 if res.Body != nil { 2227 res.Body.Close() 2228 } 2229 return nil, &googleapi.Error{ 2230 Code: res.StatusCode, 2231 Header: res.Header, 2232 } 2233 } 2234 if err != nil { 2235 return nil, err 2236 } 2237 defer googleapi.CloseBody(res) 2238 if err := googleapi.CheckResponse(res); err != nil { 2239 return nil, err 2240 } 2241 ret := &ListAttestorsResponse{ 2242 ServerResponse: googleapi.ServerResponse{ 2243 Header: res.Header, 2244 HTTPStatusCode: res.StatusCode, 2245 }, 2246 } 2247 target := &ret 2248 if err := gensupport.DecodeResponse(target, res); err != nil { 2249 return nil, err 2250 } 2251 return ret, nil 2252 // { 2253 // "description": "Lists attestors. Returns INVALID_ARGUMENT if the project does not exist.", 2254 // "flatPath": "v1/projects/{projectsId}/attestors", 2255 // "httpMethod": "GET", 2256 // "id": "binaryauthorization.projects.attestors.list", 2257 // "parameterOrder": [ 2258 // "parent" 2259 // ], 2260 // "parameters": { 2261 // "pageSize": { 2262 // "description": "Requested page size. The server may return fewer results than requested. If unspecified, the server will pick an appropriate default.", 2263 // "format": "int32", 2264 // "location": "query", 2265 // "type": "integer" 2266 // }, 2267 // "pageToken": { 2268 // "description": "A token identifying a page of results the server should return. Typically, this is the value of ListAttestorsResponse.next_page_token returned from the previous call to the `ListAttestors` method.", 2269 // "location": "query", 2270 // "type": "string" 2271 // }, 2272 // "parent": { 2273 // "description": "Required. The resource name of the project associated with the attestors, in the format `projects/*`.", 2274 // "location": "path", 2275 // "pattern": "^projects/[^/]+$", 2276 // "required": true, 2277 // "type": "string" 2278 // } 2279 // }, 2280 // "path": "v1/{+parent}/attestors", 2281 // "response": { 2282 // "$ref": "ListAttestorsResponse" 2283 // }, 2284 // "scopes": [ 2285 // "https://www.googleapis.com/auth/cloud-platform" 2286 // ] 2287 // } 2288 2289} 2290 2291// Pages invokes f for each page of results. 2292// A non-nil error returned from f will halt the iteration. 2293// The provided context supersedes any context provided to the Context method. 2294func (c *ProjectsAttestorsListCall) Pages(ctx context.Context, f func(*ListAttestorsResponse) error) error { 2295 c.ctx_ = ctx 2296 defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point 2297 for { 2298 x, err := c.Do() 2299 if err != nil { 2300 return err 2301 } 2302 if err := f(x); err != nil { 2303 return err 2304 } 2305 if x.NextPageToken == "" { 2306 return nil 2307 } 2308 c.PageToken(x.NextPageToken) 2309 } 2310} 2311 2312// method id "binaryauthorization.projects.attestors.setIamPolicy": 2313 2314type ProjectsAttestorsSetIamPolicyCall struct { 2315 s *Service 2316 resource string 2317 setiampolicyrequest *SetIamPolicyRequest 2318 urlParams_ gensupport.URLParams 2319 ctx_ context.Context 2320 header_ http.Header 2321} 2322 2323// SetIamPolicy: Sets the access control policy on the specified 2324// resource. Replaces any existing policy. Can return `NOT_FOUND`, 2325// `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. 2326// 2327// - resource: REQUIRED: The resource for which the policy is being 2328// specified. See the operation documentation for the appropriate 2329// value for this field. 2330func (r *ProjectsAttestorsService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsAttestorsSetIamPolicyCall { 2331 c := &ProjectsAttestorsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2332 c.resource = resource 2333 c.setiampolicyrequest = setiampolicyrequest 2334 return c 2335} 2336 2337// Fields allows partial responses to be retrieved. See 2338// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2339// for more information. 2340func (c *ProjectsAttestorsSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsAttestorsSetIamPolicyCall { 2341 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2342 return c 2343} 2344 2345// Context sets the context to be used in this call's Do method. Any 2346// pending HTTP request will be aborted if the provided context is 2347// canceled. 2348func (c *ProjectsAttestorsSetIamPolicyCall) Context(ctx context.Context) *ProjectsAttestorsSetIamPolicyCall { 2349 c.ctx_ = ctx 2350 return c 2351} 2352 2353// Header returns an http.Header that can be modified by the caller to 2354// add HTTP headers to the request. 2355func (c *ProjectsAttestorsSetIamPolicyCall) Header() http.Header { 2356 if c.header_ == nil { 2357 c.header_ = make(http.Header) 2358 } 2359 return c.header_ 2360} 2361 2362func (c *ProjectsAttestorsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 2363 reqHeaders := make(http.Header) 2364 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 2365 for k, v := range c.header_ { 2366 reqHeaders[k] = v 2367 } 2368 reqHeaders.Set("User-Agent", c.s.userAgent()) 2369 var body io.Reader = nil 2370 body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest) 2371 if err != nil { 2372 return nil, err 2373 } 2374 reqHeaders.Set("Content-Type", "application/json") 2375 c.urlParams_.Set("alt", alt) 2376 c.urlParams_.Set("prettyPrint", "false") 2377 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy") 2378 urls += "?" + c.urlParams_.Encode() 2379 req, err := http.NewRequest("POST", urls, body) 2380 if err != nil { 2381 return nil, err 2382 } 2383 req.Header = reqHeaders 2384 googleapi.Expand(req.URL, map[string]string{ 2385 "resource": c.resource, 2386 }) 2387 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2388} 2389 2390// Do executes the "binaryauthorization.projects.attestors.setIamPolicy" call. 2391// Exactly one of *IamPolicy or error will be non-nil. Any non-2xx 2392// status code is an error. Response headers are in either 2393// *IamPolicy.ServerResponse.Header or (if a response was returned at 2394// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 2395// to check whether the returned error was because 2396// http.StatusNotModified was returned. 