1// Copyright 2021 Google LLC. 2// Use of this source code is governed by a BSD-style 3// license that can be found in the LICENSE file. 4 5// Code generated file. DO NOT EDIT. 6 7// Package binaryauthorization provides access to the Binary Authorization API. 8// 9// For product documentation, see: https://cloud.google.com/binary-authorization/ 10// 11// Creating a client 12// 13// Usage example: 14// 15// import "google.golang.org/api/binaryauthorization/v1beta1" 16// ... 17// ctx := context.Background() 18// binaryauthorizationService, err := binaryauthorization.NewService(ctx) 19// 20// In this example, Google Application Default Credentials are used for authentication. 21// 22// For information on how to create and obtain Application Default Credentials, see https://developers.google.com/identity/protocols/application-default-credentials. 23// 24// Other authentication options 25// 26// To use an API key for authentication (note: some APIs do not support API keys), use option.WithAPIKey: 27// 28// binaryauthorizationService, err := binaryauthorization.NewService(ctx, option.WithAPIKey("AIza...")) 29// 30// To use an OAuth token (e.g., a user token obtained via a three-legged OAuth flow), use option.WithTokenSource: 31// 32// config := &oauth2.Config{...} 33// // ... 34// token, err := config.Exchange(ctx, ...) 35// binaryauthorizationService, err := binaryauthorization.NewService(ctx, option.WithTokenSource(config.TokenSource(ctx, token))) 36// 37// See https://godoc.org/google.golang.org/api/option/ for details on options. 38package binaryauthorization // import "google.golang.org/api/binaryauthorization/v1beta1" 39 40import ( 41 "bytes" 42 "context" 43 "encoding/json" 44 "errors" 45 "fmt" 46 "io" 47 "net/http" 48 "net/url" 49 "strconv" 50 "strings" 51 52 googleapi "google.golang.org/api/googleapi" 53 gensupport "google.golang.org/api/internal/gensupport" 54 option "google.golang.org/api/option" 55 internaloption "google.golang.org/api/option/internaloption" 56 htransport "google.golang.org/api/transport/http" 57) 58 59// Always reference these packages, just in case the auto-generated code 60// below doesn't. 61var _ = bytes.NewBuffer 62var _ = strconv.Itoa 63var _ = fmt.Sprintf 64var _ = json.NewDecoder 65var _ = io.Copy 66var _ = url.Parse 67var _ = gensupport.MarshalJSON 68var _ = googleapi.Version 69var _ = errors.New 70var _ = strings.Replace 71var _ = context.Canceled 72var _ = internaloption.WithDefaultEndpoint 73 74const apiId = "binaryauthorization:v1beta1" 75const apiName = "binaryauthorization" 76const apiVersion = "v1beta1" 77const basePath = "https://binaryauthorization.googleapis.com/" 78const mtlsBasePath = "https://binaryauthorization.mtls.googleapis.com/" 79 80// OAuth2 scopes used by this API. 81const ( 82 // See, edit, configure, and delete your Google Cloud data and see the 83 // email address for your Google Account. 84 CloudPlatformScope = "https://www.googleapis.com/auth/cloud-platform" 85) 86 87// NewService creates a new Service. 88func NewService(ctx context.Context, opts ...option.ClientOption) (*Service, error) { 89 scopesOption := option.WithScopes( 90 "https://www.googleapis.com/auth/cloud-platform", 91 ) 92 // NOTE: prepend, so we don't override user-specified scopes. 93 opts = append([]option.ClientOption{scopesOption}, opts...) 94 opts = append(opts, internaloption.WithDefaultEndpoint(basePath)) 95 opts = append(opts, internaloption.WithDefaultMTLSEndpoint(mtlsBasePath)) 96 client, endpoint, err := htransport.NewClient(ctx, opts...) 97 if err != nil { 98 return nil, err 99 } 100 s, err := New(client) 101 if err != nil { 102 return nil, err 103 } 104 if endpoint != "" { 105 s.BasePath = endpoint 106 } 107 return s, nil 108} 109 110// New creates a new Service. It uses the provided http.Client for requests. 111// 112// Deprecated: please use NewService instead. 113// To provide a custom HTTP client, use option.WithHTTPClient. 114// If you are using google.golang.org/api/googleapis/transport.APIKey, use option.WithAPIKey with NewService instead. 115func New(client *http.Client) (*Service, error) { 116 if client == nil { 117 return nil, errors.New("client is nil") 118 } 119 s := &Service{client: client, BasePath: basePath} 120 s.Projects = NewProjectsService(s) 121 s.Systempolicy = NewSystempolicyService(s) 122 return s, nil 123} 124 125type Service struct { 126 client *http.Client 127 BasePath string // API endpoint base URL 128 UserAgent string // optional additional User-Agent fragment 129 130 Projects *ProjectsService 131 132 Systempolicy *SystempolicyService 133} 134 135func (s *Service) userAgent() string { 136 if s.UserAgent == "" { 137 return googleapi.UserAgent 138 } 139 return googleapi.UserAgent + " " + s.UserAgent 140} 141 142func NewProjectsService(s *Service) *ProjectsService { 143 rs := &ProjectsService{s: s} 144 rs.Attestors = NewProjectsAttestorsService(s) 145 rs.Policy = NewProjectsPolicyService(s) 146 return rs 147} 148 149type ProjectsService struct { 150 s *Service 151 152 Attestors *ProjectsAttestorsService 153 154 Policy *ProjectsPolicyService 155} 156 157func NewProjectsAttestorsService(s *Service) *ProjectsAttestorsService { 158 rs := &ProjectsAttestorsService{s: s} 159 return rs 160} 161 162type ProjectsAttestorsService struct { 163 s *Service 164} 165 166func NewProjectsPolicyService(s *Service) *ProjectsPolicyService { 167 rs := &ProjectsPolicyService{s: s} 168 return rs 169} 170 171type ProjectsPolicyService struct { 172 s *Service 173} 174 175func NewSystempolicyService(s *Service) *SystempolicyService { 176 rs := &SystempolicyService{s: s} 177 return rs 178} 179 180type SystempolicyService struct { 181 s *Service 182} 183 184// AdmissionRule: An admission rule specifies either that all container 185// images used in a pod creation request must be attested to by one or 186// more attestors, that all pod creations will be allowed, or that all 187// pod creations will be denied. Images matching an admission allowlist 188// pattern are exempted from admission rules and will never block a pod 189// creation. 190type AdmissionRule struct { 191 // EnforcementMode: Required. The action when a pod creation is denied 192 // by the admission rule. 193 // 194 // Possible values: 195 // "ENFORCEMENT_MODE_UNSPECIFIED" - Do not use. 196 // "ENFORCED_BLOCK_AND_AUDIT_LOG" - Enforce the admission rule by 197 // blocking the pod creation. 198 // "DRYRUN_AUDIT_LOG_ONLY" - Dryrun mode: Audit logging only. This 199 // will allow the pod creation as if the admission request had specified 200 // break-glass. 201 EnforcementMode string `json:"enforcementMode,omitempty"` 202 203 // EvaluationMode: Required. How this admission rule will be evaluated. 204 // 205 // Possible values: 206 // "EVALUATION_MODE_UNSPECIFIED" - Do not use. 207 // "ALWAYS_ALLOW" - This rule allows all all pod creations. 208 // "REQUIRE_ATTESTATION" - This rule allows a pod creation if all the 209 // attestors listed in `require_attestations_by` have valid attestations 210 // for all of the images in the pod spec. 211 // "ALWAYS_DENY" - This rule denies all pod creations. 212 EvaluationMode string `json:"evaluationMode,omitempty"` 213 214 // RequireAttestationsBy: Optional. The resource names of the attestors 215 // that must attest to a container image, in the format 216 // `projects/*/attestors/*`. Each attestor must exist before a policy 217 // can reference it. To add an attestor to a policy the principal 218 // issuing the policy change request must be able to read the attestor 219 // resource. Note: this field must be non-empty when the evaluation_mode 220 // field specifies REQUIRE_ATTESTATION, otherwise it must be empty. 221 RequireAttestationsBy []string `json:"requireAttestationsBy,omitempty"` 222 223 // ForceSendFields is a list of field names (e.g. "EnforcementMode") to 224 // unconditionally include in API requests. By default, fields with 225 // empty or default values are omitted from API requests. However, any 226 // non-pointer, non-interface field appearing in ForceSendFields will be 227 // sent to the server regardless of whether the field is empty or not. 228 // This may be used to include empty fields in Patch requests. 229 ForceSendFields []string `json:"-"` 230 231 // NullFields is a list of field names (e.g. "EnforcementMode") to 232 // include in API requests with the JSON null value. By default, fields 233 // with empty values are omitted from API requests. However, any field 234 // with an empty value appearing in NullFields will be sent to the 235 // server as null. It is an error if a field in this list has a 236 // non-empty value. This may be used to include null fields in Patch 237 // requests. 238 NullFields []string `json:"-"` 239} 240 241func (s *AdmissionRule) MarshalJSON() ([]byte, error) { 242 type NoMethod AdmissionRule 243 raw := NoMethod(*s) 244 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 245} 246 247// AdmissionWhitelistPattern: An admission allowlist pattern exempts 248// images from checks by admission rules. 249type AdmissionWhitelistPattern struct { 250 // NamePattern: An image name pattern to allowlist, in the form 251 // `registry/path/to/image`. This supports a trailing `*` as a wildcard, 252 // but this is allowed only in text after the `registry/` part. `*` 253 // wildcard does not match `/`, i.e., `gcr.io/nginx*` matches 254 // `gcr.io/nginx@latest`, but it does not match `gcr.io/nginx/image`. 255 // This also supports a trailing `**` wildcard which matches 256 // subdirectories, i.e., `gcr.io/nginx**` matches `gcr.io/nginx/image`. 257 NamePattern string `json:"namePattern,omitempty"` 258 259 // ForceSendFields is a list of field names (e.g. "NamePattern") to 260 // unconditionally include in API requests. By default, fields with 261 // empty or default values are omitted from API requests. However, any 262 // non-pointer, non-interface field appearing in ForceSendFields will be 263 // sent to the server regardless of whether the field is empty or not. 264 // This may be used to include empty fields in Patch requests. 265 ForceSendFields []string `json:"-"` 266 267 // NullFields is a list of field names (e.g. "NamePattern") to include 268 // in API requests with the JSON null value. By default, fields with 269 // empty values are omitted from API requests. However, any field with 270 // an empty value appearing in NullFields will be sent to the server as 271 // null. It is an error if a field in this list has a non-empty value. 272 // This may be used to include null fields in Patch requests. 273 NullFields []string `json:"-"` 274} 275 276func (s *AdmissionWhitelistPattern) MarshalJSON() ([]byte, error) { 277 type NoMethod AdmissionWhitelistPattern 278 raw := NoMethod(*s) 279 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 280} 281 282// AttestationOccurrence: Occurrence that represents a single 283// "attestation". The authenticity of an attestation can be verified 284// using the attached signature. If the verifier trusts the public key 285// of the signer, then verifying the signature is sufficient to 286// establish trust. In this circumstance, the authority to which this 287// attestation is attached is primarily useful for lookup (how to find 288// this attestation if you already know the authority and artifact to be 289// verified) and intent (for which authority this attestation was 290// intended to sign. 291type AttestationOccurrence struct { 292 // Jwts: One or more JWTs encoding a self-contained attestation. Each 293 // JWT encodes the payload that it verifies within the JWT itself. 294 // Verifier implementation SHOULD ignore the `serialized_payload` field 295 // when verifying these JWTs. If only JWTs are present on this 296 // AttestationOccurrence, then the `serialized_payload` SHOULD be left 297 // empty. Each JWT SHOULD encode a claim specific to the `resource_uri` 298 // of this Occurrence, but this is not validated by Grafeas metadata API 299 // implementations. The JWT itself is opaque to Grafeas. 300 Jwts []*Jwt `json:"jwts,omitempty"` 301 302 // SerializedPayload: Required. The serialized payload that is verified 303 // by one or more `signatures`. 304 SerializedPayload string `json:"serializedPayload,omitempty"` 305 306 // Signatures: One or more signatures over `serialized_payload`. 307 // Verifier implementations should consider this attestation message 308 // verified if at least one `signature` verifies `serialized_payload`. 309 // See `Signature` in common.proto for more details on signature 310 // structure and verification. 311 Signatures []*Signature `json:"signatures,omitempty"` 312 313 // ForceSendFields is a list of field names (e.g. "Jwts") to 314 // unconditionally include in API requests. By default, fields with 315 // empty or default values are omitted from API requests. However, any 316 // non-pointer, non-interface field appearing in ForceSendFields will be 317 // sent to the server regardless of whether the field is empty or not. 318 // This may be used to include empty fields in Patch requests. 319 ForceSendFields []string `json:"-"` 320 321 // NullFields is a list of field names (e.g. "Jwts") to include in API 322 // requests with the JSON null value. By default, fields with empty 323 // values are omitted from API requests. However, any field with an 324 // empty value appearing in NullFields will be sent to the server as 325 // null. It is an error if a field in this list has a non-empty value. 326 // This may be used to include null fields in Patch requests. 327 NullFields []string `json:"-"` 328} 329 330func (s *AttestationOccurrence) MarshalJSON() ([]byte, error) { 331 type NoMethod AttestationOccurrence 332 raw := NoMethod(*s) 333 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 334} 335 336// Attestor: An attestor that attests to container image artifacts. An 337// existing attestor cannot be modified except where indicated. 338type Attestor struct { 339 // Description: Optional. A descriptive comment. This field may be 340 // updated. The field may be displayed in chooser dialogs. 341 Description string `json:"description,omitempty"` 342 343 // Name: Required. The resource name, in the format: 344 // `projects/*/attestors/*`. This field may not be updated. 345 Name string `json:"name,omitempty"` 346 347 // UpdateTime: Output only. Time when the attestor was last updated. 348 UpdateTime string `json:"updateTime,omitempty"` 349 350 // UserOwnedDrydockNote: A Drydock ATTESTATION_AUTHORITY Note, created 351 // by the user. 352 UserOwnedDrydockNote *UserOwnedDrydockNote `json:"userOwnedDrydockNote,omitempty"` 353 354 // ServerResponse contains the HTTP response code and headers from the 355 // server. 356 googleapi.ServerResponse `json:"-"` 357 358 // ForceSendFields is a list of field names (e.g. "Description") to 359 // unconditionally include in API requests. By default, fields with 360 // empty or default values are omitted from API requests. However, any 361 // non-pointer, non-interface field appearing in ForceSendFields will be 362 // sent to the server regardless of whether the field is empty or not. 363 // This may be used to include empty fields in Patch requests. 364 ForceSendFields []string `json:"-"` 365 366 // NullFields is a list of field names (e.g. "Description") to include 367 // in API requests with the JSON null value. By default, fields with 368 // empty values are omitted from API requests. However, any field with 369 // an empty value appearing in NullFields will be sent to the server as 370 // null. It is an error if a field in this list has a non-empty value. 371 // This may be used to include null fields in Patch requests. 372 NullFields []string `json:"-"` 373} 374 375func (s *Attestor) MarshalJSON() ([]byte, error) { 376 type NoMethod Attestor 377 raw := NoMethod(*s) 378 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 379} 380 381// AttestorPublicKey: An attestor public key that will be used to verify 382// attestations signed by this attestor. 383type AttestorPublicKey struct { 384 // AsciiArmoredPgpPublicKey: ASCII-armored representation of a PGP 385 // public key, as the entire output by the command `gpg --export --armor 386 // foo@example.com` (either LF or CRLF line endings). When using this 387 // field, `id` should be left blank. The BinAuthz API handlers will 388 // calculate the ID and fill it in automatically. BinAuthz computes this 389 // ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case 390 // hex. If `id` is provided by the caller, it will be overwritten by the 391 // API-calculated ID. 392 AsciiArmoredPgpPublicKey string `json:"asciiArmoredPgpPublicKey,omitempty"` 393 394 // Comment: Optional. A descriptive comment. This field may be updated. 395 Comment string `json:"comment,omitempty"` 396 397 // Id: The ID of this public key. Signatures verified by BinAuthz must 398 // include the ID of the public key that can be used to verify them, and 399 // that ID must match the contents of this field exactly. Additional 400 // restrictions on this field can be imposed based on which public key 401 // type is encapsulated. See the documentation on `public_key` cases 402 // below for details. 