2397func (c *ProjectsAttestorsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 2398 gensupport.SetOptions(c.urlParams_, opts...) 2399 res, err := c.doRequest("json") 2400 if res != nil && res.StatusCode == http.StatusNotModified { 2401 if res.Body != nil { 2402 res.Body.Close() 2403 } 2404 return nil, &googleapi.Error{ 2405 Code: res.StatusCode, 2406 Header: res.Header, 2407 } 2408 } 2409 if err != nil { 2410 return nil, err 2411 } 2412 defer googleapi.CloseBody(res) 2413 if err := googleapi.CheckResponse(res); err != nil { 2414 return nil, err 2415 } 2416 ret := &IamPolicy{ 2417 ServerResponse: googleapi.ServerResponse{ 2418 Header: res.Header, 2419 HTTPStatusCode: res.StatusCode, 2420 }, 2421 } 2422 target := &ret 2423 if err := gensupport.DecodeResponse(target, res); err != nil { 2424 return nil, err 2425 } 2426 return ret, nil 2427 // { 2428 // "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.", 2429 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}:setIamPolicy", 2430 // "httpMethod": "POST", 2431 // "id": "binaryauthorization.projects.attestors.setIamPolicy", 2432 // "parameterOrder": [ 2433 // "resource" 2434 // ], 2435 // "parameters": { 2436 // "resource": { 2437 // "description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.", 2438 // "location": "path", 2439 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2440 // "required": true, 2441 // "type": "string" 2442 // } 2443 // }, 2444 // "path": "v1/{+resource}:setIamPolicy", 2445 // "request": { 2446 // "$ref": "SetIamPolicyRequest" 2447 // }, 2448 // "response": { 2449 // "$ref": "IamPolicy" 2450 // }, 2451 // "scopes": [ 2452 // "https://www.googleapis.com/auth/cloud-platform" 2453 // ] 2454 // } 2455 2456} 2457 2458// method id "binaryauthorization.projects.attestors.testIamPermissions": 2459 2460type ProjectsAttestorsTestIamPermissionsCall struct { 2461 s *Service 2462 resource string 2463 testiampermissionsrequest *TestIamPermissionsRequest 2464 urlParams_ gensupport.URLParams 2465 ctx_ context.Context 2466 header_ http.Header 2467} 2468 2469// TestIamPermissions: Returns permissions that a caller has on the 2470// specified resource. If the resource does not exist, this will return 2471// an empty set of permissions, not a `NOT_FOUND` error. Note: This 2472// operation is designed to be used for building permission-aware UIs 2473// and command-line tools, not for authorization checking. This 2474// operation may "fail open" without warning. 2475// 2476// - resource: REQUIRED: The resource for which the policy detail is 2477// being requested. See the operation documentation for the 2478// appropriate value for this field. 2479func (r *ProjectsAttestorsService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsAttestorsTestIamPermissionsCall { 2480 c := &ProjectsAttestorsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2481 c.resource = resource 2482 c.testiampermissionsrequest = testiampermissionsrequest 2483 return c 2484} 2485 2486// Fields allows partial responses to be retrieved. See 2487// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2488// for more information. 2489func (c *ProjectsAttestorsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsAttestorsTestIamPermissionsCall { 2490 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2491 return c 2492} 2493 2494// Context sets the context to be used in this call's Do method. Any 2495// pending HTTP request will be aborted if the provided context is 2496// canceled. 2497func (c *ProjectsAttestorsTestIamPermissionsCall) Context(ctx context.Context) *ProjectsAttestorsTestIamPermissionsCall { 2498 c.ctx_ = ctx 2499 return c 2500} 2501 2502// Header returns an http.Header that can be modified by the caller to 2503// add HTTP headers to the request. 2504func (c *ProjectsAttestorsTestIamPermissionsCall) Header() http.Header { 2505 if c.header_ == nil { 2506 c.header_ = make(http.Header) 2507 } 2508 return c.header_ 2509} 2510 2511func (c *ProjectsAttestorsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) { 2512 reqHeaders := make(http.Header) 2513 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 2514 for k, v := range c.header_ { 2515 reqHeaders[k] = v 2516 } 2517 reqHeaders.Set("User-Agent", c.s.userAgent()) 2518 var body io.Reader = nil 2519 body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest) 2520 if err != nil { 2521 return nil, err 2522 } 2523 reqHeaders.Set("Content-Type", "application/json") 2524 c.urlParams_.Set("alt", alt) 2525 c.urlParams_.Set("prettyPrint", "false") 2526 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions") 2527 urls += "?" + c.urlParams_.Encode() 2528 req, err := http.NewRequest("POST", urls, body) 2529 if err != nil { 2530 return nil, err 2531 } 2532 req.Header = reqHeaders 2533 googleapi.Expand(req.URL, map[string]string{ 2534 "resource": c.resource, 2535 }) 2536 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2537} 2538 2539// Do executes the "binaryauthorization.projects.attestors.testIamPermissions" call. 2540// Exactly one of *TestIamPermissionsResponse or error will be non-nil. 2541// Any non-2xx status code is an error. Response headers are in either 2542// *TestIamPermissionsResponse.ServerResponse.Header or (if a response 2543// was returned at all) in error.(*googleapi.Error).Header. Use 2544// googleapi.IsNotModified to check whether the returned error was 2545// because http.StatusNotModified was returned. 