403 Id string `json:"id,omitempty"` 404 405 // PkixPublicKey: A raw PKIX SubjectPublicKeyInfo format public key. 406 // NOTE: `id` may be explicitly provided by the caller when using this 407 // type of public key, but it MUST be a valid RFC3986 URI. If `id` is 408 // left blank, a default one will be computed based on the digest of the 409 // DER encoding of the public key. 410 PkixPublicKey *PkixPublicKey `json:"pkixPublicKey,omitempty"` 411 412 // ForceSendFields is a list of field names (e.g. 413 // "AsciiArmoredPgpPublicKey") to unconditionally include in API 414 // requests. By default, fields with empty or default values are omitted 415 // from API requests. However, any non-pointer, non-interface field 416 // appearing in ForceSendFields will be sent to the server regardless of 417 // whether the field is empty or not. This may be used to include empty 418 // fields in Patch requests. 419 ForceSendFields []string `json:"-"` 420 421 // NullFields is a list of field names (e.g. "AsciiArmoredPgpPublicKey") 422 // to include in API requests with the JSON null value. By default, 423 // fields with empty values are omitted from API requests. However, any 424 // field with an empty value appearing in NullFields will be sent to the 425 // server as null. It is an error if a field in this list has a 426 // non-empty value. This may be used to include null fields in Patch 427 // requests. 428 NullFields []string `json:"-"` 429} 430 431func (s *AttestorPublicKey) MarshalJSON() ([]byte, error) { 432 type NoMethod AttestorPublicKey 433 raw := NoMethod(*s) 434 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 435} 436 437// Binding: Associates `members`, or principals, with a `role`. 438type Binding struct { 439 // Condition: The condition that is associated with this binding. If the 440 // condition evaluates to `true`, then this binding applies to the 441 // current request. If the condition evaluates to `false`, then this 442 // binding does not apply to the current request. However, a different 443 // role binding might grant the same role to one or more of the 444 // principals in this binding. To learn which resources support 445 // conditions in their IAM policies, see the IAM documentation 446 // (https://cloud.google.com/iam/help/conditions/resource-policies). 447 Condition *Expr `json:"condition,omitempty"` 448 449 // Members: Specifies the principals requesting access for a Cloud 450 // Platform resource. `members` can have the following values: * 451 // `allUsers`: A special identifier that represents anyone who is on the 452 // internet; with or without a Google account. * 453 // `allAuthenticatedUsers`: A special identifier that represents anyone 454 // who is authenticated with a Google account or a service account. * 455 // `user:{emailid}`: An email address that represents a specific Google 456 // account. For example, `alice@example.com` . * 457 // `serviceAccount:{emailid}`: An email address that represents a 458 // service account. For example, 459 // `my-other-app@appspot.gserviceaccount.com`. * `group:{emailid}`: An 460 // email address that represents a Google group. For example, 461 // `admins@example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An 462 // email address (plus unique identifier) representing a user that has 463 // been recently deleted. For example, 464 // `alice@example.com?uid=123456789012345678901`. If the user is 465 // recovered, this value reverts to `user:{emailid}` and the recovered 466 // user retains the role in the binding. * 467 // `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address 468 // (plus unique identifier) representing a service account that has been 469 // recently deleted. For example, 470 // `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. 471 // If the service account is undeleted, this value reverts to 472 // `serviceAccount:{emailid}` and the undeleted service account retains 473 // the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: 474 // An email address (plus unique identifier) representing a Google group 475 // that has been recently deleted. For example, 476 // `admins@example.com?uid=123456789012345678901`. If the group is 477 // recovered, this value reverts to `group:{emailid}` and the recovered 478 // group retains the role in the binding. * `domain:{domain}`: The G 479 // Suite domain (primary) that represents all the users of that domain. 480 // For example, `google.com` or `example.com`. 481 Members []string `json:"members,omitempty"` 482 483 // Role: Role that is assigned to the list of `members`, or principals. 484 // For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 485 Role string `json:"role,omitempty"` 486 487 // ForceSendFields is a list of field names (e.g. "Condition") to 488 // unconditionally include in API requests. By default, fields with 489 // empty or default values are omitted from API requests. However, any 490 // non-pointer, non-interface field appearing in ForceSendFields will be 491 // sent to the server regardless of whether the field is empty or not. 492 // This may be used to include empty fields in Patch requests. 493 ForceSendFields []string `json:"-"` 494 495 // NullFields is a list of field names (e.g. "Condition") to include in 496 // API requests with the JSON null value. By default, fields with empty 497 // values are omitted from API requests. However, any field with an 498 // empty value appearing in NullFields will be sent to the server as 499 // null. It is an error if a field in this list has a non-empty value. 500 // This may be used to include null fields in Patch requests. 501 NullFields []string `json:"-"` 502} 503 504func (s *Binding) MarshalJSON() ([]byte, error) { 505 type NoMethod Binding 506 raw := NoMethod(*s) 507 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 508} 509 510// Empty: A generic empty message that you can re-use to avoid defining 511// duplicated empty messages in your APIs. A typical example is to use 512// it as the request or the response type of an API method. For 513// instance: service Foo { rpc Bar(google.protobuf.Empty) returns 514// (google.protobuf.Empty); } The JSON representation for `Empty` is 515// empty JSON object `{}`. 516type Empty struct { 517 // ServerResponse contains the HTTP response code and headers from the 518 // server. 519 googleapi.ServerResponse `json:"-"` 520} 521 522// Expr: Represents a textual expression in the Common Expression 523// Language (CEL) syntax. CEL is a C-like expression language. The 524// syntax and semantics of CEL are documented at 525// https://github.com/google/cel-spec. Example (Comparison): title: 526// "Summary size limit" description: "Determines if a summary is less 527// than 100 chars" expression: "document.summary.size() < 100" Example 528// (Equality): title: "Requestor is owner" description: "Determines if 529// requestor is the document owner" expression: "document.owner == 530// request.auth.claims.email" Example (Logic): title: "Public documents" 531// description: "Determine whether the document should be publicly 532// visible" expression: "document.type != 'private' && document.type != 533// 'internal'" Example (Data Manipulation): title: "Notification string" 534// description: "Create a notification string with a timestamp." 535// expression: "'New message received at ' + 536// string(document.create_time)" The exact variables and functions that 537// may be referenced within an expression are determined by the service 538// that evaluates it. See the service documentation for additional 539// information. 540type Expr struct { 541 // Description: Optional. Description of the expression. This is a 542 // longer text which describes the expression, e.g. when hovered over it 543 // in a UI. 544 Description string `json:"description,omitempty"` 545 546 // Expression: Textual representation of an expression in Common 547 // Expression Language syntax. 548 Expression string `json:"expression,omitempty"` 549 550 // Location: Optional. String indicating the location of the expression 551 // for error reporting, e.g. a file name and a position in the file. 552 Location string `json:"location,omitempty"` 553 554 // Title: Optional. Title for the expression, i.e. a short string 555 // describing its purpose. This can be used e.g. in UIs which allow to 556 // enter the expression. 557 Title string `json:"title,omitempty"` 558 559 // ForceSendFields is a list of field names (e.g. "Description") to 560 // unconditionally include in API requests. By default, fields with 561 // empty or default values are omitted from API requests. However, any 562 // non-pointer, non-interface field appearing in ForceSendFields will be 563 // sent to the server regardless of whether the field is empty or not. 564 // This may be used to include empty fields in Patch requests. 565 ForceSendFields []string `json:"-"` 566 567 // NullFields is a list of field names (e.g. "Description") to include 568 // in API requests with the JSON null value. By default, fields with 569 // empty values are omitted from API requests. However, any field with 570 // an empty value appearing in NullFields will be sent to the server as 571 // null. It is an error if a field in this list has a non-empty value. 572 // This may be used to include null fields in Patch requests. 573 NullFields []string `json:"-"` 574} 575 576func (s *Expr) MarshalJSON() ([]byte, error) { 577 type NoMethod Expr 578 raw := NoMethod(*s) 579 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 580} 581 582// IamPolicy: An Identity and Access Management (IAM) policy, which 583// specifies access controls for Google Cloud resources. A `Policy` is a 584// collection of `bindings`. A `binding` binds one or more `members`, or 585// principals, to a single `role`. Principals can be user accounts, 586// service accounts, Google groups, and domains (such as G Suite). A 587// `role` is a named list of permissions; each `role` can be an IAM 588// predefined role or a user-created custom role. For some types of 589// Google Cloud resources, a `binding` can also specify a `condition`, 590// which is a logical expression that allows access to a resource only 591// if the expression evaluates to `true`. A condition can add 592// constraints based on attributes of the request, the resource, or 593// both. To learn which resources support conditions in their IAM 594// policies, see the IAM documentation 595// (https://cloud.google.com/iam/help/conditions/resource-policies). 596// **JSON example:** { "bindings": [ { "role": 597// "roles/resourcemanager.organizationAdmin", "members": [ 598// "user:mike@example.com", "group:admins@example.com", 599// "domain:google.com", 600// "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { 601// "role": "roles/resourcemanager.organizationViewer", "members": [ 602// "user:eve@example.com" ], "condition": { "title": "expirable access", 603// "description": "Does not grant access after Sep 2020", "expression": 604// "request.time < timestamp('2020-10-01T00:00:00.000Z')", } } ], 605// "etag": "BwWWja0YfJA=", "version": 3 } **YAML example:** bindings: - 606// members: - user:mike@example.com - group:admins@example.com - 607// domain:google.com - 608// serviceAccount:my-project-id@appspot.gserviceaccount.com role: 609// roles/resourcemanager.organizationAdmin - members: - 610// user:eve@example.com role: roles/resourcemanager.organizationViewer 611// condition: title: expirable access description: Does not grant access 612// after Sep 2020 expression: request.time < 613// timestamp('2020-10-01T00:00:00.000Z') etag: BwWWja0YfJA= version: 3 614// For a description of IAM and its features, see the IAM documentation 615// (https://cloud.google.com/iam/docs/). 616type IamPolicy struct { 617 // Bindings: Associates a list of `members`, or principals, with a 618 // `role`. Optionally, may specify a `condition` that determines how and 619 // when the `bindings` are applied. Each of the `bindings` must contain 620 // at least one principal. The `bindings` in a `Policy` can refer to up 621 // to 1,500 principals; up to 250 of these principals can be Google 622 // groups. Each occurrence of a principal counts towards these limits. 623 // For example, if the `bindings` grant 50 different roles to 624 // `user:alice@example.com`, and not to any other principal, then you 625 // can add another 1,450 principals to the `bindings` in the `Policy`. 626 Bindings []*Binding `json:"bindings,omitempty"` 627 628 // Etag: `etag` is used for optimistic concurrency control as a way to 629 // help prevent simultaneous updates of a policy from overwriting each 630 // other. It is strongly suggested that systems make use of the `etag` 631 // in the read-modify-write cycle to perform policy updates in order to 632 // avoid race conditions: An `etag` is returned in the response to 633 // `getIamPolicy`, and systems are expected to put that etag in the 634 // request to `setIamPolicy` to ensure that their change will be applied 635 // to the same version of the policy. **Important:** If you use IAM 636 // Conditions, you must include the `etag` field whenever you call 637 // `setIamPolicy`. If you omit this field, then IAM allows you to 638 // overwrite a version `3` policy with a version `1` policy, and all of 639 // the conditions in the version `3` policy are lost. 640 Etag string `json:"etag,omitempty"` 641 642 // Version: Specifies the format of the policy. Valid values are `0`, 643 // `1`, and `3`. Requests that specify an invalid value are rejected. 644 // Any operation that affects conditional role bindings must specify 645 // version `3`. This requirement applies to the following operations: * 646 // Getting a policy that includes a conditional role binding * Adding a 647 // conditional role binding to a policy * Changing a conditional role 648 // binding in a policy * Removing any role binding, with or without a 649 // condition, from a policy that includes conditions **Important:** If 650 // you use IAM Conditions, you must include the `etag` field whenever 651 // you call `setIamPolicy`. If you omit this field, then IAM allows you 652 // to overwrite a version `3` policy with a version `1` policy, and all 653 // of the conditions in the version `3` policy are lost. If a policy 654 // does not include any conditions, operations on that policy may 655 // specify any valid version or leave the field unset. To learn which 656 // resources support conditions in their IAM policies, see the IAM 657 // documentation 658 // (https://cloud.google.com/iam/help/conditions/resource-policies). 659 Version int64 `json:"version,omitempty"` 660 661 // ServerResponse contains the HTTP response code and headers from the 662 // server. 663 googleapi.ServerResponse `json:"-"` 664 665 // ForceSendFields is a list of field names (e.g. "Bindings") to 666 // unconditionally include in API requests. By default, fields with 667 // empty or default values are omitted from API requests. However, any 668 // non-pointer, non-interface field appearing in ForceSendFields will be 669 // sent to the server regardless of whether the field is empty or not. 670 // This may be used to include empty fields in Patch requests. 671 ForceSendFields []string `json:"-"` 672 673 // NullFields is a list of field names (e.g. "Bindings") to include in 674 // API requests with the JSON null value. By default, fields with empty 675 // values are omitted from API requests. However, any field with an 676 // empty value appearing in NullFields will be sent to the server as 677 // null. It is an error if a field in this list has a non-empty value. 678 // This may be used to include null fields in Patch requests. 679 NullFields []string `json:"-"` 680} 681 682func (s *IamPolicy) MarshalJSON() ([]byte, error) { 683 type NoMethod IamPolicy 684 raw := NoMethod(*s) 685 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 686} 687 688type Jwt struct { 689 // CompactJwt: The compact encoding of a JWS, which is always three 690 // base64 encoded strings joined by periods. For details, see: 691 // https://tools.ietf.org/html/rfc7515.html#section-3.1 692 CompactJwt string `json:"compactJwt,omitempty"` 693 694 // ForceSendFields is a list of field names (e.g. "CompactJwt") to 695 // unconditionally include in API requests. By default, fields with 696 // empty or default values are omitted from API requests. However, any 697 // non-pointer, non-interface field appearing in ForceSendFields will be 698 // sent to the server regardless of whether the field is empty or not. 699 // This may be used to include empty fields in Patch requests. 700 ForceSendFields []string `json:"-"` 701 702 // NullFields is a list of field names (e.g. "CompactJwt") to include in 703 // API requests with the JSON null value. By default, fields with empty 704 // values are omitted from API requests. However, any field with an 705 // empty value appearing in NullFields will be sent to the server as 706 // null. It is an error if a field in this list has a non-empty value. 707 // This may be used to include null fields in Patch requests. 708 NullFields []string `json:"-"` 709} 710 711func (s *Jwt) MarshalJSON() ([]byte, error) { 712 type NoMethod Jwt 713 raw := NoMethod(*s) 714 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 715} 716 717// ListAttestorsResponse: Response message for 718// BinauthzManagementService.ListAttestors. 719type ListAttestorsResponse struct { 720 // Attestors: The list of attestors. 721 Attestors []*Attestor `json:"attestors,omitempty"` 722 723 // NextPageToken: A token to retrieve the next page of results. Pass 724 // this value in the ListAttestorsRequest.page_token field in the 725 // subsequent call to the `ListAttestors` method to retrieve the next 726 // page of results. 727 NextPageToken string `json:"nextPageToken,omitempty"` 728 729 // ServerResponse contains the HTTP response code and headers from the 730 // server. 731 googleapi.ServerResponse `json:"-"` 732 733 // ForceSendFields is a list of field names (e.g. "Attestors") to 734 // unconditionally include in API requests. By default, fields with 735 // empty or default values are omitted from API requests. However, any 736 // non-pointer, non-interface field appearing in ForceSendFields will be 737 // sent to the server regardless of whether the field is empty or not. 738 // This may be used to include empty fields in Patch requests. 739 ForceSendFields []string `json:"-"` 740 741 // NullFields is a list of field names (e.g. "Attestors") to include in 742 // API requests with the JSON null value. By default, fields with empty 743 // values are omitted from API requests. However, any field with an 744 // empty value appearing in NullFields will be sent to the server as 745 // null. It is an error if a field in this list has a non-empty value. 746 // This may be used to include null fields in Patch requests. 747 NullFields []string `json:"-"` 748} 749 750func (s *ListAttestorsResponse) MarshalJSON() ([]byte, error) { 751 type NoMethod ListAttestorsResponse 752 raw := NoMethod(*s) 753 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 754} 755 756// PkixPublicKey: A public key in the PkixPublicKey format (see 757// https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). 758// Public keys of this type are typically textually encoded using the 759// PEM format. 760type PkixPublicKey struct { 761 // PublicKeyPem: A PEM-encoded public key, as described in 762 // https://tools.ietf.org/html/rfc7468#section-13 763 PublicKeyPem string `json:"publicKeyPem,omitempty"` 764 765 // SignatureAlgorithm: The signature algorithm used to verify a message 766 // against a signature using this key. These signature algorithm must 767 // match the structure and any object identifiers encoded in 768 // `public_key_pem` (i.e. this algorithm must match that of the public 769 // key). 770 // 771 // Possible values: 772 // "SIGNATURE_ALGORITHM_UNSPECIFIED" - Not specified. 773 // "RSA_PSS_2048_SHA256" - RSASSA-PSS 2048 bit key with a SHA256 774 // digest. 775 // "RSA_PSS_3072_SHA256" - RSASSA-PSS 3072 bit key with a SHA256 776 // digest. 777 // "RSA_PSS_4096_SHA256" - RSASSA-PSS 4096 bit key with a SHA256 778 // digest. 779 // "RSA_PSS_4096_SHA512" - RSASSA-PSS 4096 bit key with a SHA512 780 // digest. 781 // "RSA_SIGN_PKCS1_2048_SHA256" - RSASSA-PKCS1-v1_5 with a 2048 bit 782 // key and a SHA256 digest. 783 // "RSA_SIGN_PKCS1_3072_SHA256" - RSASSA-PKCS1-v1_5 with a 3072 bit 784 // key and a SHA256 digest. 785 // "RSA_SIGN_PKCS1_4096_SHA256" - RSASSA-PKCS1-v1_5 with a 4096 bit 786 // key and a SHA256 digest. 787 // "RSA_SIGN_PKCS1_4096_SHA512" - RSASSA-PKCS1-v1_5 with a 4096 bit 788 // key and a SHA512 digest. 789 // "ECDSA_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 790 // digest. 791 // "EC_SIGN_P256_SHA256" - ECDSA on the NIST P-256 curve with a SHA256 792 // digest. 793 // "ECDSA_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 794 // digest. 795 // "EC_SIGN_P384_SHA384" - ECDSA on the NIST P-384 curve with a SHA384 796 // digest. 797 // "ECDSA_P521_SHA512" - ECDSA on the NIST P-521 curve with a SHA512 798 // digest. 799 // "EC_SIGN_P521_SHA512" - ECDSA on the NIST P-521 curve with a SHA512 800 // digest. 801 SignatureAlgorithm string `json:"signatureAlgorithm,omitempty"` 802 803 // ForceSendFields is a list of field names (e.g. "PublicKeyPem") to 804 // unconditionally include in API requests. By default, fields with 805 // empty or default values are omitted from API requests. However, any 806 // non-pointer, non-interface field appearing in ForceSendFields will be 807 // sent to the server regardless of whether the field is empty or not. 808 // This may be used to include empty fields in Patch requests. 809 ForceSendFields []string `json:"-"` 810 811 // NullFields is a list of field names (e.g. "PublicKeyPem") to include 812 // in API requests with the JSON null value. By default, fields with 813 // empty values are omitted from API requests. However, any field with 814 // an empty value appearing in NullFields will be sent to the server as 815 // null. It is an error if a field in this list has a non-empty value. 816 // This may be used to include null fields in Patch requests. 817 NullFields []string `json:"-"` 818} 819 820func (s *PkixPublicKey) MarshalJSON() ([]byte, error) { 821 type NoMethod PkixPublicKey 822 raw := NoMethod(*s) 823 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 824} 825 826// Policy: A policy for Binary Authorization. 827type Policy struct { 828 // AdmissionWhitelistPatterns: Optional. Admission policy allowlisting. 829 // A matching admission request will always be permitted. This feature 830 // is typically used to exclude Google or third-party infrastructure 831 // images from Binary Authorization policies. 832 AdmissionWhitelistPatterns []*AdmissionWhitelistPattern `json:"admissionWhitelistPatterns,omitempty"` 833 834 // ClusterAdmissionRules: Optional. Per-cluster admission rules. Cluster 835 // spec format: `location.clusterId`. There can be at most one admission 836 // rule per cluster spec. A `location` is either a compute zone (e.g. 837 // us-central1-a) or a region (e.g. us-central1). For `clusterId` syntax 838 // restrictions see 839 // https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters. 840 ClusterAdmissionRules map[string]AdmissionRule `json:"clusterAdmissionRules,omitempty"` 841 842 // DefaultAdmissionRule: Required. Default admission rule for a cluster 843 // without a per-cluster, per- kubernetes-service-account, or 844 // per-istio-service-identity admission rule. 845 DefaultAdmissionRule *AdmissionRule `json:"defaultAdmissionRule,omitempty"` 846 847 // Description: Optional. A descriptive comment. 848 Description string `json:"description,omitempty"` 849 850 // GlobalPolicyEvaluationMode: Optional. Controls the evaluation of a 851 // Google-maintained global admission policy for common system-level 852 // images. Images not covered by the global policy will be subject to 853 // the project admission policy. This setting has no effect when 854 // specified inside a global admission policy. 855 // 856 // Possible values: 857 // "GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED" - Not specified: 858 // DISABLE is assumed. 859 // "ENABLE" - Enables system policy evaluation. 860 // "DISABLE" - Disables system policy evaluation. 861 GlobalPolicyEvaluationMode string `json:"globalPolicyEvaluationMode,omitempty"` 862 863 // IstioServiceIdentityAdmissionRules: Optional. 864 // Per-istio-service-identity admission rules. Istio service identity 865 // spec format: `spiffe:///ns//sa/` or `/ns//sa/` e.g. 866 // `spiffe://example.com/ns/test-ns/sa/default` 867 IstioServiceIdentityAdmissionRules map[string]AdmissionRule `json:"istioServiceIdentityAdmissionRules,omitempty"` 868 869 // KubernetesNamespaceAdmissionRules: Optional. Per-kubernetes-namespace 870 // admission rules. K8s namespace spec format: `[a-z.-]+`, e.g. 871 // `some-namespace` 872 KubernetesNamespaceAdmissionRules map[string]AdmissionRule `json:"kubernetesNamespaceAdmissionRules,omitempty"` 873 874 // KubernetesServiceAccountAdmissionRules: Optional. 875 // Per-kubernetes-service-account admission rules. Service account spec 876 // format: `namespace:serviceaccount`. e.g. `test-ns:default` 877 KubernetesServiceAccountAdmissionRules map[string]AdmissionRule `json:"kubernetesServiceAccountAdmissionRules,omitempty"` 878 879 // Name: Output only. The resource name, in the format 880 // `projects/*/policy`. There is at most one policy per project. 881 Name string `json:"name,omitempty"` 882 883 // UpdateTime: Output only. Time when the policy was last updated. 884 UpdateTime string `json:"updateTime,omitempty"` 885 886 // ServerResponse contains the HTTP response code and headers from the 887 // server. 888 googleapi.ServerResponse `json:"-"` 889 890 // ForceSendFields is a list of field names (e.g. 891 // "AdmissionWhitelistPatterns") to unconditionally include in API 892 // requests. By default, fields with empty or default values are omitted 893 // from API requests. However, any non-pointer, non-interface field 894 // appearing in ForceSendFields will be sent to the server regardless of 895 // whether the field is empty or not. This may be used to include empty 896 // fields in Patch requests. 897 ForceSendFields []string `json:"-"` 898 899 // NullFields is a list of field names (e.g. 900 // "AdmissionWhitelistPatterns") to include in API requests with the 901 // JSON null value. By default, fields with empty values are omitted 902 // from API requests. However, any field with an empty value appearing 903 // in NullFields will be sent to the server as null. It is an error if a 904 // field in this list has a non-empty value. This may be used to include 905 // null fields in Patch requests. 906 NullFields []string `json:"-"` 907} 908 909func (s *Policy) MarshalJSON() ([]byte, error) { 910 type NoMethod Policy 911 raw := NoMethod(*s) 912 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 913} 914 915// SetIamPolicyRequest: Request message for `SetIamPolicy` method. 916type SetIamPolicyRequest struct { 917 // Policy: REQUIRED: The complete policy to be applied to the 918 // `resource`. The size of the policy is limited to a few 10s of KB. An 919 // empty policy is a valid policy but certain Cloud Platform services 920 // (such as Projects) might reject them. 921 Policy *IamPolicy `json:"policy,omitempty"` 922 923 // ForceSendFields is a list of field names (e.g. "Policy") to 924 // unconditionally include in API requests. By default, fields with 925 // empty or default values are omitted from API requests. However, any 926 // non-pointer, non-interface field appearing in ForceSendFields will be 927 // sent to the server regardless of whether the field is empty or not. 928 // This may be used to include empty fields in Patch requests. 929 ForceSendFields []string `json:"-"` 930 931 // NullFields is a list of field names (e.g. "Policy") to include in API 932 // requests with the JSON null value. By default, fields with empty 933 // values are omitted from API requests. However, any field with an 934 // empty value appearing in NullFields will be sent to the server as 935 // null. It is an error if a field in this list has a non-empty value. 936 // This may be used to include null fields in Patch requests. 937 NullFields []string `json:"-"` 938} 939 940func (s *SetIamPolicyRequest) MarshalJSON() ([]byte, error) { 941 type NoMethod SetIamPolicyRequest 942 raw := NoMethod(*s) 943 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 944} 945 946// Signature: Verifiers (e.g. Kritis implementations) MUST verify 947// signatures with respect to the trust anchors defined in policy (e.g. 948// a Kritis policy). Typically this means that the verifier has been 949// configured with a map from `public_key_id` to public key material 950// (and any required parameters, e.g. signing algorithm). In particular, 951// verification implementations MUST NOT treat the signature 952// `public_key_id` as anything more than a key lookup hint. The 953// `public_key_id` DOES NOT validate or authenticate a public key; it 954// only provides a mechanism for quickly selecting a public key ALREADY 955// CONFIGURED on the verifier through a trusted channel. Verification 956// implementations MUST reject signatures in any of the following 957// circumstances: * The `public_key_id` is not recognized by the 958// verifier. * The public key that `public_key_id` refers to does not 959// verify the signature with respect to the payload. The `signature` 960// contents SHOULD NOT be "attached" (where the payload is included with 961// the serialized `signature` bytes). Verifiers MUST ignore any 962// "attached" payload and only verify signatures with respect to 963// explicitly provided payload (e.g. a `payload` field on the proto 964// message that holds this Signature, or the canonical serialization of 965// the proto message that holds this signature). 966type Signature struct { 967 // PublicKeyId: The identifier for the public key that verifies this 968 // signature. * The `public_key_id` is required. * The `public_key_id` 969 // SHOULD be an RFC3986 conformant URI. * When possible, the 970 // `public_key_id` SHOULD be an immutable reference, such as a 971 // cryptographic digest. Examples of valid `public_key_id`s: OpenPGP V4 972 // public key fingerprint: * 973 // "openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA" See 974 // https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for 975 // more details on this scheme. RFC6920 digest-named 976 // SubjectPublicKeyInfo (digest of the DER serialization): * 977 // "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU" * 978 // "nih:///sha-256;703f68f42aba2c6de30f488a5ea122fef76324679c9bf89791ba95 979 // a1271589a5" 980 PublicKeyId string `json:"publicKeyId,omitempty"` 981 982 // Signature: The content of the signature, an opaque bytestring. The 983 // payload that this signature verifies MUST be unambiguously provided 984 // with the Signature during verification. A wrapper message might 985 // provide the payload explicitly. Alternatively, a message might have a 986 // canonical serialization that can always be unambiguously computed to 987 // derive the payload. 988 Signature string `json:"signature,omitempty"` 989 990 // ForceSendFields is a list of field names (e.g. "PublicKeyId") to 991 // unconditionally include in API requests. By default, fields with 992 // empty or default values are omitted from API requests. However, any 993 // non-pointer, non-interface field appearing in ForceSendFields will be 994 // sent to the server regardless of whether the field is empty or not. 995 // This may be used to include empty fields in Patch requests. 996 ForceSendFields []string `json:"-"` 997 998 // NullFields is a list of field names (e.g. "PublicKeyId") to include 999 // in API requests with the JSON null value. By default, fields with 1000 // empty values are omitted from API requests. However, any field with 1001 // an empty value appearing in NullFields will be sent to the server as 1002 // null. It is an error if a field in this list has a non-empty value. 1003 // This may be used to include null fields in Patch requests. 1004 NullFields []string `json:"-"` 1005} 1006 1007func (s *Signature) MarshalJSON() ([]byte, error) { 1008 type NoMethod Signature 1009 raw := NoMethod(*s) 1010 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1011} 1012 1013// TestIamPermissionsRequest: Request message for `TestIamPermissions` 1014// method. 1015type TestIamPermissionsRequest struct { 1016 // Permissions: The set of permissions to check for the `resource`. 1017 // Permissions with wildcards (such as '*' or 'storage.*') are not 1018 // allowed. For more information see IAM Overview 1019 // (https://cloud.google.com/iam/docs/overview#permissions). 1020 Permissions []string `json:"permissions,omitempty"` 1021 1022 // ForceSendFields is a list of field names (e.g. "Permissions") to 1023 // unconditionally include in API requests. By default, fields with 1024 // empty or default values are omitted from API requests. However, any 1025 // non-pointer, non-interface field appearing in ForceSendFields will be 1026 // sent to the server regardless of whether the field is empty or not. 1027 // This may be used to include empty fields in Patch requests. 1028 ForceSendFields []string `json:"-"` 1029 1030 // NullFields is a list of field names (e.g. "Permissions") to include 1031 // in API requests with the JSON null value. By default, fields with 1032 // empty values are omitted from API requests. However, any field with 1033 // an empty value appearing in NullFields will be sent to the server as 1034 // null. It is an error if a field in this list has a non-empty value. 1035 // This may be used to include null fields in Patch requests. 1036 NullFields []string `json:"-"` 1037} 1038 1039func (s *TestIamPermissionsRequest) MarshalJSON() ([]byte, error) { 1040 type NoMethod TestIamPermissionsRequest 1041 raw := NoMethod(*s) 1042 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1043} 1044 1045// TestIamPermissionsResponse: Response message for `TestIamPermissions` 1046// method. 1047type TestIamPermissionsResponse struct { 1048 // Permissions: A subset of `TestPermissionsRequest.permissions` that 1049 // the caller is allowed. 1050 Permissions []string `json:"permissions,omitempty"` 1051 1052 // ServerResponse contains the HTTP response code and headers from the 1053 // server. 1054 googleapi.ServerResponse `json:"-"` 1055 1056 // ForceSendFields is a list of field names (e.g. "Permissions") to 1057 // unconditionally include in API requests. By default, fields with 1058 // empty or default values are omitted from API requests. However, any 1059 // non-pointer, non-interface field appearing in ForceSendFields will be 1060 // sent to the server regardless of whether the field is empty or not. 1061 // This may be used to include empty fields in Patch requests. 