2546func (c *ProjectsAttestorsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) { 2547 gensupport.SetOptions(c.urlParams_, opts...) 2548 res, err := c.doRequest("json") 2549 if res != nil && res.StatusCode == http.StatusNotModified { 2550 if res.Body != nil { 2551 res.Body.Close() 2552 } 2553 return nil, &googleapi.Error{ 2554 Code: res.StatusCode, 2555 Header: res.Header, 2556 } 2557 } 2558 if err != nil { 2559 return nil, err 2560 } 2561 defer googleapi.CloseBody(res) 2562 if err := googleapi.CheckResponse(res); err != nil { 2563 return nil, err 2564 } 2565 ret := &TestIamPermissionsResponse{ 2566 ServerResponse: googleapi.ServerResponse{ 2567 Header: res.Header, 2568 HTTPStatusCode: res.StatusCode, 2569 }, 2570 } 2571 target := &ret 2572 if err := gensupport.DecodeResponse(target, res); err != nil { 2573 return nil, err 2574 } 2575 return ret, nil 2576 // { 2577 // "description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.", 2578 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}:testIamPermissions", 2579 // "httpMethod": "POST", 2580 // "id": "binaryauthorization.projects.attestors.testIamPermissions", 2581 // "parameterOrder": [ 2582 // "resource" 2583 // ], 2584 // "parameters": { 2585 // "resource": { 2586 // "description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.", 2587 // "location": "path", 2588 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2589 // "required": true, 2590 // "type": "string" 2591 // } 2592 // }, 2593 // "path": "v1/{+resource}:testIamPermissions", 2594 // "request": { 2595 // "$ref": "TestIamPermissionsRequest" 2596 // }, 2597 // "response": { 2598 // "$ref": "TestIamPermissionsResponse" 2599 // }, 2600 // "scopes": [ 2601 // "https://www.googleapis.com/auth/cloud-platform" 2602 // ] 2603 // } 2604 2605} 2606 2607// method id "binaryauthorization.projects.attestors.update": 2608 2609type ProjectsAttestorsUpdateCall struct { 2610 s *Service 2611 name string 2612 attestor *Attestor 2613 urlParams_ gensupport.URLParams 2614 ctx_ context.Context 2615 header_ http.Header 2616} 2617 2618// Update: Updates an attestor. Returns NOT_FOUND if the attestor does 2619// not exist. 2620// 2621// - name: The resource name, in the format: `projects/*/attestors/*`. 2622// This field may not be updated. 2623func (r *ProjectsAttestorsService) Update(name string, attestor *Attestor) *ProjectsAttestorsUpdateCall { 2624 c := &ProjectsAttestorsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2625 c.name = name 2626 c.attestor = attestor 2627 return c 2628} 2629 2630// Fields allows partial responses to be retrieved. See 2631// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2632// for more information. 2633func (c *ProjectsAttestorsUpdateCall) Fields(s ...googleapi.Field) *ProjectsAttestorsUpdateCall { 2634 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2635 return c 2636} 2637 2638// Context sets the context to be used in this call's Do method. Any 2639// pending HTTP request will be aborted if the provided context is 2640// canceled. 2641func (c *ProjectsAttestorsUpdateCall) Context(ctx context.Context) *ProjectsAttestorsUpdateCall { 2642 c.ctx_ = ctx 2643 return c 2644} 2645 2646// Header returns an http.Header that can be modified by the caller to 2647// add HTTP headers to the request. 2648func (c *ProjectsAttestorsUpdateCall) Header() http.Header { 2649 if c.header_ == nil { 2650 c.header_ = make(http.Header) 2651 } 2652 return c.header_ 2653} 2654 2655func (c *ProjectsAttestorsUpdateCall) doRequest(alt string) (*http.Response, error) { 2656 reqHeaders := make(http.Header) 2657 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 2658 for k, v := range c.header_ { 2659 reqHeaders[k] = v 2660 } 2661 reqHeaders.Set("User-Agent", c.s.userAgent()) 2662 var body io.Reader = nil 2663 body, err := googleapi.WithoutDataWrapper.JSONReader(c.attestor) 2664 if err != nil { 2665 return nil, err 2666 } 2667 reqHeaders.Set("Content-Type", "application/json") 2668 c.urlParams_.Set("alt", alt) 2669 c.urlParams_.Set("prettyPrint", "false") 2670 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") 2671 urls += "?" + c.urlParams_.Encode() 2672 req, err := http.NewRequest("PUT", urls, body) 2673 if err != nil { 2674 return nil, err 2675 } 2676 req.Header = reqHeaders 2677 googleapi.Expand(req.URL, map[string]string{ 2678 "name": c.name, 2679 }) 2680 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2681} 2682 2683// Do executes the "binaryauthorization.projects.attestors.update" call. 2684// Exactly one of *Attestor or error will be non-nil. Any non-2xx status 2685// code is an error. Response headers are in either 2686// *Attestor.ServerResponse.Header or (if a response was returned at 2687// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 2688// to check whether the returned error was because 2689// http.StatusNotModified was returned. 2690func (c *ProjectsAttestorsUpdateCall) Do(opts ...googleapi.CallOption) (*Attestor, error) { 2691 gensupport.SetOptions(c.urlParams_, opts...) 2692 res, err := c.doRequest("json") 2693 if res != nil && res.StatusCode == http.StatusNotModified { 2694 if res.Body != nil { 2695 res.Body.Close() 2696 } 2697 return nil, &googleapi.Error{ 2698 Code: res.StatusCode, 2699 Header: res.Header, 2700 } 2701 } 2702 if err != nil { 2703 return nil, err 2704 } 2705 defer googleapi.CloseBody(res) 2706 if err := googleapi.CheckResponse(res); err != nil { 2707 return nil, err 2708 } 2709 ret := &Attestor{ 2710 ServerResponse: googleapi.ServerResponse{ 2711 Header: res.Header, 2712 HTTPStatusCode: res.StatusCode, 2713 }, 2714 } 2715 target := &ret 2716 if err := gensupport.DecodeResponse(target, res); err != nil { 2717 return nil, err 2718 } 2719 return ret, nil 2720 // { 2721 // "description": "Updates an