1062 ForceSendFields []string `json:"-"` 1063 1064 // NullFields is a list of field names (e.g. "Permissions") to include 1065 // in API requests with the JSON null value. By default, fields with 1066 // empty values are omitted from API requests. However, any field with 1067 // an empty value appearing in NullFields will be sent to the server as 1068 // null. It is an error if a field in this list has a non-empty value. 1069 // This may be used to include null fields in Patch requests. 1070 NullFields []string `json:"-"` 1071} 1072 1073func (s *TestIamPermissionsResponse) MarshalJSON() ([]byte, error) { 1074 type NoMethod TestIamPermissionsResponse 1075 raw := NoMethod(*s) 1076 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1077} 1078 1079// UserOwnedDrydockNote: An user owned drydock note references a Drydock 1080// ATTESTATION_AUTHORITY Note created by the user. 1081type UserOwnedDrydockNote struct { 1082 // DelegationServiceAccountEmail: Output only. This field will contain 1083 // the service account email address that this Attestor will use as the 1084 // principal when querying Container Analysis. Attestor administrators 1085 // must grant this service account the IAM role needed to read 1086 // attestations from the note_reference in Container Analysis 1087 // (`containeranalysis.notes.occurrences.viewer`). This email address is 1088 // fixed for the lifetime of the Attestor, but callers should not make 1089 // any other assumptions about the service account email; future 1090 // versions may use an email based on a different naming pattern. 1091 DelegationServiceAccountEmail string `json:"delegationServiceAccountEmail,omitempty"` 1092 1093 // NoteReference: Required. The Drydock resource name of a 1094 // ATTESTATION_AUTHORITY Note, created by the user, in the format: 1095 // `projects/*/notes/*` (or the legacy `providers/*/notes/*`). This 1096 // field may not be updated. An attestation by this attestor is stored 1097 // as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container 1098 // image and that links to this Note. Drydock is an external dependency. 1099 NoteReference string `json:"noteReference,omitempty"` 1100 1101 // PublicKeys: Optional. Public keys that verify attestations signed by 1102 // this attestor. This field may be updated. If this field is non-empty, 1103 // one of the specified public keys must verify that an attestation was 1104 // signed by this attestor for the image specified in the admission 1105 // request. If this field is empty, this attestor always returns that no 1106 // valid attestations exist. 1107 PublicKeys []*AttestorPublicKey `json:"publicKeys,omitempty"` 1108 1109 // ForceSendFields is a list of field names (e.g. 1110 // "DelegationServiceAccountEmail") to unconditionally include in API 1111 // requests. By default, fields with empty or default values are omitted 1112 // from API requests. However, any non-pointer, non-interface field 1113 // appearing in ForceSendFields will be sent to the server regardless of 1114 // whether the field is empty or not. This may be used to include empty 1115 // fields in Patch requests. 1116 ForceSendFields []string `json:"-"` 1117 1118 // NullFields is a list of field names (e.g. 1119 // "DelegationServiceAccountEmail") to include in API requests with the 1120 // JSON null value. By default, fields with empty values are omitted 1121 // from API requests. However, any field with an empty value appearing 1122 // in NullFields will be sent to the server as null. It is an error if a 1123 // field in this list has a non-empty value. This may be used to include 1124 // null fields in Patch requests. 1125 NullFields []string `json:"-"` 1126} 1127 1128func (s *UserOwnedDrydockNote) MarshalJSON() ([]byte, error) { 1129 type NoMethod UserOwnedDrydockNote 1130 raw := NoMethod(*s) 1131 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1132} 1133 1134// ValidateAttestationOccurrenceRequest: Request message for 1135// ValidationHelperV1.ValidateAttestationOccurrence. 1136type ValidateAttestationOccurrenceRequest struct { 1137 // Attestation: Required. An AttestationOccurrence to be checked that it 1138 // can be verified by the Attestor. It does not have to be an existing 1139 // entity in Container Analysis. It must otherwise be a valid 1140 // AttestationOccurrence. 1141 Attestation *AttestationOccurrence `json:"attestation,omitempty"` 1142 1143 // OccurrenceNote: Required. The resource name of the Note to which the 1144 // containing Occurrence is associated. 1145 OccurrenceNote string `json:"occurrenceNote,omitempty"` 1146 1147 // OccurrenceResourceUri: Required. The URI of the artifact (e.g. 1148 // container image) that is the subject of the containing Occurrence. 1149 OccurrenceResourceUri string `json:"occurrenceResourceUri,omitempty"` 1150 1151 // ForceSendFields is a list of field names (e.g. "Attestation") to 1152 // unconditionally include in API requests. By default, fields with 1153 // empty or default values are omitted from API requests. However, any 1154 // non-pointer, non-interface field appearing in ForceSendFields will be 1155 // sent to the server regardless of whether the field is empty or not. 1156 // This may be used to include empty fields in Patch requests. 1157 ForceSendFields []string `json:"-"` 1158 1159 // NullFields is a list of field names (e.g. "Attestation") to include 1160 // in API requests with the JSON null value. By default, fields with 1161 // empty values are omitted from API requests. However, any field with 1162 // an empty value appearing in NullFields will be sent to the server as 1163 // null. It is an error if a field in this list has a non-empty value. 1164 // This may be used to include null fields in Patch requests. 1165 NullFields []string `json:"-"` 1166} 1167 1168func (s *ValidateAttestationOccurrenceRequest) MarshalJSON() ([]byte, error) { 1169 type NoMethod ValidateAttestationOccurrenceRequest 1170 raw := NoMethod(*s) 1171 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1172} 1173 1174// ValidateAttestationOccurrenceResponse: Response message for 1175// ValidationHelperV1.ValidateAttestationOccurrence. 1176type ValidateAttestationOccurrenceResponse struct { 1177 // DenialReason: The reason for denial if the Attestation couldn't be 1178 // validated. 1179 DenialReason string `json:"denialReason,omitempty"` 1180 1181 // Result: The result of the Attestation validation. 1182 // 1183 // Possible values: 1184 // "RESULT_UNSPECIFIED" - Unspecified. 1185 // "VERIFIED" - The Attestation was able to verified by the Attestor. 1186 // "ATTESTATION_NOT_VERIFIABLE" - The Attestation was not able to 1187 // verified by the Attestor. 1188 Result string `json:"result,omitempty"` 1189 1190 // ServerResponse contains the HTTP response code and headers from the 1191 // server. 1192 googleapi.ServerResponse `json:"-"` 1193 1194 // ForceSendFields is a list of field names (e.g. "DenialReason") to 1195 // unconditionally include in API requests. By default, fields with 1196 // empty or default values are omitted from API requests. However, any 1197 // non-pointer, non-interface field appearing in ForceSendFields will be 1198 // sent to the server regardless of whether the field is empty or not. 1199 // This may be used to include empty fields in Patch requests. 1200 ForceSendFields []string `json:"-"` 1201 1202 // NullFields is a list of field names (e.g. "DenialReason") to include 1203 // in API requests with the JSON null value. By default, fields with 1204 // empty values are omitted from API requests. However, any field with 1205 // an empty value appearing in NullFields will be sent to the server as 1206 // null. It is an error if a field in this list has a non-empty value. 1207 // This may be used to include null fields in Patch requests. 1208 NullFields []string `json:"-"` 1209} 1210 1211func (s *ValidateAttestationOccurrenceResponse) MarshalJSON() ([]byte, error) { 1212 type NoMethod ValidateAttestationOccurrenceResponse 1213 raw := NoMethod(*s) 1214 return gensupport.MarshalJSON(raw, s.ForceSendFields, s.NullFields) 1215} 1216 1217// method id "binaryauthorization.projects.getPolicy": 1218 1219type ProjectsGetPolicyCall struct { 1220 s *Service 1221 name string 1222 urlParams_ gensupport.URLParams 1223 ifNoneMatch_ string 1224 ctx_ context.Context 1225 header_ http.Header 1226} 1227 1228// GetPolicy: A policy specifies the attestors that must attest to a 1229// container image, before the project is allowed to deploy that image. 1230// There is at most one policy per project. All image admission requests 1231// are permitted if a project has no policy. Gets the policy for this 1232// project. Returns a default policy if the project does not have one. 1233// 1234// - name: The resource name of the policy to retrieve, in the format 1235// `projects/*/policy`. 1236func (r *ProjectsService) GetPolicy(name string) *ProjectsGetPolicyCall { 1237 c := &ProjectsGetPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1238 c.name = name 1239 return c 1240} 1241 1242// Fields allows partial responses to be retrieved. See 1243// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1244// for more information. 1245func (c *ProjectsGetPolicyCall) Fields(s ...googleapi.Field) *ProjectsGetPolicyCall { 1246 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1247 return c 1248} 1249 1250// IfNoneMatch sets the optional parameter which makes the operation 1251// fail if the object's ETag matches the given value. This is useful for 1252// getting updates only after the object has changed since the last 1253// request. Use googleapi.IsNotModified to check whether the response 1254// error from Do is the result of In-None-Match. 1255func (c *ProjectsGetPolicyCall) IfNoneMatch(entityTag string) *ProjectsGetPolicyCall { 1256 c.ifNoneMatch_ = entityTag 1257 return c 1258} 1259 1260// Context sets the context to be used in this call's Do method. Any 1261// pending HTTP request will be aborted if the provided context is 1262// canceled. 1263func (c *ProjectsGetPolicyCall) Context(ctx context.Context) *ProjectsGetPolicyCall { 1264 c.ctx_ = ctx 1265 return c 1266} 1267 1268// Header returns an http.Header that can be modified by the caller to 1269// add HTTP headers to the request. 1270func (c *ProjectsGetPolicyCall) Header() http.Header { 1271 if c.header_ == nil { 1272 c.header_ = make(http.Header) 1273 } 1274 return c.header_ 1275} 1276 1277func (c *ProjectsGetPolicyCall) doRequest(alt string) (*http.Response, error) { 1278 reqHeaders := make(http.Header) 1279 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 1280 for k, v := range c.header_ { 1281 reqHeaders[k] = v 1282 } 1283 reqHeaders.Set("User-Agent", c.s.userAgent()) 1284 if c.ifNoneMatch_ != "" { 1285 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1286 } 1287 var body io.Reader = nil 1288 c.urlParams_.Set("alt", alt) 1289 c.urlParams_.Set("prettyPrint", "false") 1290 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 1291 urls += "?" + c.urlParams_.Encode() 1292 req, err := http.NewRequest("GET", urls, body) 1293 if err != nil { 1294 return nil, err 1295 } 1296 req.Header = reqHeaders 1297 googleapi.Expand(req.URL, map[string]string{ 1298 "name": c.name, 1299 }) 1300 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1301} 1302 1303// Do executes the "binaryauthorization.projects.getPolicy" call. 1304// Exactly one of *Policy or error will be non-nil. Any non-2xx status 1305// code is an error. Response headers are in either 1306// *Policy.ServerResponse.Header or (if a response was returned at all) 1307// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 1308// check whether the returned error was because http.StatusNotModified 1309// was returned. 1310func (c *ProjectsGetPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 1311 gensupport.SetOptions(c.urlParams_, opts...) 1312 res, err := c.doRequest("json") 1313 if res != nil && res.StatusCode == http.StatusNotModified { 1314 if res.Body != nil { 1315 res.Body.Close() 1316 } 1317 return nil, &googleapi.Error{ 1318 Code: res.StatusCode, 1319 Header: res.Header, 1320 } 1321 } 1322 if err != nil { 1323 return nil, err 1324 } 1325 defer googleapi.CloseBody(res) 1326 if err := googleapi.CheckResponse(res); err != nil { 1327 return nil, err 1328 } 1329 ret := &Policy{ 1330 ServerResponse: googleapi.ServerResponse{ 1331 Header: res.Header, 1332 HTTPStatusCode: res.StatusCode, 1333 }, 1334 } 1335 target := &ret 1336 if err := gensupport.DecodeResponse(target, res); err != nil { 1337 return nil, err 1338 } 1339 return ret, nil 1340 // { 1341 // "description": "A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image. There is at most one policy per project. All image admission requests are permitted if a project has no policy. Gets the policy for this project. Returns a default policy if the project does not have one.", 1342 // "flatPath": "v1beta1/projects/{projectsId}/policy", 1343 // "httpMethod": "GET", 1344 // "id": "binaryauthorization.projects.getPolicy", 1345 // "parameterOrder": [ 1346 // "name" 1347 // ], 1348 // "parameters": { 1349 // "name": { 1350 // "description": "Required. The resource name of the policy to retrieve, in the format `projects/*/policy`.", 1351 // "location": "path", 1352 // "pattern": "^projects/[^/]+/policy$", 1353 // "required": true, 1354 // "type": "string" 1355 // } 1356 // }, 1357 // "path": "v1beta1/{+name}", 1358 // "response": { 1359 // "$ref": "Policy" 1360 // }, 1361 // "scopes": [ 1362 // "https://www.googleapis.com/auth/cloud-platform" 1363 // ] 1364 // } 1365 1366} 1367 1368// method id "binaryauthorization.projects.updatePolicy": 1369 1370type ProjectsUpdatePolicyCall struct { 1371 s *Service 1372 name string 1373 policy *Policy 1374 urlParams_ gensupport.URLParams 1375 ctx_ context.Context 1376 header_ http.Header 1377} 1378 1379// UpdatePolicy: Creates or updates a project's policy, and returns a 1380// copy of the new policy. A policy is always updated as a whole, to 1381// avoid race conditions with concurrent policy enforcement (or 1382// management!) requests. Returns NOT_FOUND if the project does not 1383// exist, INVALID_ARGUMENT if the request is malformed. 1384// 1385// - name: Output only. The resource name, in the format 1386// `projects/*/policy`. There is at most one policy per project. 1387func (r *ProjectsService) UpdatePolicy(name string, policy *Policy) *ProjectsUpdatePolicyCall { 1388 c := &ProjectsUpdatePolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1389 c.name = name 1390 c.policy = policy 1391 return c 1392} 1393 1394// Fields allows partial responses to be retrieved. See 1395// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1396// for more information. 1397func (c *ProjectsUpdatePolicyCall) Fields(s ...googleapi.Field) *ProjectsUpdatePolicyCall { 1398 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1399 return c 1400} 1401 1402// Context sets the context to be used in this call's Do method. Any 1403// pending HTTP request will be aborted if the provided context is 1404// canceled. 1405func (c *ProjectsUpdatePolicyCall) Context(ctx context.Context) *ProjectsUpdatePolicyCall { 1406 c.ctx_ = ctx 1407 return c 1408} 1409 1410// Header returns an http.Header that can be modified by the caller to 1411// add HTTP headers to the request. 1412func (c *ProjectsUpdatePolicyCall) Header() http.Header { 1413 if c.header_ == nil { 1414 c.header_ = make(http.Header) 1415 } 1416 return c.header_ 1417} 1418 1419func (c *ProjectsUpdatePolicyCall) doRequest(alt string) (*http.Response, error) { 1420 reqHeaders := make(http.Header) 1421 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 1422 for k, v := range c.header_ { 1423 reqHeaders[k] = v 1424 } 1425 reqHeaders.Set("User-Agent", c.s.userAgent()) 1426 var body io.Reader = nil 1427 body, err := googleapi.WithoutDataWrapper.JSONReader(c.policy) 1428 if err != nil { 1429 return nil, err 1430 } 1431 reqHeaders.Set("Content-Type", "application/json") 1432 c.urlParams_.Set("alt", alt) 1433 c.urlParams_.Set("prettyPrint", "false") 1434 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 1435 urls += "?" + c.urlParams_.Encode() 1436 req, err := http.NewRequest("PUT", urls, body) 1437 if err != nil { 1438 return nil, err 1439 } 1440 req.Header = reqHeaders 1441 googleapi.Expand(req.URL, map[string]string{ 1442 "name": c.name, 1443 }) 1444 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1445} 1446 1447// Do executes the "binaryauthorization.projects.updatePolicy" call. 1448// Exactly one of *Policy or error will be non-nil. Any non-2xx status 1449// code is an error. Response headers are in either 1450// *Policy.ServerResponse.Header or (if a response was returned at all) 1451// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 1452// check whether the returned error was because http.StatusNotModified 1453// was returned. 1454func (c *ProjectsUpdatePolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 1455 gensupport.SetOptions(c.urlParams_, opts...) 1456 res, err := c.doRequest("json") 1457 if res != nil && res.StatusCode == http.StatusNotModified { 1458 if res.Body != nil { 1459 res.Body.Close() 1460 } 1461 return nil, &googleapi.Error{ 1462 Code: res.StatusCode, 1463 Header: res.Header, 1464 } 1465 } 1466 if err != nil { 1467 return nil, err 1468 } 1469 defer googleapi.CloseBody(res) 1470 if err := googleapi.CheckResponse(res); err != nil { 1471 return nil, err 1472 } 1473 ret := &Policy{ 1474 ServerResponse: googleapi.ServerResponse{ 1475 Header: res.Header, 1476 HTTPStatusCode: res.StatusCode, 1477 }, 1478 } 1479 target := &ret 1480 if err := gensupport.DecodeResponse(target, res); err != nil { 1481 return nil, err 1482 } 1483 return ret, nil 1484 // { 1485 // "description": "Creates or updates a project's policy, and returns a copy of the new policy. A policy is always updated as a whole, to avoid race conditions with concurrent policy enforcement (or management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed.", 1486 // "flatPath": "v1beta1/projects/{projectsId}/policy", 1487 // "httpMethod": "PUT", 1488 // "id": "binaryauthorization.projects.updatePolicy", 1489 // "parameterOrder": [ 1490 // "name" 1491 // ], 1492 // "parameters": { 1493 // "name": { 1494 // "description": "Output only. The resource name, in the format `projects/*/policy`. There is at most one policy per project.", 1495 // "location": "path", 1496 // "pattern": "^projects/[^/]+/policy$", 1497 // "required": true, 1498 // "type": "string" 1499 // } 1500 // }, 1501 // "path": "v1beta1/{+name}", 1502 // "request": { 1503 // "$ref": "Policy" 1504 // }, 1505 // "response": { 1506 // "$ref": "Policy" 1507 // }, 1508 // "scopes": [ 1509 // "https://www.googleapis.com/auth/cloud-platform" 1510 // ] 1511 // } 1512 1513} 1514 1515// method id "binaryauthorization.projects.attestors.create": 1516 1517type ProjectsAttestorsCreateCall struct { 1518 s *Service 1519 parent string 1520 attestor *Attestor 1521 urlParams_ gensupport.URLParams 1522 ctx_ context.Context 1523 header_ http.Header 1524} 1525 1526// Create: Creates an attestor, and returns a copy of the new attestor. 1527// Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if 1528// the request is malformed, ALREADY_EXISTS if the attestor already 1529// exists. 1530// 1531// - parent: The parent of this attestor. 1532func (r *ProjectsAttestorsService) Create(parent string, attestor *Attestor) *ProjectsAttestorsCreateCall { 1533 c := &ProjectsAttestorsCreateCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1534 c.parent = parent 1535 c.attestor = attestor 1536 return c 1537} 1538 1539// AttestorId sets the optional parameter "attestorId": Required. The 1540// attestors ID. 1541func (c *ProjectsAttestorsCreateCall) AttestorId(attestorId string) *ProjectsAttestorsCreateCall { 1542 c.urlParams_.Set("attestorId", attestorId) 1543 return c 1544} 1545 1546// Fields allows partial responses to be retrieved. See 1547// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1548// for more information. 1549func (c *ProjectsAttestorsCreateCall) Fields(s ...googleapi.Field) *ProjectsAttestorsCreateCall { 1550 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1551 return c 1552} 1553 1554// Context sets the context to be used in this call's Do method. Any 1555// pending HTTP request will be aborted if the provided context is 1556// canceled. 1557func (c *ProjectsAttestorsCreateCall) Context(ctx context.Context) *ProjectsAttestorsCreateCall { 1558 c.ctx_ = ctx 1559 return c 1560} 1561 1562// Header returns an http.Header that can be modified by the caller to 1563// add HTTP headers to the request. 1564func (c *ProjectsAttestorsCreateCall) Header() http.Header { 1565 if c.header_ == nil { 1566 c.header_ = make(http.Header) 1567 } 1568 return c.header_ 1569} 1570 1571func (c *ProjectsAttestorsCreateCall) doRequest(alt string) (*http.Response, error) { 1572 reqHeaders := make(http.Header) 1573 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 1574 for k, v := range c.header_ { 1575 reqHeaders[k] = v 1576 } 1577 reqHeaders.Set("User-Agent", c.s.userAgent()) 1578 var body io.Reader = nil 1579 body, err := googleapi.WithoutDataWrapper.JSONReader(c.attestor) 1580 if err != nil { 1581 return nil, err 1582 } 1583 reqHeaders.Set("Content-Type", "application/json") 1584 c.urlParams_.Set("alt", alt) 1585 c.urlParams_.Set("prettyPrint", "false") 1586 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+parent}/attestors") 1587 urls += "?" + c.urlParams_.Encode() 1588 req, err := http.NewRequest("POST", urls, body) 1589 if err != nil { 1590 return nil, err 1591 } 1592 req.Header = reqHeaders 1593 googleapi.Expand(req.URL, map[string]string{ 1594 "parent": c.parent, 1595 }) 1596 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1597} 1598 1599// Do executes the "binaryauthorization.projects.attestors.create" call. 1600// Exactly one of *Attestor or error will be non-nil. Any non-2xx status 1601// code is an error. Response headers are in either 1602// *Attestor.ServerResponse.Header or (if a response was returned at 1603// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 1604// to check whether the returned error was because 1605// http.StatusNotModified was returned. 1606func (c *ProjectsAttestorsCreateCall) Do(opts ...googleapi.CallOption) (*Attestor, error) { 1607 gensupport.SetOptions(c.urlParams_, opts...) 1608 res, err := c.doRequest("json") 1609 if res != nil && res.StatusCode == http.StatusNotModified { 1610 if res.Body != nil { 1611 res.Body.Close() 1612 } 1613 return nil, &googleapi.Error{ 1614 Code: res.StatusCode, 1615 Header: res.Header, 1616 } 1617 } 1618 if err != nil { 1619 return nil, err 1620 } 1621 defer googleapi.CloseBody(res) 1622 if err := googleapi.CheckResponse(res); err != nil { 1623 return nil, err 1624 } 1625 ret := &Attestor{ 1626 ServerResponse: googleapi.ServerResponse{ 1627 Header: res.Header, 1628 HTTPStatusCode: res.StatusCode, 1629 }, 1630 } 1631 target := &ret 1632 if err := gensupport.DecodeResponse(target, res); err != nil { 1633 return nil, err 1634 } 1635 return ret, nil 1636 // { 1637 // "description": "Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the attestor already exists.", 1638 // "flatPath": "v1beta1/projects/{projectsId}/attestors", 1639 // "httpMethod": "POST", 1640 // "id": "binaryauthorization.projects.attestors.create", 1641 // "parameterOrder": [ 1642 // "parent" 1643 // ], 1644 // "parameters": { 1645 // "attestorId": { 1646 // "description": "Required. The attestors ID.", 1647 // "location": "query", 1648 // "type": "string" 1649 // }, 1650 // "parent": { 1651 // "description": "Required. The parent of this attestor.", 1652 // "location": "path", 1653 // "pattern": "^projects/[^/]+$", 1654 // "required": true, 1655 // "type": "string" 1656 // } 1657 // }, 1658 // "path": "v1beta1/{+parent}/attestors", 1659 // "request": { 1660 // "$ref": "Attestor" 1661 // }, 1662 // "response": { 1663 // "$ref": "Attestor" 1664 // }, 1665 // "scopes": [ 1666 // "https://www.googleapis.com/auth/cloud-platform" 1667 // ] 1668 // } 1669 1670} 1671 1672// method id "binaryauthorization.projects.attestors.delete": 1673 1674type ProjectsAttestorsDeleteCall struct { 1675 s *Service 1676 name string 1677 urlParams_ gensupport.URLParams 1678 ctx_ context.Context 1679 header_ http.Header 1680} 1681 1682// Delete: Deletes an attestor. Returns NOT_FOUND if the attestor does 1683// not exist. 1684// 1685// - name: The name of the attestors to delete, in the format 1686// `projects/*/attestors/*`. 1687func (r *ProjectsAttestorsService) Delete(name string) *ProjectsAttestorsDeleteCall { 1688 c := &ProjectsAttestorsDeleteCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1689 c.name = name 1690 return c 1691} 1692 1693// Fields allows partial responses to be retrieved. See 1694// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1695// for more information. 1696func (c *ProjectsAttestorsDeleteCall) Fields(s ...googleapi.Field) *ProjectsAttestorsDeleteCall { 1697 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1698 return c 1699} 1700 1701// Context sets the context to be used in this call's Do method. Any 1702// pending HTTP request will be aborted if the provided context is 1703// canceled. 1704func (c *ProjectsAttestorsDeleteCall) Context(ctx context.Context) *ProjectsAttestorsDeleteCall { 1705 c.ctx_ = ctx 1706 return c 1707} 1708 1709// Header returns an http.Header that can be modified by the caller to 1710// add HTTP headers to the request. 1711func (c *ProjectsAttestorsDeleteCall) Header() http.Header { 1712 if c.header_ == nil { 1713 c.header_ = make(http.Header) 1714 } 1715 return c.header_ 1716} 1717 1718func (c *ProjectsAttestorsDeleteCall) doRequest(alt string) (*http.Response, error) { 1719 reqHeaders := make(http.Header) 1720 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 1721 for k, v := range c.header_ { 1722 reqHeaders[k] = v 1723 } 1724 reqHeaders.Set("User-Agent", c.s.userAgent()) 1725 var body io.Reader = nil 1726 c.urlParams_.Set("alt", alt) 1727 c.urlParams_.Set("prettyPrint", "false") 1728 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 1729 urls += "?" + c.urlParams_.Encode() 1730 req, err := http.NewRequest("DELETE", urls, body) 1731 if err != nil { 1732 return nil, err 1733 } 1734 req.Header = reqHeaders 1735 googleapi.Expand(req.URL, map[string]string{ 1736 "name": c.name, 1737 }) 1738 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1739} 1740 1741// Do executes the "binaryauthorization.projects.attestors.delete" call. 1742// Exactly one of *Empty or error will be non-nil. Any non-2xx status 1743// code is an error. Response headers are in either 1744// *Empty.ServerResponse.Header or (if a response was returned at all) 1745// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 1746// check whether the returned error was because http.StatusNotModified 1747// was returned. 1748func (c *ProjectsAttestorsDeleteCall) Do(opts ...googleapi.CallOption) (*Empty, error) { 1749 gensupport.SetOptions(c.urlParams_, opts...) 1750 res, err := c.doRequest("json") 1751 if res != nil && res.StatusCode == http.StatusNotModified { 1752 if res.Body != nil { 1753 res.Body.Close() 1754 } 1755 return nil, &googleapi.Error{ 1756 Code: res.StatusCode, 1757 Header: res.Header, 1758 } 1759 } 1760 if err != nil { 1761 return nil, err 1762 } 1763 defer googleapi.CloseBody(res) 1764 if err := googleapi.CheckResponse(res); err != nil { 1765 return nil, err 1766 } 1767 ret := &Empty{ 1768 ServerResponse: googleapi.ServerResponse{ 1769 Header: res.Header, 1770 HTTPStatusCode: res.StatusCode, 1771 }, 1772 } 1773 target := &ret 1774 if err := gensupport.DecodeResponse(target, res); err != nil { 1775 return nil, err 1776 } 1777 return ret, nil 1778 // { 1779 // "description": "Deletes an attestor. Returns NOT_FOUND if the attestor does not exist.", 1780 // "flatPath": "v1beta1/projects/{projectsId}/attestors/{attestorsId}", 1781 // "httpMethod": "DELETE", 1782 // "id": "binaryauthorization.projects.attestors.delete", 1783 // "parameterOrder": [ 1784 // "name" 1785 // ], 1786 // "parameters": { 1787 // "name": { 1788 // "description": "Required. The name of the attestors to delete, in the format `projects/*/attestors/*`.", 1789 // "location": "path", 1790 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 1791 // "required": true, 1792 // "type": "string" 1793 // } 1794 // }, 1795 // "path": "v1beta1/{+name}", 1796 // "response": { 1797 // "$ref": "Empty" 1798 // }, 1799 // "scopes": [ 1800 // "https://www.googleapis.com/auth/cloud-platform" 1801 // ] 1802 // } 1803 1804} 1805 1806// method id "binaryauthorization.projects.attestors.get": 1807 1808type ProjectsAttestorsGetCall struct { 1809 s *Service 1810 name string 1811 urlParams_ gensupport.URLParams 1812 ifNoneMatch_ string 1813 ctx_ context.Context 1814 header_ http.Header 1815} 1816 1817// Get: Gets an attestor. Returns NOT_FOUND if the attestor does not 1818// exist. 1819// 1820// - name: The name of the attestor to retrieve, in the format 1821// `projects/*/attestors/*`. 1822func (r *ProjectsAttestorsService) Get(name string) *ProjectsAttestorsGetCall { 1823 c := &ProjectsAttestorsGetCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1824 c.name = name 1825 return c 1826} 1827 1828// Fields allows partial responses to be retrieved. See 1829// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1830// for more information. 1831func (c *ProjectsAttestorsGetCall) Fields(s ...googleapi.Field) *ProjectsAttestorsGetCall { 1832 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 1833 return c 1834} 1835 1836// IfNoneMatch sets the optional parameter which makes the operation 1837// fail if the object's ETag matches the given value. This is useful for 1838// getting updates only after the object has changed since the last 1839// request. Use googleapi.IsNotModified to check whether the response 1840// error from Do is the result of In-None-Match. 1841func (c *ProjectsAttestorsGetCall) IfNoneMatch(entityTag string) *ProjectsAttestorsGetCall { 1842 c.ifNoneMatch_ = entityTag 1843 return c 1844} 1845 1846// Context sets the context to be used in this call's Do method. Any 1847// pending HTTP request will be aborted if the provided context is 1848// canceled. 1849func (c *ProjectsAttestorsGetCall) Context(ctx context.Context) *ProjectsAttestorsGetCall { 1850 c.ctx_ = ctx 1851 return c 1852} 1853 1854// Header returns an http.Header that can be modified by the caller to 1855// add HTTP headers to the request. 1856func (c *ProjectsAttestorsGetCall) Header() http.Header { 1857 if c.header_ == nil { 1858 c.header_ = make(http.Header) 1859 } 1860 return c.header_ 1861} 1862 1863func (c *ProjectsAttestorsGetCall) doRequest(alt string) (*http.Response, error) { 1864 reqHeaders := make(http.Header) 1865 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 1866 for k, v := range c.header_ { 1867 reqHeaders[k] = v 1868 } 1869 reqHeaders.Set("User-Agent", c.s.userAgent()) 1870 if c.ifNoneMatch_ != "" { 1871 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 1872 } 1873 var body io.Reader = nil 1874 c.urlParams_.Set("alt", alt) 1875 c.urlParams_.Set("prettyPrint", "false") 1876 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 1877 urls += "?" + c.urlParams_.Encode() 1878 req, err := http.NewRequest("GET", urls, body) 1879 if err != nil { 1880 return nil, err 1881 } 1882 req.Header = reqHeaders 1883 googleapi.Expand(req.URL, map[string]string{ 1884 "name": c.name, 1885 }) 1886 return gensupport.SendRequest(c.ctx_, c.s.client, req) 1887} 1888 1889// Do executes the "binaryauthorization.projects.attestors.get" call. 1890// Exactly one of *Attestor or error will be non-nil. Any non-2xx status 1891// code is an error. Response headers are in either 1892// *Attestor.ServerResponse.Header or (if a response was returned at 1893// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 1894// to check whether the returned error was because 1895// http.StatusNotModified was returned. 1896func (c *ProjectsAttestorsGetCall) Do(opts ...googleapi.CallOption) (*Attestor, error) { 1897 gensupport.SetOptions(c.urlParams_, opts...) 1898 res, err := c.doRequest("json") 1899 if res != nil && res.StatusCode == http.StatusNotModified { 1900 if res.Body != nil { 1901 res.Body.Close() 1902 } 1903 return nil, &googleapi.Error{ 1904 Code: res.StatusCode, 1905 Header: res.Header, 1906 } 1907 } 1908 if err != nil { 1909 return nil, err 1910 } 1911 defer googleapi.CloseBody(res) 1912 if err := googleapi.CheckResponse(res); err != nil { 1913 return nil, err 1914 } 1915 ret := &Attestor{ 1916 ServerResponse: googleapi.ServerResponse{ 1917 Header: res.Header, 1918 HTTPStatusCode: res.StatusCode, 1919 }, 1920 } 1921 target := &ret 1922 if err := gensupport.DecodeResponse(target, res); err != nil { 1923 return nil, err 1924 } 1925 return ret, nil 1926 // { 1927 // "description": "Gets an attestor. Returns NOT_FOUND if the attestor does not exist.", 1928 // "flatPath": "v1beta1/projects/{projectsId}/attestors/{attestorsId}", 1929 // "httpMethod": "GET", 1930 // "id": "binaryauthorization.projects.attestors.get", 1931 // "parameterOrder": [ 1932 // "name" 1933 // ], 1934 // "parameters": { 1935 // "name": { 1936 // "description": "Required. The name of the attestor to retrieve, in the format `projects/*/attestors/*`.", 1937 // "location": "path", 1938 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 1939 // "required": true, 1940 // "type": "string" 1941 // } 1942 // }, 1943 // "path": "v1beta1/{+name}", 1944 // "response": { 1945 // "$ref": "Attestor" 1946 // }, 1947 // "scopes": [ 1948 // "https://www.googleapis.com/auth/cloud-platform" 1949 // ] 1950 // } 1951 1952} 1953 1954// method id "binaryauthorization.projects.attestors.getIamPolicy": 1955 1956type ProjectsAttestorsGetIamPolicyCall struct { 1957 s *Service 1958 resource string 1959 urlParams_ gensupport.URLParams 1960 ifNoneMatch_ string 1961 ctx_ context.Context 1962 header_ http.Header 1963} 1964 1965// GetIamPolicy: Gets the access control policy for a resource. Returns 1966// an empty policy if the resource exists and does not have a policy 1967// set. 1968// 1969// - resource: REQUIRED: The resource for which the policy is being 1970// requested. See the operation documentation for the appropriate 1971// value for this field. 1972func (r *ProjectsAttestorsService) GetIamPolicy(resource string) *ProjectsAttestorsGetIamPolicyCall { 1973 c := &ProjectsAttestorsGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 1974 c.resource = resource 1975 return c 1976} 1977 1978// OptionsRequestedPolicyVersion sets the optional parameter 1979// "options.requestedPolicyVersion": The maximum policy version that 1980// will be used to format the policy. Valid values are 0, 1, and 3. 