attestor. Returns NOT_FOUND if the attestor does not exist.", 2722 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}", 2723 // "httpMethod": "PUT", 2724 // "id": "binaryauthorization.projects.attestors.update", 2725 // "parameterOrder": [ 2726 // "name" 2727 // ], 2728 // "parameters": { 2729 // "name": { 2730 // "description": "Required. The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.", 2731 // "location": "path", 2732 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2733 // "required": true, 2734 // "type": "string" 2735 // } 2736 // }, 2737 // "path": "v1/{+name}", 2738 // "request": { 2739 // "$ref": "Attestor" 2740 // }, 2741 // "response": { 2742 // "$ref": "Attestor" 2743 // }, 2744 // "scopes": [ 2745 // "https://www.googleapis.com/auth/cloud-platform" 2746 // ] 2747 // } 2748 2749} 2750 2751// method id "binaryauthorization.projects.attestors.validateAttestationOccurrence": 2752 2753type ProjectsAttestorsValidateAttestationOccurrenceCall struct { 2754 s *Service 2755 attestor string 2756 validateattestationoccurrencerequest *ValidateAttestationOccurrenceRequest 2757 urlParams_ gensupport.URLParams 2758 ctx_ context.Context 2759 header_ http.Header 2760} 2761 2762// ValidateAttestationOccurrence: Returns whether the given Attestation 2763// for the given image URI was signed by the given Attestor 2764// 2765// - attestor: The resource name of the Attestor of the occurrence, in 2766// the format `projects/*/attestors/*`. 2767func (r *ProjectsAttestorsService) ValidateAttestationOccurrence(attestor string, validateattestationoccurrencerequest *ValidateAttestationOccurrenceRequest) *ProjectsAttestorsValidateAttestationOccurrenceCall { 2768 c := &ProjectsAttestorsValidateAttestationOccurrenceCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2769 c.attestor = attestor 2770 c.validateattestationoccurrencerequest = validateattestationoccurrencerequest 2771 return c 2772} 2773 2774// Fields allows partial responses to be retrieved. See 2775// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2776// for more information. 2777func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Fields(s ...googleapi.Field) *ProjectsAttestorsValidateAttestationOccurrenceCall { 2778 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2779 return c 2780} 2781 2782// Context sets the context to be used in this call's Do method. Any 2783// pending HTTP request will be aborted if the provided context is 2784// canceled. 2785func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Context(ctx context.Context) *ProjectsAttestorsValidateAttestationOccurrenceCall { 2786 c.ctx_ = ctx 2787 return c 2788} 2789 2790// Header returns an http.Header that can be modified by the caller to 2791// add HTTP headers to the request. 2792func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Header() http.Header { 2793 if c.header_ == nil { 2794 c.header_ = make(http.Header) 2795 } 2796 return c.header_ 2797} 2798 2799func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) doRequest(alt string) (*http.Response, error) { 2800 reqHeaders := make(http.Header) 2801 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 2802 for k, v := range c.header_ { 2803 reqHeaders[k] = v 2804 } 2805 reqHeaders.Set("User-Agent", c.s.userAgent()) 2806 var body io.Reader = nil 2807 body, err := googleapi.WithoutDataWrapper.JSONReader(c.validateattestationoccurrencerequest) 2808 if err != nil { 2809 return nil, err 2810 } 2811 reqHeaders.Set("Content-Type", "application/json") 2812 c.urlParams_.Set("alt", alt) 2813 c.urlParams_.Set("prettyPrint", "false") 2814 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+attestor}:validateAttestationOccurrence") 2815 urls += "?" + c.urlParams_.Encode() 2816 req, err := http.NewRequest("POST", urls, body) 2817 if err != nil { 2818 return nil, err 2819 } 2820 req.Header = reqHeaders 2821 googleapi.Expand(req.URL, map[string]string{ 2822 "attestor": c.attestor, 2823 }) 2824 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2825} 2826 2827// Do executes the "binaryauthorization.projects.attestors.validateAttestationOccurrence" call. 2828// Exactly one of *ValidateAttestationOccurrenceResponse or error will 2829// be non-nil. Any non-2xx status code is an error. Response headers are 2830// in either 2831// *ValidateAttestationOccurrenceResponse.ServerResponse.Header or (if a 2832// response was returned at all) in error.(*googleapi.Error).Header. Use 2833// googleapi.IsNotModified to check whether the returned error was 2834// because http.StatusNotModified was returned. 2835func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Do(opts ...googleapi.CallOption) (*ValidateAttestationOccurrenceResponse, error) { 2836 gensupport.SetOptions(c.urlParams_, opts...) 2837 res, err := c.doRequest("json") 2838 if res != nil && res.StatusCode == http.StatusNotModified { 2839 if res.Body != nil { 2840 res.Body.Close() 2841 } 2842 return nil, &googleapi.Error{ 2843 Code: res.StatusCode, 2844 Header: res.Header, 2845 } 2846 } 2847 if err != nil { 2848 return nil, err 2849 } 2850 defer googleapi.CloseBody(res) 2851 if err := googleapi.CheckResponse(res); err != nil { 2852 return nil, err 2853 } 2854 ret := &ValidateAttestationOccurrenceResponse{ 2855 ServerResponse: googleapi.ServerResponse{ 2856 Header: res.Header, 2857 HTTPStatusCode: res.StatusCode, 2858 }, 2859 } 2860 target := &ret 2861 if err := gensupport.DecodeResponse(target, res); err != nil { 2862 return nil, err 2863 } 2864 return ret, nil 2865 // { 2866 // "description": "Returns whether the given Attestation for the given image URI was signed by the given Attestor", 2867 // "flatPath": "v1/projects/{projectsId}/attestors/{attestorsId}:validateAttestationOccurrence", 2868 // "httpMethod": "POST", 2869 // "id": "binaryauthorization.projects.attestors.validateAttestationOccurrence", 2870 // "parameterOrder": [ 2871 // "attestor" 2872 // ], 2873 // "parameters": { 2874 // "attestor": { 2875 // "description": "Required. The resource name of the Attestor of the occurrence, in the format `projects/*/attestors/*`.", 2876 // "location": "path", 2877 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2878 // "required": true, 2879 // "type": "string" 2880 // } 2881 // }, 2882 // "path": "v1/{+attestor}:validateAttestationOccurrence", 2883 // "request": { 2884 // "$ref": "ValidateAttestationOccurrenceRequest" 2885 // }, 2886 // "response": { 2887 // "$ref": "ValidateAttestationOccurrenceResponse" 2888 // }, 2889 // "scopes": [ 2890 // "https://www.googleapis.com/auth/cloud-platform" 2891 // ] 2892 // } 2893 2894} 2895 2896// method id "binaryauthorization.projects.policy.getIamPolicy": 2897 2898type ProjectsPolicyGetIamPolicyCall struct { 2899 s *Service 2900 resource string 2901 urlParams_ gensupport.URLParams 2902 ifNoneMatch_ string 2903 ctx_ context.Context 2904 header_ http.Header 2905} 2906 2907// GetIamPolicy: Gets the access control policy for a resource. Returns 2908// an empty policy if the resource exists and does not have a policy 2909// set. 2910// 2911// - resource: REQUIRED: The resource for which the policy is being 2912// requested. See the operation documentation for the appropriate 2913// value for this field. 2914func (r *ProjectsPolicyService) GetIamPolicy(resource string) *ProjectsPolicyGetIamPolicyCall { 2915 c := &ProjectsPolicyGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2916 c.resource = resource 2917 return c 2918} 2919 2920// OptionsRequestedPolicyVersion sets the optional parameter 2921// "options.requestedPolicyVersion": The policy format version to be 2922// returned. Valid values are 0, 1, and 3. Requests specifying an 2923// invalid value will be rejected. Requests for policies with any 2924// conditional bindings must specify version 3. Policies without any 2925// conditional bindings may specify any valid value or leave the field 2926// unset. To learn which resources support conditions in their IAM 2927// policies, see the IAM documentation 2928// (https://cloud.google.com/iam/help/conditions/resource-policies). 2929func (c *ProjectsPolicyGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsPolicyGetIamPolicyCall { 2930 c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion)) 2931 return c 2932} 2933 2934// Fields allows partial responses to be retrieved. See 2935// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2936// for more information. 2937func (c *ProjectsPolicyGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsPolicyGetIamPolicyCall { 2938 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2939 return c 2940} 2941 2942// IfNoneMatch sets the optional parameter which makes the operation 2943// fail if the object's ETag matches the given value. This is useful for 2944// getting updates only after the object has changed since the last 2945// request. Use googleapi.IsNotModified to check whether the response 2946// error from Do is the result of In-None-Match. 2947func (c *ProjectsPolicyGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsPolicyGetIamPolicyCall { 2948 c.ifNoneMatch_ = entityTag 2949 return c 2950} 2951 2952// Context sets the context to be used in this call's Do method. Any 2953// pending HTTP request will be aborted if the provided context is 2954// canceled. 2955func (c *ProjectsPolicyGetIamPolicyCall) Context(ctx context.Context) *ProjectsPolicyGetIamPolicyCall { 2956 c.ctx_ = ctx 2957 return c 2958} 2959 2960// Header returns an http.Header that can be modified by the caller to 2961// add HTTP headers to the request. 2962func (c *ProjectsPolicyGetIamPolicyCall) Header() http.Header { 2963 if c.header_ == nil { 2964 c.header_ = make(http.Header) 2965 } 2966 return c.header_ 2967} 2968 2969func (c *ProjectsPolicyGetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 2970 reqHeaders := make(http.Header) 2971 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 2972 for k, v := range c.header_ { 2973 reqHeaders[k] = v 2974 } 2975 reqHeaders.Set("User-Agent", c.s.userAgent()) 2976 if c.ifNoneMatch_ != "" { 2977 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2978 } 2979 var body io.Reader = nil 2980 c.urlParams_.Set("alt", alt) 2981 c.urlParams_.Set("prettyPrint", "false") 2982 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:getIamPolicy") 2983 urls += "?" + c.urlParams_.Encode() 2984 req, err := http.NewRequest("GET", urls, body) 2985 if err != nil { 2986 return nil, err 2987 } 2988 req.Header = reqHeaders 2989 googleapi.Expand(req.URL, map[string]string{ 2990 "resource": c.resource, 2991 }) 2992 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2993} 2994 2995// Do executes the "binaryauthorization.projects.policy.getIamPolicy" call. 2996// Exactly one of *IamPolicy or error will be non-nil. Any non-2xx 2997// status code is an error. Response headers are in either 2998// *IamPolicy.ServerResponse.Header or (if a response was returned at 2999// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 3000// to check whether the returned error was because 3001// http.StatusNotModified was returned. 