1981// Requests specifying an invalid value will be rejected. Requests for 1982// policies with any conditional role bindings must specify version 3. 1983// Policies with no conditional role bindings may specify any valid 1984// value or leave the field unset. The policy in the response might use 1985// the policy version that you specified, or it might use a lower policy 1986// version. For example, if you specify version 3, but the policy has no 1987// conditional role bindings, the response uses version 1. To learn 1988// which resources support conditions in their IAM policies, see the IAM 1989// documentation 1990// (https://cloud.google.com/iam/help/conditions/resource-policies). 1991func (c *ProjectsAttestorsGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsAttestorsGetIamPolicyCall { 1992 c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion)) 1993 return c 1994} 1995 1996// Fields allows partial responses to be retrieved. See 1997// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 1998// for more information. 1999func (c *ProjectsAttestorsGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsAttestorsGetIamPolicyCall { 2000 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2001 return c 2002} 2003 2004// IfNoneMatch sets the optional parameter which makes the operation 2005// fail if the object's ETag matches the given value. This is useful for 2006// getting updates only after the object has changed since the last 2007// request. Use googleapi.IsNotModified to check whether the response 2008// error from Do is the result of In-None-Match. 2009func (c *ProjectsAttestorsGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsAttestorsGetIamPolicyCall { 2010 c.ifNoneMatch_ = entityTag 2011 return c 2012} 2013 2014// Context sets the context to be used in this call's Do method. Any 2015// pending HTTP request will be aborted if the provided context is 2016// canceled. 2017func (c *ProjectsAttestorsGetIamPolicyCall) Context(ctx context.Context) *ProjectsAttestorsGetIamPolicyCall { 2018 c.ctx_ = ctx 2019 return c 2020} 2021 2022// Header returns an http.Header that can be modified by the caller to 2023// add HTTP headers to the request. 2024func (c *ProjectsAttestorsGetIamPolicyCall) Header() http.Header { 2025 if c.header_ == nil { 2026 c.header_ = make(http.Header) 2027 } 2028 return c.header_ 2029} 2030 2031func (c *ProjectsAttestorsGetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 2032 reqHeaders := make(http.Header) 2033 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 2034 for k, v := range c.header_ { 2035 reqHeaders[k] = v 2036 } 2037 reqHeaders.Set("User-Agent", c.s.userAgent()) 2038 if c.ifNoneMatch_ != "" { 2039 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2040 } 2041 var body io.Reader = nil 2042 c.urlParams_.Set("alt", alt) 2043 c.urlParams_.Set("prettyPrint", "false") 2044 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:getIamPolicy") 2045 urls += "?" + c.urlParams_.Encode() 2046 req, err := http.NewRequest("GET", urls, body) 2047 if err != nil { 2048 return nil, err 2049 } 2050 req.Header = reqHeaders 2051 googleapi.Expand(req.URL, map[string]string{ 2052 "resource": c.resource, 2053 }) 2054 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2055} 2056 2057// Do executes the "binaryauthorization.projects.attestors.getIamPolicy" call. 2058// Exactly one of *IamPolicy or error will be non-nil. Any non-2xx 2059// status code is an error. Response headers are in either 2060// *IamPolicy.ServerResponse.Header or (if a response was returned at 2061// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 2062// to check whether the returned error was because 2063// http.StatusNotModified was returned. 2064func (c *ProjectsAttestorsGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 2065 gensupport.SetOptions(c.urlParams_, opts...) 2066 res, err := c.doRequest("json") 2067 if res != nil && res.StatusCode == http.StatusNotModified { 2068 if res.Body != nil { 2069 res.Body.Close() 2070 } 2071 return nil, &googleapi.Error{ 2072 Code: res.StatusCode, 2073 Header: res.Header, 2074 } 2075 } 2076 if err != nil { 2077 return nil, err 2078 } 2079 defer googleapi.CloseBody(res) 2080 if err := googleapi.CheckResponse(res); err != nil { 2081 return nil, err 2082 } 2083 ret := &IamPolicy{ 2084 ServerResponse: googleapi.ServerResponse{ 2085 Header: res.Header, 2086 HTTPStatusCode: res.StatusCode, 2087 }, 2088 } 2089 target := &ret 2090 if err := gensupport.DecodeResponse(target, res); err != nil { 2091 return nil, err 2092 } 2093 return ret, nil 2094 // { 2095 // "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.", 2096 // "flatPath": "v1beta1/projects/{projectsId}/attestors/{attestorsId}:getIamPolicy", 2097 // "httpMethod": "GET", 2098 // "id": "binaryauthorization.projects.attestors.getIamPolicy", 2099 // "parameterOrder": [ 2100 // "resource" 2101 // ], 2102 // "parameters": { 2103 // "options.requestedPolicyVersion": { 2104 // "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).", 2105 // "format": "int32", 2106 // "location": "query", 2107 // "type": "integer" 2108 // }, 2109 // "resource": { 2110 // "description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.", 2111 // "location": "path", 2112 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2113 // "required": true, 2114 // "type": "string" 2115 // } 2116 // }, 2117 // "path": "v1beta1/{+resource}:getIamPolicy", 2118 // "response": { 2119 // "$ref": "IamPolicy" 2120 // }, 2121 // "scopes": [ 2122 // "https://www.googleapis.com/auth/cloud-platform" 2123 // ] 2124 // } 2125 2126} 2127 2128// method id "binaryauthorization.projects.attestors.list": 2129 2130type ProjectsAttestorsListCall struct { 2131 s *Service 2132 parent string 2133 urlParams_ gensupport.URLParams 2134 ifNoneMatch_ string 2135 ctx_ context.Context 2136 header_ http.Header 2137} 2138 2139// List: Lists attestors. Returns INVALID_ARGUMENT if the project does 2140// not exist. 2141// 2142// - parent: The resource name of the project associated with the 2143// attestors, in the format `projects/*`. 2144func (r *ProjectsAttestorsService) List(parent string) *ProjectsAttestorsListCall { 2145 c := &ProjectsAttestorsListCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2146 c.parent = parent 2147 return c 2148} 2149 2150// PageSize sets the optional parameter "pageSize": Requested page size. 2151// The server may return fewer results than requested. If unspecified, 2152// the server will pick an appropriate default. 2153func (c *ProjectsAttestorsListCall) PageSize(pageSize int64) *ProjectsAttestorsListCall { 2154 c.urlParams_.Set("pageSize", fmt.Sprint(pageSize)) 2155 return c 2156} 2157 2158// PageToken sets the optional parameter "pageToken": A token 2159// identifying a page of results the server should return. Typically, 2160// this is the value of ListAttestorsResponse.next_page_token returned 2161// from the previous call to the `ListAttestors` method. 2162func (c *ProjectsAttestorsListCall) PageToken(pageToken string) *ProjectsAttestorsListCall { 2163 c.urlParams_.Set("pageToken", pageToken) 2164 return c 2165} 2166 2167// Fields allows partial responses to be retrieved. See 2168// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2169// for more information. 2170func (c *ProjectsAttestorsListCall) Fields(s ...googleapi.Field) *ProjectsAttestorsListCall { 2171 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2172 return c 2173} 2174 2175// IfNoneMatch sets the optional parameter which makes the operation 2176// fail if the object's ETag matches the given value. This is useful for 2177// getting updates only after the object has changed since the last 2178// request. Use googleapi.IsNotModified to check whether the response 2179// error from Do is the result of In-None-Match. 2180func (c *ProjectsAttestorsListCall) IfNoneMatch(entityTag string) *ProjectsAttestorsListCall { 2181 c.ifNoneMatch_ = entityTag 2182 return c 2183} 2184 2185// Context sets the context to be used in this call's Do method. Any 2186// pending HTTP request will be aborted if the provided context is 2187// canceled. 2188func (c *ProjectsAttestorsListCall) Context(ctx context.Context) *ProjectsAttestorsListCall { 2189 c.ctx_ = ctx 2190 return c 2191} 2192 2193// Header returns an http.Header that can be modified by the caller to 2194// add HTTP headers to the request. 2195func (c *ProjectsAttestorsListCall) Header() http.Header { 2196 if c.header_ == nil { 2197 c.header_ = make(http.Header) 2198 } 2199 return c.header_ 2200} 2201 2202func (c *ProjectsAttestorsListCall) doRequest(alt string) (*http.Response, error) { 2203 reqHeaders := make(http.Header) 2204 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 2205 for k, v := range c.header_ { 2206 reqHeaders[k] = v 2207 } 2208 reqHeaders.Set("User-Agent", c.s.userAgent()) 2209 if c.ifNoneMatch_ != "" { 2210 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2211 } 2212 var body io.Reader = nil 2213 c.urlParams_.Set("alt", alt) 2214 c.urlParams_.Set("prettyPrint", "false") 2215 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+parent}/attestors") 2216 urls += "?" + c.urlParams_.Encode() 2217 req, err := http.NewRequest("GET", urls, body) 2218 if err != nil { 2219 return nil, err 2220 } 2221 req.Header = reqHeaders 2222 googleapi.Expand(req.URL, map[string]string{ 2223 "parent": c.parent, 2224 }) 2225 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2226} 2227 2228// Do executes the "binaryauthorization.projects.attestors.list" call. 2229// Exactly one of *ListAttestorsResponse or error will be non-nil. Any 2230// non-2xx status code is an error. Response headers are in either 2231// *ListAttestorsResponse.ServerResponse.Header or (if a response was 2232// returned at all) in error.(*googleapi.Error).Header. Use 2233// googleapi.IsNotModified to check whether the returned error was 2234// because http.StatusNotModified was returned. 2235func (c *ProjectsAttestorsListCall) Do(opts ...googleapi.CallOption) (*ListAttestorsResponse, error) { 2236 gensupport.SetOptions(c.urlParams_, opts...) 2237 res, err := c.doRequest("json") 2238 if res != nil && res.StatusCode == http.StatusNotModified { 2239 if res.Body != nil { 2240 res.Body.Close() 2241 } 2242 return nil, &googleapi.Error{ 2243 Code: res.StatusCode, 2244 Header: res.Header, 2245 } 2246 } 2247 if err != nil { 2248 return nil, err 2249 } 2250 defer googleapi.CloseBody(res) 2251 if err := googleapi.CheckResponse(res); err != nil { 2252 return nil, err 2253 } 2254 ret := &ListAttestorsResponse{ 2255 ServerResponse: googleapi.ServerResponse{ 2256 Header: res.Header, 2257 HTTPStatusCode: res.StatusCode, 2258 }, 2259 } 2260 target := &ret 2261 if err := gensupport.DecodeResponse(target, res); err != nil { 2262 return nil, err 2263 } 2264 return ret, nil 2265 // { 2266 // "description": "Lists attestors. Returns INVALID_ARGUMENT if the project does not exist.", 2267 // "flatPath": "v1beta1/projects/{projectsId}/attestors", 2268 // "httpMethod": "GET", 2269 // "id": "binaryauthorization.projects.attestors.list", 2270 // "parameterOrder": [ 2271 // "parent" 2272 // ], 2273 // "parameters": { 2274 // "pageSize": { 2275 // "description": "Requested page size. The server may return fewer results than requested. If unspecified, the server will pick an appropriate default.", 2276 // "format": "int32", 2277 // "location": "query", 2278 // "type": "integer" 2279 // }, 2280 // "pageToken": { 2281 // "description": "A token identifying a page of results the server should return. Typically, this is the value of ListAttestorsResponse.next_page_token returned from the previous call to the `ListAttestors` method.", 2282 // "location": "query", 2283 // "type": "string" 2284 // }, 2285 // "parent": { 2286 // "description": "Required. The resource name of the project associated with the attestors, in the format `projects/*`.", 2287 // "location": "path", 2288 // "pattern": "^projects/[^/]+$", 2289 // "required": true, 2290 // "type": "string" 2291 // } 2292 // }, 2293 // "path": "v1beta1/{+parent}/attestors", 2294 // "response": { 2295 // "$ref": "ListAttestorsResponse" 2296 // }, 2297 // "scopes": [ 2298 // "https://www.googleapis.com/auth/cloud-platform" 2299 // ] 2300 // } 2301 2302} 2303 2304// Pages invokes f for each page of results. 2305// A non-nil error returned from f will halt the iteration. 2306// The provided context supersedes any context provided to the Context method. 2307func (c *ProjectsAttestorsListCall) Pages(ctx context.Context, f func(*ListAttestorsResponse) error) error { 2308 c.ctx_ = ctx 2309 defer c.PageToken(c.urlParams_.Get("pageToken")) // reset paging to original point 2310 for { 2311 x, err := c.Do() 2312 if err != nil { 2313 return err 2314 } 2315 if err := f(x); err != nil { 2316 return err 2317 } 2318 if x.NextPageToken == "" { 2319 return nil 2320 } 2321 c.PageToken(x.NextPageToken) 2322 } 2323} 2324 2325// method id "binaryauthorization.projects.attestors.setIamPolicy": 2326 2327type ProjectsAttestorsSetIamPolicyCall struct { 2328 s *Service 2329 resource string 2330 setiampolicyrequest *SetIamPolicyRequest 2331 urlParams_ gensupport.URLParams 2332 ctx_ context.Context 2333 header_ http.Header 2334} 2335 2336// SetIamPolicy: Sets the access control policy on the specified 2337// resource. Replaces any existing policy. Can return `NOT_FOUND`, 2338// `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. 2339// 2340// - resource: REQUIRED: The resource for which the policy is being 2341// specified. See the operation documentation for the appropriate 2342// value for this field. 2343func (r *ProjectsAttestorsService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsAttestorsSetIamPolicyCall { 2344 c := &ProjectsAttestorsSetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2345 c.resource = resource 2346 c.setiampolicyrequest = setiampolicyrequest 2347 return c 2348} 2349 2350// Fields allows partial responses to be retrieved. See 2351// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2352// for more information. 2353func (c *ProjectsAttestorsSetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsAttestorsSetIamPolicyCall { 2354 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2355 return c 2356} 2357 2358// Context sets the context to be used in this call's Do method. Any 2359// pending HTTP request will be aborted if the provided context is 2360// canceled. 2361func (c *ProjectsAttestorsSetIamPolicyCall) Context(ctx context.Context) *ProjectsAttestorsSetIamPolicyCall { 2362 c.ctx_ = ctx 2363 return c 2364} 2365 2366// Header returns an http.Header that can be modified by the caller to 2367// add HTTP headers to the request. 2368func (c *ProjectsAttestorsSetIamPolicyCall) Header() http.Header { 2369 if c.header_ == nil { 2370 c.header_ = make(http.Header) 2371 } 2372 return c.header_ 2373} 2374 2375func (c *ProjectsAttestorsSetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 2376 reqHeaders := make(http.Header) 2377 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 2378 for k, v := range c.header_ { 2379 reqHeaders[k] = v 2380 } 2381 reqHeaders.Set("User-Agent", c.s.userAgent()) 2382 var body io.Reader = nil 2383 body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest) 2384 if err != nil { 2385 return nil, err 2386 } 2387 reqHeaders.Set("Content-Type", "application/json") 2388 c.urlParams_.Set("alt", alt) 2389 c.urlParams_.Set("prettyPrint", "false") 2390 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:setIamPolicy") 2391 urls += "?" + c.urlParams_.Encode() 2392 req, err := http.NewRequest("POST", urls, body) 2393 if err != nil { 2394 return nil, err 2395 } 2396 req.Header = reqHeaders 2397 googleapi.Expand(req.URL, map[string]string{ 2398 "resource": c.resource, 2399 }) 2400 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2401} 2402 2403// Do executes the "binaryauthorization.projects.attestors.setIamPolicy" call. 2404// Exactly one of *IamPolicy or error will be non-nil. Any non-2xx 2405// status code is an error. Response headers are in either 2406// *IamPolicy.ServerResponse.Header or (if a response was returned at 2407// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 2408// to check whether the returned error was because 2409// http.StatusNotModified was returned. 