3002func (c *ProjectsPolicyGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 3003 gensupport.SetOptions(c.urlParams_, opts...) 3004 res, err := c.doRequest("json") 3005 if res != nil && res.StatusCode == http.StatusNotModified { 3006 if res.Body != nil { 3007 res.Body.Close() 3008 } 3009 return nil, &googleapi.Error{ 3010 Code: res.StatusCode, 3011 Header: res.Header, 3012 } 3013 } 3014 if err != nil { 3015 return nil, err 3016 } 3017 defer googleapi.CloseBody(res) 3018 if err := googleapi.CheckResponse(res); err != nil { 3019 return nil, err 3020 } 3021 ret := &IamPolicy{ 3022 ServerResponse: googleapi.ServerResponse{ 3023 Header: res.Header, 3024 HTTPStatusCode: res.StatusCode, 3025 }, 3026 } 3027 target := &ret 3028 if err := gensupport.DecodeResponse(target, res); err != nil { 3029 return nil, err 3030 } 3031 return ret, nil 3032 // { 3033 // "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.", 3034 // "flatPath": "v1/projects/{projectsId}/policy:getIamPolicy", 3035 // "httpMethod": "GET", 3036 // "id": "binaryauthorization.projects.policy.getIamPolicy", 3037 // "parameterOrder": [ 3038 // "resource" 3039 // ], 3040 // "parameters": { 3041 // "options.requestedPolicyVersion": { 3042 // "description": "Optional. The policy format version to be returned. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional bindings must specify version 3. Policies without any conditional bindings may specify any valid value or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).", 3043 // "format": "int32", 3044 // "location": "query", 3045 // "type": "integer" 3046 // }, 3047 // "resource": { 3048 // "description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.", 3049 // "location": "path", 3050 // "pattern": "^projects/[^/]+/policy$", 3051 // "required": true, 3052 // "type": "string" 3053 // } 3054 // }, 3055 // "path": "v1/{+resource}:getIamPolicy", 3056 // "response": { 3057 // "$ref": "IamPolicy" 3058 // }, 3059 // "scopes": [ 3060 // "https://www.googleapis.com/auth/cloud-platform" 3061 // ] 3062 // } 3063 3064} 3065 3066// method id "binaryauthorization.projects.policy.setIamPolicy": 3067 3068type ProjectsPolicySetIamPolicyCall struct { 3069 s *Service 3070 resource string 3071 setiampolicyrequest *SetIamPolicyRequest 3072 urlParams_ gensupport.URLParams 3073 ctx_ context.Context 3074 header_ http.Header 3075} 3076 3077// SetIamPolicy: Sets the access control policy on the specified 3078// resource. Replaces any existing policy. Can return `NOT_FOUND`, 3079// `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. 3080// 3081// - resource: REQUIRED: The resource for which the policy is being 3082// specified. See the operation documentation for the appropriate 3083// value for this field. 3084func (r *ProjectsPolicyService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsPolicySetIamPolicyCall { 3085 c := &ProjectsPolicySetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3086 c.resource = resource 3087 c.setiampolicyrequest = setiampolicyrequest 3088 return c 3089} 3090 3091// Fields allows partial responses to be retrieved. See 3092// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3093// for more information. 3094func (c *ProjectsPolicySetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsPolicySetIamPolicyCall { 3095 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3096 return c 3097} 3098 3099// Context sets the context to be used in this call's Do method. Any 3100// pending HTTP request will be aborted if the provided context is 3101// canceled. 3102func (c *ProjectsPolicySetIamPolicyCall) Context(ctx context.Context) *ProjectsPolicySetIamPolicyCall { 3103 c.ctx_ = ctx 3104 return c 3105} 3106 3107// Header returns an http.Header that can be modified by the caller to 3108// add HTTP headers to the request. 3109func (c *ProjectsPolicySetIamPolicyCall) Header() http.Header { 3110 if c.header_ == nil { 3111 c.header_ = make(http.Header) 3112 } 3113 return c.header_ 3114} 3115 3116func (c *ProjectsPolicySetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 3117 reqHeaders := make(http.Header) 3118 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 3119 for k, v := range c.header_ { 3120 reqHeaders[k] = v 3121 } 3122 reqHeaders.Set("User-Agent", c.s.userAgent()) 3123 var body io.Reader = nil 3124 body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest) 3125 if err != nil { 3126 return nil, err 3127 } 3128 reqHeaders.Set("Content-Type", "application/json") 3129 c.urlParams_.Set("alt", alt) 3130 c.urlParams_.Set("prettyPrint", "false") 3131 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:setIamPolicy") 3132 urls += "?" + c.urlParams_.Encode() 3133 req, err := http.NewRequest("POST", urls, body) 3134 if err != nil { 3135 return nil, err 3136 } 3137 req.Header = reqHeaders 3138 googleapi.Expand(req.URL, map[string]string{ 3139 "resource": c.resource, 3140 }) 3141 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3142} 3143 3144// Do executes the "binaryauthorization.projects.policy.setIamPolicy" call. 3145// Exactly one of *IamPolicy or error will be non-nil. Any non-2xx 3146// status code is an error. Response headers are in either 3147// *IamPolicy.ServerResponse.Header or (if a response was returned at 3148// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 3149// to check whether the returned error was because 3150// http.StatusNotModified was returned. 