2410func (c *ProjectsAttestorsSetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 2411 gensupport.SetOptions(c.urlParams_, opts...) 2412 res, err := c.doRequest("json") 2413 if res != nil && res.StatusCode == http.StatusNotModified { 2414 if res.Body != nil { 2415 res.Body.Close() 2416 } 2417 return nil, &googleapi.Error{ 2418 Code: res.StatusCode, 2419 Header: res.Header, 2420 } 2421 } 2422 if err != nil { 2423 return nil, err 2424 } 2425 defer googleapi.CloseBody(res) 2426 if err := googleapi.CheckResponse(res); err != nil { 2427 return nil, err 2428 } 2429 ret := &IamPolicy{ 2430 ServerResponse: googleapi.ServerResponse{ 2431 Header: res.Header, 2432 HTTPStatusCode: res.StatusCode, 2433 }, 2434 } 2435 target := &ret 2436 if err := gensupport.DecodeResponse(target, res); err != nil { 2437 return nil, err 2438 } 2439 return ret, nil 2440 // { 2441 // "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.", 2442 // "flatPath": "v1beta1/projects/{projectsId}/attestors/{attestorsId}:setIamPolicy", 2443 // "httpMethod": "POST", 2444 // "id": "binaryauthorization.projects.attestors.setIamPolicy", 2445 // "parameterOrder": [ 2446 // "resource" 2447 // ], 2448 // "parameters": { 2449 // "resource": { 2450 // "description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.", 2451 // "location": "path", 2452 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2453 // "required": true, 2454 // "type": "string" 2455 // } 2456 // }, 2457 // "path": "v1beta1/{+resource}:setIamPolicy", 2458 // "request": { 2459 // "$ref": "SetIamPolicyRequest" 2460 // }, 2461 // "response": { 2462 // "$ref": "IamPolicy" 2463 // }, 2464 // "scopes": [ 2465 // "https://www.googleapis.com/auth/cloud-platform" 2466 // ] 2467 // } 2468 2469} 2470 2471// method id "binaryauthorization.projects.attestors.testIamPermissions": 2472 2473type ProjectsAttestorsTestIamPermissionsCall struct { 2474 s *Service 2475 resource string 2476 testiampermissionsrequest *TestIamPermissionsRequest 2477 urlParams_ gensupport.URLParams 2478 ctx_ context.Context 2479 header_ http.Header 2480} 2481 2482// TestIamPermissions: Returns permissions that a caller has on the 2483// specified resource. If the resource does not exist, this will return 2484// an empty set of permissions, not a `NOT_FOUND` error. Note: This 2485// operation is designed to be used for building permission-aware UIs 2486// and command-line tools, not for authorization checking. This 2487// operation may "fail open" without warning. 2488// 2489// - resource: REQUIRED: The resource for which the policy detail is 2490// being requested. See the operation documentation for the 2491// appropriate value for this field. 2492func (r *ProjectsAttestorsService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsAttestorsTestIamPermissionsCall { 2493 c := &ProjectsAttestorsTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2494 c.resource = resource 2495 c.testiampermissionsrequest = testiampermissionsrequest 2496 return c 2497} 2498 2499// Fields allows partial responses to be retrieved. See 2500// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2501// for more information. 2502func (c *ProjectsAttestorsTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsAttestorsTestIamPermissionsCall { 2503 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2504 return c 2505} 2506 2507// Context sets the context to be used in this call's Do method. Any 2508// pending HTTP request will be aborted if the provided context is 2509// canceled. 2510func (c *ProjectsAttestorsTestIamPermissionsCall) Context(ctx context.Context) *ProjectsAttestorsTestIamPermissionsCall { 2511 c.ctx_ = ctx 2512 return c 2513} 2514 2515// Header returns an http.Header that can be modified by the caller to 2516// add HTTP headers to the request. 2517func (c *ProjectsAttestorsTestIamPermissionsCall) Header() http.Header { 2518 if c.header_ == nil { 2519 c.header_ = make(http.Header) 2520 } 2521 return c.header_ 2522} 2523 2524func (c *ProjectsAttestorsTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) { 2525 reqHeaders := make(http.Header) 2526 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 2527 for k, v := range c.header_ { 2528 reqHeaders[k] = v 2529 } 2530 reqHeaders.Set("User-Agent", c.s.userAgent()) 2531 var body io.Reader = nil 2532 body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest) 2533 if err != nil { 2534 return nil, err 2535 } 2536 reqHeaders.Set("Content-Type", "application/json") 2537 c.urlParams_.Set("alt", alt) 2538 c.urlParams_.Set("prettyPrint", "false") 2539 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:testIamPermissions") 2540 urls += "?" + c.urlParams_.Encode() 2541 req, err := http.NewRequest("POST", urls, body) 2542 if err != nil { 2543 return nil, err 2544 } 2545 req.Header = reqHeaders 2546 googleapi.Expand(req.URL, map[string]string{ 2547 "resource": c.resource, 2548 }) 2549 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2550} 2551 2552// Do executes the "binaryauthorization.projects.attestors.testIamPermissions" call. 2553// Exactly one of *TestIamPermissionsResponse or error will be non-nil. 2554// Any non-2xx status code is an error. Response headers are in either 2555// *TestIamPermissionsResponse.ServerResponse.Header or (if a response 2556// was returned at all) in error.(*googleapi.Error).Header. Use 2557// googleapi.IsNotModified to check whether the returned error was 2558// because http.StatusNotModified was returned. 2559func (c *ProjectsAttestorsTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) { 2560 gensupport.SetOptions(c.urlParams_, opts...) 2561 res, err := c.doRequest("json") 2562 if res != nil && res.StatusCode == http.StatusNotModified { 2563 if res.Body != nil { 2564 res.Body.Close() 2565 } 2566 return nil, &googleapi.Error{ 2567 Code: res.StatusCode, 2568 Header: res.Header, 2569 } 2570 } 2571 if err != nil { 2572 return nil, err 2573 } 2574 defer googleapi.CloseBody(res) 2575 if err := googleapi.CheckResponse(res); err != nil { 2576 return nil, err 2577 } 2578 ret := &TestIamPermissionsResponse{ 2579 ServerResponse: googleapi.ServerResponse{ 2580 Header: res.Header, 2581 HTTPStatusCode: res.StatusCode, 2582 }, 2583 } 2584 target := &ret 2585 if err := gensupport.DecodeResponse(target, res); err != nil { 2586 return nil, err 2587 } 2588 return ret, nil 2589 // { 2590 // "description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.", 2591 // "flatPath": "v1beta1/projects/{projectsId}/attestors/{attestorsId}:testIamPermissions", 2592 // "httpMethod": "POST", 2593 // "id": "binaryauthorization.projects.attestors.testIamPermissions", 2594 // "parameterOrder": [ 2595 // "resource" 2596 // ], 2597 // "parameters": { 2598 // "resource": { 2599 // "description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.", 2600 // "location": "path", 2601 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2602 // "required": true, 2603 // "type": "string" 2604 // } 2605 // }, 2606 // "path": "v1beta1/{+resource}:testIamPermissions", 2607 // "request": { 2608 // "$ref": "TestIamPermissionsRequest" 2609 // }, 2610 // "response": { 2611 // "$ref": "TestIamPermissionsResponse" 2612 // }, 2613 // "scopes": [ 2614 // "https://www.googleapis.com/auth/cloud-platform" 2615 // ] 2616 // } 2617 2618} 2619 2620// method id "binaryauthorization.projects.attestors.update": 2621 2622type ProjectsAttestorsUpdateCall struct { 2623 s *Service 2624 name string 2625 attestor *Attestor 2626 urlParams_ gensupport.URLParams 2627 ctx_ context.Context 2628 header_ http.Header 2629} 2630 2631// Update: Updates an attestor. Returns NOT_FOUND if the attestor does 2632// not exist. 2633// 2634// - name: The resource name, in the format: `projects/*/attestors/*`. 2635// This field may not be updated. 2636func (r *ProjectsAttestorsService) Update(name string, attestor *Attestor) *ProjectsAttestorsUpdateCall { 2637 c := &ProjectsAttestorsUpdateCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2638 c.name = name 2639 c.attestor = attestor 2640 return c 2641} 2642 2643// Fields allows partial responses to be retrieved. See 2644// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2645// for more information. 2646func (c *ProjectsAttestorsUpdateCall) Fields(s ...googleapi.Field) *ProjectsAttestorsUpdateCall { 2647 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2648 return c 2649} 2650 2651// Context sets the context to be used in this call's Do method. Any 2652// pending HTTP request will be aborted if the provided context is 2653// canceled. 2654func (c *ProjectsAttestorsUpdateCall) Context(ctx context.Context) *ProjectsAttestorsUpdateCall { 2655 c.ctx_ = ctx 2656 return c 2657} 2658 2659// Header returns an http.Header that can be modified by the caller to 2660// add HTTP headers to the request. 2661func (c *ProjectsAttestorsUpdateCall) Header() http.Header { 2662 if c.header_ == nil { 2663 c.header_ = make(http.Header) 2664 } 2665 return c.header_ 2666} 2667 2668func (c *ProjectsAttestorsUpdateCall) doRequest(alt string) (*http.Response, error) { 2669 reqHeaders := make(http.Header) 2670 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 2671 for k, v := range c.header_ { 2672 reqHeaders[k] = v 2673 } 2674 reqHeaders.Set("User-Agent", c.s.userAgent()) 2675 var body io.Reader = nil 2676 body, err := googleapi.WithoutDataWrapper.JSONReader(c.attestor) 2677 if err != nil { 2678 return nil, err 2679 } 2680 reqHeaders.Set("Content-Type", "application/json") 2681 c.urlParams_.Set("alt", alt) 2682 c.urlParams_.Set("prettyPrint", "false") 2683 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 2684 urls += "?" + c.urlParams_.Encode() 2685 req, err := http.NewRequest("PUT", urls, body) 2686 if err != nil { 2687 return nil, err 2688 } 2689 req.Header = reqHeaders 2690 googleapi.Expand(req.URL, map[string]string{ 2691 "name": c.name, 2692 }) 2693 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2694} 2695 2696// Do executes the "binaryauthorization.projects.attestors.update" call. 2697// Exactly one of *Attestor or error will be non-nil. Any non-2xx status 2698// code is an error. Response headers are in either 2699// *Attestor.ServerResponse.Header or (if a response was returned at 2700// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 2701// to check whether the returned error was because 2702// http.StatusNotModified was returned. 2703func (c *ProjectsAttestorsUpdateCall) Do(opts ...googleapi.CallOption) (*Attestor, error) { 2704 gensupport.SetOptions(c.urlParams_, opts...) 2705 res, err := c.doRequest("json") 2706 if res != nil && res.StatusCode == http.StatusNotModified { 2707 if res.Body != nil { 2708 res.Body.Close() 2709 } 2710 return nil, &googleapi.Error{ 2711 Code: res.StatusCode, 2712 Header: res.Header, 2713 } 2714 } 2715 if err != nil { 2716 return nil, err 2717 } 2718 defer googleapi.CloseBody(res) 2719 if err := googleapi.CheckResponse(res); err != nil { 2720 return nil, err 2721 } 2722 ret := &Attestor{ 2723 ServerResponse: googleapi.ServerResponse{ 2724 Header: res.Header, 2725 HTTPStatusCode: res.StatusCode, 2726 }, 2727 } 2728 target := &ret 2729 if err := gensupport.DecodeResponse(target, res); err != nil { 2730 return nil, err 2731 } 2732 return ret, nil 2733 // { 2734 // "description": "Updates an attestor. Returns NOT_FOUND if the attestor does not exist.", 2735 // "flatPath": "v1beta1/projects/{projectsId}/attestors/{attestorsId}", 2736 // "httpMethod": "PUT", 2737 // "id": "binaryauthorization.projects.attestors.update", 2738 // "parameterOrder": [ 2739 // "name" 2740 // ], 2741 // "parameters": { 2742 // "name": { 2743 // "description": "Required. The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.", 2744 // "location": "path", 2745 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2746 // "required": true, 2747 // "type": "string" 2748 // } 2749 // }, 2750 // "path": "v1beta1/{+name}", 2751 // "request": { 2752 // "$ref": "Attestor" 2753 // }, 2754 // "response": { 2755 // "$ref": "Attestor" 2756 // }, 2757 // "scopes": [ 2758 // "https://www.googleapis.com/auth/cloud-platform" 2759 // ] 2760 // } 2761 2762} 2763 2764// method id "binaryauthorization.projects.attestors.validateAttestationOccurrence": 2765 2766type ProjectsAttestorsValidateAttestationOccurrenceCall struct { 2767 s *Service 2768 attestor string 2769 validateattestationoccurrencerequest *ValidateAttestationOccurrenceRequest 2770 urlParams_ gensupport.URLParams 2771 ctx_ context.Context 2772 header_ http.Header 2773} 2774 2775// ValidateAttestationOccurrence: Returns whether the given Attestation 2776// for the given image URI was signed by the given Attestor 2777// 2778// - attestor: The resource name of the Attestor of the occurrence, in 2779// the format `projects/*/attestors/*`. 2780func (r *ProjectsAttestorsService) ValidateAttestationOccurrence(attestor string, validateattestationoccurrencerequest *ValidateAttestationOccurrenceRequest) *ProjectsAttestorsValidateAttestationOccurrenceCall { 2781 c := &ProjectsAttestorsValidateAttestationOccurrenceCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2782 c.attestor = attestor 2783 c.validateattestationoccurrencerequest = validateattestationoccurrencerequest 2784 return c 2785} 2786 2787// Fields allows partial responses to be retrieved. See 2788// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2789// for more information. 2790func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Fields(s ...googleapi.Field) *ProjectsAttestorsValidateAttestationOccurrenceCall { 2791 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2792 return c 2793} 2794 2795// Context sets the context to be used in this call's Do method. Any 2796// pending HTTP request will be aborted if the provided context is 2797// canceled. 2798func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Context(ctx context.Context) *ProjectsAttestorsValidateAttestationOccurrenceCall { 2799 c.ctx_ = ctx 2800 return c 2801} 2802 2803// Header returns an http.Header that can be modified by the caller to 2804// add HTTP headers to the request. 2805func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Header() http.Header { 2806 if c.header_ == nil { 2807 c.header_ = make(http.Header) 2808 } 2809 return c.header_ 2810} 2811 2812func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) doRequest(alt string) (*http.Response, error) { 2813 reqHeaders := make(http.Header) 2814 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 2815 for k, v := range c.header_ { 2816 reqHeaders[k] = v 2817 } 2818 reqHeaders.Set("User-Agent", c.s.userAgent()) 2819 var body io.Reader = nil 2820 body, err := googleapi.WithoutDataWrapper.JSONReader(c.validateattestationoccurrencerequest) 2821 if err != nil { 2822 return nil, err 2823 } 2824 reqHeaders.Set("Content-Type", "application/json") 2825 c.urlParams_.Set("alt", alt) 2826 c.urlParams_.Set("prettyPrint", "false") 2827 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+attestor}:validateAttestationOccurrence") 2828 urls += "?" + c.urlParams_.Encode() 2829 req, err := http.NewRequest("POST", urls, body) 2830 if err != nil { 2831 return nil, err 2832 } 2833 req.Header = reqHeaders 2834 googleapi.Expand(req.URL, map[string]string{ 2835 "attestor": c.attestor, 2836 }) 2837 return gensupport.SendRequest(c.ctx_, c.s.client, req) 2838} 2839 2840// Do executes the "binaryauthorization.projects.attestors.validateAttestationOccurrence" call. 2841// Exactly one of *ValidateAttestationOccurrenceResponse or error will 2842// be non-nil. Any non-2xx status code is an error. Response headers are 2843// in either 2844// *ValidateAttestationOccurrenceResponse.ServerResponse.Header or (if a 2845// response was returned at all) in error.(*googleapi.Error).Header. Use 2846// googleapi.IsNotModified to check whether the returned error was 2847// because http.StatusNotModified was returned. 2848func (c *ProjectsAttestorsValidateAttestationOccurrenceCall) Do(opts ...googleapi.CallOption) (*ValidateAttestationOccurrenceResponse, error) { 2849 gensupport.SetOptions(c.urlParams_, opts...) 2850 res, err := c.doRequest("json") 2851 if res != nil && res.StatusCode == http.StatusNotModified { 2852 if res.Body != nil { 2853 res.Body.Close() 2854 } 2855 return nil, &googleapi.Error{ 2856 Code: res.StatusCode, 2857 Header: res.Header, 2858 } 2859 } 2860 if err != nil { 2861 return nil, err 2862 } 2863 defer googleapi.CloseBody(res) 2864 if err := googleapi.CheckResponse(res); err != nil { 2865 return nil, err 2866 } 2867 ret := &ValidateAttestationOccurrenceResponse{ 2868 ServerResponse: googleapi.ServerResponse{ 2869 Header: res.Header, 2870 HTTPStatusCode: res.StatusCode, 2871 }, 2872 } 2873 target := &ret 2874 if err := gensupport.DecodeResponse(target, res); err != nil { 2875 return nil, err 2876 } 2877 return ret, nil 2878 // { 2879 // "description": "Returns whether the given Attestation for the given image URI was signed by the given Attestor", 2880 // "flatPath": "v1beta1/projects/{projectsId}/attestors/{attestorsId}:validateAttestationOccurrence", 2881 // "httpMethod": "POST", 2882 // "id": "binaryauthorization.projects.attestors.validateAttestationOccurrence", 2883 // "parameterOrder": [ 2884 // "attestor" 2885 // ], 2886 // "parameters": { 2887 // "attestor": { 2888 // "description": "Required. The resource name of the Attestor of the occurrence, in the format `projects/*/attestors/*`.", 2889 // "location": "path", 2890 // "pattern": "^projects/[^/]+/attestors/[^/]+$", 2891 // "required": true, 2892 // "type": "string" 2893 // } 2894 // }, 2895 // "path": "v1beta1/{+attestor}:validateAttestationOccurrence", 2896 // "request": { 2897 // "$ref": "ValidateAttestationOccurrenceRequest" 2898 // }, 2899 // "response": { 2900 // "$ref": "ValidateAttestationOccurrenceResponse" 2901 // }, 2902 // "scopes": [ 2903 // "https://www.googleapis.com/auth/cloud-platform" 2904 // ] 2905 // } 2906 2907} 2908 2909// method id "binaryauthorization.projects.policy.getIamPolicy": 2910 2911type ProjectsPolicyGetIamPolicyCall struct { 2912 s *Service 2913 resource string 2914 urlParams_ gensupport.URLParams 2915 ifNoneMatch_ string 2916 ctx_ context.Context 2917 header_ http.Header 2918} 2919 2920// GetIamPolicy: Gets the access control policy for a resource. Returns 2921// an empty policy if the resource exists and does not have a policy 2922// set. 2923// 2924// - resource: REQUIRED: The resource for which the policy is being 2925// requested. See the operation documentation for the appropriate 2926// value for this field. 