3151func (c *ProjectsPolicySetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 3152 gensupport.SetOptions(c.urlParams_, opts...) 3153 res, err := c.doRequest("json") 3154 if res != nil && res.StatusCode == http.StatusNotModified { 3155 if res.Body != nil { 3156 res.Body.Close() 3157 } 3158 return nil, &googleapi.Error{ 3159 Code: res.StatusCode, 3160 Header: res.Header, 3161 } 3162 } 3163 if err != nil { 3164 return nil, err 3165 } 3166 defer googleapi.CloseBody(res) 3167 if err := googleapi.CheckResponse(res); err != nil { 3168 return nil, err 3169 } 3170 ret := &IamPolicy{ 3171 ServerResponse: googleapi.ServerResponse{ 3172 Header: res.Header, 3173 HTTPStatusCode: res.StatusCode, 3174 }, 3175 } 3176 target := &ret 3177 if err := gensupport.DecodeResponse(target, res); err != nil { 3178 return nil, err 3179 } 3180 return ret, nil 3181 // { 3182 // "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.", 3183 // "flatPath": "v1/projects/{projectsId}/policy:setIamPolicy", 3184 // "httpMethod": "POST", 3185 // "id": "binaryauthorization.projects.policy.setIamPolicy", 3186 // "parameterOrder": [ 3187 // "resource" 3188 // ], 3189 // "parameters": { 3190 // "resource": { 3191 // "description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.", 3192 // "location": "path", 3193 // "pattern": "^projects/[^/]+/policy$", 3194 // "required": true, 3195 // "type": "string" 3196 // } 3197 // }, 3198 // "path": "v1/{+resource}:setIamPolicy", 3199 // "request": { 3200 // "$ref": "SetIamPolicyRequest" 3201 // }, 3202 // "response": { 3203 // "$ref": "IamPolicy" 3204 // }, 3205 // "scopes": [ 3206 // "https://www.googleapis.com/auth/cloud-platform" 3207 // ] 3208 // } 3209 3210} 3211 3212// method id "binaryauthorization.projects.policy.testIamPermissions": 3213 3214type ProjectsPolicyTestIamPermissionsCall struct { 3215 s *Service 3216 resource string 3217 testiampermissionsrequest *TestIamPermissionsRequest 3218 urlParams_ gensupport.URLParams 3219 ctx_ context.Context 3220 header_ http.Header 3221} 3222 3223// TestIamPermissions: Returns permissions that a caller has on the 3224// specified resource. If the resource does not exist, this will return 3225// an empty set of permissions, not a `NOT_FOUND` error. Note: This 3226// operation is designed to be used for building permission-aware UIs 3227// and command-line tools, not for authorization checking. This 3228// operation may "fail open" without warning. 3229// 3230// - resource: REQUIRED: The resource for which the policy detail is 3231// being requested. See the operation documentation for the 3232// appropriate value for this field. 3233func (r *ProjectsPolicyService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsPolicyTestIamPermissionsCall { 3234 c := &ProjectsPolicyTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3235 c.resource = resource 3236 c.testiampermissionsrequest = testiampermissionsrequest 3237 return c 3238} 3239 3240// Fields allows partial responses to be retrieved. See 3241// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3242// for more information. 3243func (c *ProjectsPolicyTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsPolicyTestIamPermissionsCall { 3244 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3245 return c 3246} 3247 3248// Context sets the context to be used in this call's Do method. Any 3249// pending HTTP request will be aborted if the provided context is 3250// canceled. 3251func (c *ProjectsPolicyTestIamPermissionsCall) Context(ctx context.Context) *ProjectsPolicyTestIamPermissionsCall { 3252 c.ctx_ = ctx 3253 return c 3254} 3255 3256// Header returns an http.Header that can be modified by the caller to 3257// add HTTP headers to the request. 3258func (c *ProjectsPolicyTestIamPermissionsCall) Header() http.Header { 3259 if c.header_ == nil { 3260 c.header_ = make(http.Header) 3261 } 3262 return c.header_ 3263} 3264 3265func (c *ProjectsPolicyTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) { 3266 reqHeaders := make(http.Header) 3267 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 3268 for k, v := range c.header_ { 3269 reqHeaders[k] = v 3270 } 3271 reqHeaders.Set("User-Agent", c.s.userAgent()) 3272 var body io.Reader = nil 3273 body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest) 3274 if err != nil { 3275 return nil, err 3276 } 3277 reqHeaders.Set("Content-Type", "application/json") 3278 c.urlParams_.Set("alt", alt) 3279 c.urlParams_.Set("prettyPrint", "false") 3280 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+resource}:testIamPermissions") 3281 urls += "?" + c.urlParams_.Encode() 3282 req, err := http.NewRequest("POST", urls, body) 3283 if err != nil { 3284 return nil, err 3285 } 3286 req.Header = reqHeaders 3287 googleapi.Expand(req.URL, map[string]string{ 3288 "resource": c.resource, 3289 }) 3290 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3291} 3292 3293// Do executes the "binaryauthorization.projects.policy.testIamPermissions" call. 3294// Exactly one of *TestIamPermissionsResponse or error will be non-nil. 3295// Any non-2xx status code is an error. Response headers are in either 3296// *TestIamPermissionsResponse.ServerResponse.Header or (if a response 3297// was returned at all) in error.(*googleapi.Error).Header. Use 3298// googleapi.IsNotModified to check whether the returned error was 3299// because http.StatusNotModified was returned. 3300func (c *ProjectsPolicyTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) { 3301 gensupport.SetOptions(c.urlParams_, opts...) 3302 res, err := c.doRequest("json") 3303 if res != nil && res.StatusCode == http.StatusNotModified { 3304 if res.Body != nil { 3305 res.Body.Close() 3306 } 3307 return nil, &googleapi.Error{ 3308 Code: res.StatusCode, 3309 Header: res.Header, 3310 } 3311 } 3312 if err != nil { 3313 return nil, err 3314 } 3315 defer googleapi.CloseBody(res) 3316 if err := googleapi.CheckResponse(res); err != nil { 3317 return nil, err 3318 } 3319 ret := &TestIamPermissionsResponse{ 3320 ServerResponse: googleapi.ServerResponse{ 3321 Header: res.Header, 3322 HTTPStatusCode: res.StatusCode, 3323 }, 3324 } 3325 target := &ret 3326 if err := gensupport.DecodeResponse(target, res); err != nil { 3327 return nil, err 3328 } 3329 return ret, nil 3330 // { 3331 // "description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.", 3332 // "flatPath": "v1/projects/{projectsId}/policy:testIamPermissions", 3333 // "httpMethod": "POST", 3334 // "id": "binaryauthorization.projects.policy.testIamPermissions", 3335 // "parameterOrder": [ 3336 // "resource" 3337 // ], 3338 // "parameters": { 3339 // "resource": { 3340 // "description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.", 3341 // "location": "path", 3342 // "pattern": "^projects/[^/]+/policy$", 3343 // "required": true, 3344 // "type": "string" 3345 // } 3346 // }, 3347 // "path": "v1/{+resource}:testIamPermissions", 3348 // "request": { 3349 // "$ref": "TestIamPermissionsRequest" 3350 // }, 3351 // "response": { 3352 // "$ref": "TestIamPermissionsResponse" 3353 // }, 3354 // "scopes": [ 3355 // "https://www.googleapis.com/auth/cloud-platform" 3356 // ] 3357 // } 3358 3359} 3360 3361// method id "binaryauthorization.systempolicy.getPolicy": 3362 3363type SystempolicyGetPolicyCall struct { 3364 s *Service 3365 name string 3366 urlParams_ gensupport.URLParams 3367 ifNoneMatch_ string 3368 ctx_ context.Context 3369 header_ http.Header 3370} 3371 3372// GetPolicy: Gets the current system policy in the specified location. 3373// 3374// - name: The resource name, in the format `locations/*/policy`. Note 3375// that the system policy is not associated with a project. 3376func (r *SystempolicyService) GetPolicy(name string) *SystempolicyGetPolicyCall { 3377 c := &SystempolicyGetPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3378 c.name = name 3379 return c 3380} 3381 3382// Fields allows partial responses to be retrieved. See 3383// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3384// for more information. 3385func (c *SystempolicyGetPolicyCall) Fields(s ...googleapi.Field) *SystempolicyGetPolicyCall { 3386 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3387 return c 3388} 3389 3390// IfNoneMatch sets the optional parameter which makes the operation 3391// fail if the object's ETag matches the given value. This is useful for 3392// getting updates only after the object has changed since the last 3393// request. Use googleapi.IsNotModified to check whether the response 3394// error from Do is the result of In-None-Match. 3395func (c *SystempolicyGetPolicyCall) IfNoneMatch(entityTag string) *SystempolicyGetPolicyCall { 3396 c.ifNoneMatch_ = entityTag 3397 return c 3398} 3399 3400// Context sets the context to be used in this call's Do method. Any 3401// pending HTTP request will be aborted if the provided context is 3402// canceled. 3403func (c *SystempolicyGetPolicyCall) Context(ctx context.Context) *SystempolicyGetPolicyCall { 3404 c.ctx_ = ctx 3405 return c 3406} 3407 3408// Header returns an http.Header that can be modified by the caller to 3409// add HTTP headers to the request. 3410func (c *SystempolicyGetPolicyCall) Header() http.Header { 3411 if c.header_ == nil { 3412 c.header_ = make(http.Header) 3413 } 3414 return c.header_ 3415} 3416 3417func (c *SystempolicyGetPolicyCall) doRequest(alt string) (*http.Response, error) { 3418 reqHeaders := make(http.Header) 3419 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20210812") 3420 for k, v := range c.header_ { 3421 reqHeaders[k] = v 3422 } 3423 reqHeaders.Set("User-Agent", c.s.userAgent()) 3424 if c.ifNoneMatch_ != "" { 3425 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 3426 } 3427 var body io.Reader = nil 3428 c.urlParams_.Set("alt", alt) 3429 c.urlParams_.Set("prettyPrint", "false") 3430 urls := googleapi.ResolveRelative(c.s.BasePath, "v1/{+name}") 3431 urls += "?" + c.urlParams_.Encode() 3432 req, err := http.NewRequest("GET", urls, body) 3433 if err != nil { 3434 return nil, err 3435 } 3436 req.Header = reqHeaders 3437 googleapi.Expand(req.URL, map[string]string{ 3438 "name": c.name, 3439 }) 3440 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3441} 3442 3443// Do executes the "binaryauthorization.systempolicy.getPolicy" call. 3444// Exactly one of *Policy or error will be non-nil. Any non-2xx status 3445// code is an error. Response headers are in either 3446// *Policy.ServerResponse.Header or (if a response was returned at all) 3447// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 3448// check whether the returned error was because http.StatusNotModified 3449// was returned. 3450func (c *SystempolicyGetPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 3451 gensupport.SetOptions(c.urlParams_, opts...) 3452 res, err := c.doRequest("json") 3453 if res != nil && res.StatusCode == http.StatusNotModified { 3454 if res.Body != nil { 3455 res.Body.Close() 3456 } 3457 return nil, &googleapi.Error{ 3458 Code: res.StatusCode, 3459 Header: res.Header, 3460 } 3461 } 3462 if err != nil { 3463 return nil, err 3464 } 3465 defer googleapi.CloseBody(res) 3466 if err := googleapi.CheckResponse(res); err != nil { 3467 return nil, err 3468 } 3469 ret := &Policy{ 3470 ServerResponse: googleapi.ServerResponse{ 3471 Header: res.Header, 3472 HTTPStatusCode: res.StatusCode, 3473 }, 3474 } 3475 target := &ret 3476 if err := gensupport.DecodeResponse(target, res); err != nil { 3477 return nil, err 3478 } 3479 return ret, nil 3480 // { 3481 // "description": "Gets the current system policy in the specified location.", 3482 // "flatPath": "v1/locations/{locationsId}/policy", 3483 // "httpMethod": "GET", 3484 // "id": "binaryauthorization.systempolicy.getPolicy", 3485 // "parameterOrder": [ 3486 // "name" 3487 // ], 3488 // "parameters": { 3489 // "name": { 3490 // "description": "Required. The resource name, in the format `locations/*/policy`. Note that the system policy is not associated with a project.", 3491 // "location": "path", 3492 // "pattern": "^locations/[^/]+/policy$", 3493 // "required": true, 3494 // "type": "string" 3495 // } 3496 // }, 3497 // "path": "v1/{+name}", 3498 // "response": { 3499 // "$ref": "Policy" 3500 // }, 3501 // "scopes": [ 3502 // "https://www.googleapis.com/auth/cloud-platform" 3503 // ] 3504 // } 3505 3506} 3507