2927func (r *ProjectsPolicyService) GetIamPolicy(resource string) *ProjectsPolicyGetIamPolicyCall { 2928 c := &ProjectsPolicyGetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 2929 c.resource = resource 2930 return c 2931} 2932 2933// OptionsRequestedPolicyVersion sets the optional parameter 2934// "options.requestedPolicyVersion": The maximum policy version that 2935// will be used to format the policy. Valid values are 0, 1, and 3. 2936// Requests specifying an invalid value will be rejected. Requests for 2937// policies with any conditional role bindings must specify version 3. 2938// Policies with no conditional role bindings may specify any valid 2939// value or leave the field unset. The policy in the response might use 2940// the policy version that you specified, or it might use a lower policy 2941// version. For example, if you specify version 3, but the policy has no 2942// conditional role bindings, the response uses version 1. To learn 2943// which resources support conditions in their IAM policies, see the IAM 2944// documentation 2945// (https://cloud.google.com/iam/help/conditions/resource-policies). 2946func (c *ProjectsPolicyGetIamPolicyCall) OptionsRequestedPolicyVersion(optionsRequestedPolicyVersion int64) *ProjectsPolicyGetIamPolicyCall { 2947 c.urlParams_.Set("options.requestedPolicyVersion", fmt.Sprint(optionsRequestedPolicyVersion)) 2948 return c 2949} 2950 2951// Fields allows partial responses to be retrieved. See 2952// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 2953// for more information. 2954func (c *ProjectsPolicyGetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsPolicyGetIamPolicyCall { 2955 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 2956 return c 2957} 2958 2959// IfNoneMatch sets the optional parameter which makes the operation 2960// fail if the object's ETag matches the given value. This is useful for 2961// getting updates only after the object has changed since the last 2962// request. Use googleapi.IsNotModified to check whether the response 2963// error from Do is the result of In-None-Match. 2964func (c *ProjectsPolicyGetIamPolicyCall) IfNoneMatch(entityTag string) *ProjectsPolicyGetIamPolicyCall { 2965 c.ifNoneMatch_ = entityTag 2966 return c 2967} 2968 2969// Context sets the context to be used in this call's Do method. Any 2970// pending HTTP request will be aborted if the provided context is 2971// canceled. 2972func (c *ProjectsPolicyGetIamPolicyCall) Context(ctx context.Context) *ProjectsPolicyGetIamPolicyCall { 2973 c.ctx_ = ctx 2974 return c 2975} 2976 2977// Header returns an http.Header that can be modified by the caller to 2978// add HTTP headers to the request. 2979func (c *ProjectsPolicyGetIamPolicyCall) Header() http.Header { 2980 if c.header_ == nil { 2981 c.header_ = make(http.Header) 2982 } 2983 return c.header_ 2984} 2985 2986func (c *ProjectsPolicyGetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 2987 reqHeaders := make(http.Header) 2988 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 2989 for k, v := range c.header_ { 2990 reqHeaders[k] = v 2991 } 2992 reqHeaders.Set("User-Agent", c.s.userAgent()) 2993 if c.ifNoneMatch_ != "" { 2994 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 2995 } 2996 var body io.Reader = nil 2997 c.urlParams_.Set("alt", alt) 2998 c.urlParams_.Set("prettyPrint", "false") 2999 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:getIamPolicy") 3000 urls += "?" + c.urlParams_.Encode() 3001 req, err := http.NewRequest("GET", urls, body) 3002 if err != nil { 3003 return nil, err 3004 } 3005 req.Header = reqHeaders 3006 googleapi.Expand(req.URL, map[string]string{ 3007 "resource": c.resource, 3008 }) 3009 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3010} 3011 3012// Do executes the "binaryauthorization.projects.policy.getIamPolicy" call. 3013// Exactly one of *IamPolicy or error will be non-nil. Any non-2xx 3014// status code is an error. Response headers are in either 3015// *IamPolicy.ServerResponse.Header or (if a response was returned at 3016// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 3017// to check whether the returned error was because 3018// http.StatusNotModified was returned. 3019func (c *ProjectsPolicyGetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 3020 gensupport.SetOptions(c.urlParams_, opts...) 3021 res, err := c.doRequest("json") 3022 if res != nil && res.StatusCode == http.StatusNotModified { 3023 if res.Body != nil { 3024 res.Body.Close() 3025 } 3026 return nil, &googleapi.Error{ 3027 Code: res.StatusCode, 3028 Header: res.Header, 3029 } 3030 } 3031 if err != nil { 3032 return nil, err 3033 } 3034 defer googleapi.CloseBody(res) 3035 if err := googleapi.CheckResponse(res); err != nil { 3036 return nil, err 3037 } 3038 ret := &IamPolicy{ 3039 ServerResponse: googleapi.ServerResponse{ 3040 Header: res.Header, 3041 HTTPStatusCode: res.StatusCode, 3042 }, 3043 } 3044 target := &ret 3045 if err := gensupport.DecodeResponse(target, res); err != nil { 3046 return nil, err 3047 } 3048 return ret, nil 3049 // { 3050 // "description": "Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.", 3051 // "flatPath": "v1beta1/projects/{projectsId}/policy:getIamPolicy", 3052 // "httpMethod": "GET", 3053 // "id": "binaryauthorization.projects.policy.getIamPolicy", 3054 // "parameterOrder": [ 3055 // "resource" 3056 // ], 3057 // "parameters": { 3058 // "options.requestedPolicyVersion": { 3059 // "description": "Optional. The maximum policy version that will be used to format the policy. Valid values are 0, 1, and 3. Requests specifying an invalid value will be rejected. Requests for policies with any conditional role bindings must specify version 3. Policies with no conditional role bindings may specify any valid value or leave the field unset. The policy in the response might use the policy version that you specified, or it might use a lower policy version. For example, if you specify version 3, but the policy has no conditional role bindings, the response uses version 1. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).", 3060 // "format": "int32", 3061 // "location": "query", 3062 // "type": "integer" 3063 // }, 3064 // "resource": { 3065 // "description": "REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.", 3066 // "location": "path", 3067 // "pattern": "^projects/[^/]+/policy$", 3068 // "required": true, 3069 // "type": "string" 3070 // } 3071 // }, 3072 // "path": "v1beta1/{+resource}:getIamPolicy", 3073 // "response": { 3074 // "$ref": "IamPolicy" 3075 // }, 3076 // "scopes": [ 3077 // "https://www.googleapis.com/auth/cloud-platform" 3078 // ] 3079 // } 3080 3081} 3082 3083// method id "binaryauthorization.projects.policy.setIamPolicy": 3084 3085type ProjectsPolicySetIamPolicyCall struct { 3086 s *Service 3087 resource string 3088 setiampolicyrequest *SetIamPolicyRequest 3089 urlParams_ gensupport.URLParams 3090 ctx_ context.Context 3091 header_ http.Header 3092} 3093 3094// SetIamPolicy: Sets the access control policy on the specified 3095// resource. Replaces any existing policy. Can return `NOT_FOUND`, 3096// `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. 3097// 3098// - resource: REQUIRED: The resource for which the policy is being 3099// specified. See the operation documentation for the appropriate 3100// value for this field. 3101func (r *ProjectsPolicyService) SetIamPolicy(resource string, setiampolicyrequest *SetIamPolicyRequest) *ProjectsPolicySetIamPolicyCall { 3102 c := &ProjectsPolicySetIamPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3103 c.resource = resource 3104 c.setiampolicyrequest = setiampolicyrequest 3105 return c 3106} 3107 3108// Fields allows partial responses to be retrieved. See 3109// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3110// for more information. 3111func (c *ProjectsPolicySetIamPolicyCall) Fields(s ...googleapi.Field) *ProjectsPolicySetIamPolicyCall { 3112 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3113 return c 3114} 3115 3116// Context sets the context to be used in this call's Do method. Any 3117// pending HTTP request will be aborted if the provided context is 3118// canceled. 3119func (c *ProjectsPolicySetIamPolicyCall) Context(ctx context.Context) *ProjectsPolicySetIamPolicyCall { 3120 c.ctx_ = ctx 3121 return c 3122} 3123 3124// Header returns an http.Header that can be modified by the caller to 3125// add HTTP headers to the request. 3126func (c *ProjectsPolicySetIamPolicyCall) Header() http.Header { 3127 if c.header_ == nil { 3128 c.header_ = make(http.Header) 3129 } 3130 return c.header_ 3131} 3132 3133func (c *ProjectsPolicySetIamPolicyCall) doRequest(alt string) (*http.Response, error) { 3134 reqHeaders := make(http.Header) 3135 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 3136 for k, v := range c.header_ { 3137 reqHeaders[k] = v 3138 } 3139 reqHeaders.Set("User-Agent", c.s.userAgent()) 3140 var body io.Reader = nil 3141 body, err := googleapi.WithoutDataWrapper.JSONReader(c.setiampolicyrequest) 3142 if err != nil { 3143 return nil, err 3144 } 3145 reqHeaders.Set("Content-Type", "application/json") 3146 c.urlParams_.Set("alt", alt) 3147 c.urlParams_.Set("prettyPrint", "false") 3148 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:setIamPolicy") 3149 urls += "?" + c.urlParams_.Encode() 3150 req, err := http.NewRequest("POST", urls, body) 3151 if err != nil { 3152 return nil, err 3153 } 3154 req.Header = reqHeaders 3155 googleapi.Expand(req.URL, map[string]string{ 3156 "resource": c.resource, 3157 }) 3158 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3159} 3160 3161// Do executes the "binaryauthorization.projects.policy.setIamPolicy" call. 3162// Exactly one of *IamPolicy or error will be non-nil. Any non-2xx 3163// status code is an error. Response headers are in either 3164// *IamPolicy.ServerResponse.Header or (if a response was returned at 3165// all) in error.(*googleapi.Error).Header. Use googleapi.IsNotModified 3166// to check whether the returned error was because 3167// http.StatusNotModified was returned. 3168func (c *ProjectsPolicySetIamPolicyCall) Do(opts ...googleapi.CallOption) (*IamPolicy, error) { 3169 gensupport.SetOptions(c.urlParams_, opts...) 3170 res, err := c.doRequest("json") 3171 if res != nil && res.StatusCode == http.StatusNotModified { 3172 if res.Body != nil { 3173 res.Body.Close() 3174 } 3175 return nil, &googleapi.Error{ 3176 Code: res.StatusCode, 3177 Header: res.Header, 3178 } 3179 } 3180 if err != nil { 3181 return nil, err 3182 } 3183 defer googleapi.CloseBody(res) 3184 if err := googleapi.CheckResponse(res); err != nil { 3185 return nil, err 3186 } 3187 ret := &IamPolicy{ 3188 ServerResponse: googleapi.ServerResponse{ 3189 Header: res.Header, 3190 HTTPStatusCode: res.StatusCode, 3191 }, 3192 } 3193 target := &ret 3194 if err := gensupport.DecodeResponse(target, res); err != nil { 3195 return nil, err 3196 } 3197 return ret, nil 3198 // { 3199 // "description": "Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.", 3200 // "flatPath": "v1beta1/projects/{projectsId}/policy:setIamPolicy", 3201 // "httpMethod": "POST", 3202 // "id": "binaryauthorization.projects.policy.setIamPolicy", 3203 // "parameterOrder": [ 3204 // "resource" 3205 // ], 3206 // "parameters": { 3207 // "resource": { 3208 // "description": "REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.", 3209 // "location": "path", 3210 // "pattern": "^projects/[^/]+/policy$", 3211 // "required": true, 3212 // "type": "string" 3213 // } 3214 // }, 3215 // "path": "v1beta1/{+resource}:setIamPolicy", 3216 // "request": { 3217 // "$ref": "SetIamPolicyRequest" 3218 // }, 3219 // "response": { 3220 // "$ref": "IamPolicy" 3221 // }, 3222 // "scopes": [ 3223 // "https://www.googleapis.com/auth/cloud-platform" 3224 // ] 3225 // } 3226 3227} 3228 3229// method id "binaryauthorization.projects.policy.testIamPermissions": 3230 3231type ProjectsPolicyTestIamPermissionsCall struct { 3232 s *Service 3233 resource string 3234 testiampermissionsrequest *TestIamPermissionsRequest 3235 urlParams_ gensupport.URLParams 3236 ctx_ context.Context 3237 header_ http.Header 3238} 3239 3240// TestIamPermissions: Returns permissions that a caller has on the 3241// specified resource. If the resource does not exist, this will return 3242// an empty set of permissions, not a `NOT_FOUND` error. Note: This 3243// operation is designed to be used for building permission-aware UIs 3244// and command-line tools, not for authorization checking. This 3245// operation may "fail open" without warning. 3246// 3247// - resource: REQUIRED: The resource for which the policy detail is 3248// being requested. See the operation documentation for the 3249// appropriate value for this field. 3250func (r *ProjectsPolicyService) TestIamPermissions(resource string, testiampermissionsrequest *TestIamPermissionsRequest) *ProjectsPolicyTestIamPermissionsCall { 3251 c := &ProjectsPolicyTestIamPermissionsCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3252 c.resource = resource 3253 c.testiampermissionsrequest = testiampermissionsrequest 3254 return c 3255} 3256 3257// Fields allows partial responses to be retrieved. See 3258// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3259// for more information. 3260func (c *ProjectsPolicyTestIamPermissionsCall) Fields(s ...googleapi.Field) *ProjectsPolicyTestIamPermissionsCall { 3261 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3262 return c 3263} 3264 3265// Context sets the context to be used in this call's Do method. Any 3266// pending HTTP request will be aborted if the provided context is 3267// canceled. 3268func (c *ProjectsPolicyTestIamPermissionsCall) Context(ctx context.Context) *ProjectsPolicyTestIamPermissionsCall { 3269 c.ctx_ = ctx 3270 return c 3271} 3272 3273// Header returns an http.Header that can be modified by the caller to 3274// add HTTP headers to the request. 3275func (c *ProjectsPolicyTestIamPermissionsCall) Header() http.Header { 3276 if c.header_ == nil { 3277 c.header_ = make(http.Header) 3278 } 3279 return c.header_ 3280} 3281 3282func (c *ProjectsPolicyTestIamPermissionsCall) doRequest(alt string) (*http.Response, error) { 3283 reqHeaders := make(http.Header) 3284 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 3285 for k, v := range c.header_ { 3286 reqHeaders[k] = v 3287 } 3288 reqHeaders.Set("User-Agent", c.s.userAgent()) 3289 var body io.Reader = nil 3290 body, err := googleapi.WithoutDataWrapper.JSONReader(c.testiampermissionsrequest) 3291 if err != nil { 3292 return nil, err 3293 } 3294 reqHeaders.Set("Content-Type", "application/json") 3295 c.urlParams_.Set("alt", alt) 3296 c.urlParams_.Set("prettyPrint", "false") 3297 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+resource}:testIamPermissions") 3298 urls += "?" + c.urlParams_.Encode() 3299 req, err := http.NewRequest("POST", urls, body) 3300 if err != nil { 3301 return nil, err 3302 } 3303 req.Header = reqHeaders 3304 googleapi.Expand(req.URL, map[string]string{ 3305 "resource": c.resource, 3306 }) 3307 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3308} 3309 3310// Do executes the "binaryauthorization.projects.policy.testIamPermissions" call. 3311// Exactly one of *TestIamPermissionsResponse or error will be non-nil. 3312// Any non-2xx status code is an error. Response headers are in either 3313// *TestIamPermissionsResponse.ServerResponse.Header or (if a response 3314// was returned at all) in error.(*googleapi.Error).Header. Use 3315// googleapi.IsNotModified to check whether the returned error was 3316// because http.StatusNotModified was returned. 3317func (c *ProjectsPolicyTestIamPermissionsCall) Do(opts ...googleapi.CallOption) (*TestIamPermissionsResponse, error) { 3318 gensupport.SetOptions(c.urlParams_, opts...) 3319 res, err := c.doRequest("json") 3320 if res != nil && res.StatusCode == http.StatusNotModified { 3321 if res.Body != nil { 3322 res.Body.Close() 3323 } 3324 return nil, &googleapi.Error{ 3325 Code: res.StatusCode, 3326 Header: res.Header, 3327 } 3328 } 3329 if err != nil { 3330 return nil, err 3331 } 3332 defer googleapi.CloseBody(res) 3333 if err := googleapi.CheckResponse(res); err != nil { 3334 return nil, err 3335 } 3336 ret := &TestIamPermissionsResponse{ 3337 ServerResponse: googleapi.ServerResponse{ 3338 Header: res.Header, 3339 HTTPStatusCode: res.StatusCode, 3340 }, 3341 } 3342 target := &ret 3343 if err := gensupport.DecodeResponse(target, res); err != nil { 3344 return nil, err 3345 } 3346 return ret, nil 3347 // { 3348 // "description": "Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a `NOT_FOUND` error. Note: This operation is designed to be used for building permission-aware UIs and command-line tools, not for authorization checking. This operation may \"fail open\" without warning.", 3349 // "flatPath": "v1beta1/projects/{projectsId}/policy:testIamPermissions", 3350 // "httpMethod": "POST", 3351 // "id": "binaryauthorization.projects.policy.testIamPermissions", 3352 // "parameterOrder": [ 3353 // "resource" 3354 // ], 3355 // "parameters": { 3356 // "resource": { 3357 // "description": "REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.", 3358 // "location": "path", 3359 // "pattern": "^projects/[^/]+/policy$", 3360 // "required": true, 3361 // "type": "string" 3362 // } 3363 // }, 3364 // "path": "v1beta1/{+resource}:testIamPermissions", 3365 // "request": { 3366 // "$ref": "TestIamPermissionsRequest" 3367 // }, 3368 // "response": { 3369 // "$ref": "TestIamPermissionsResponse" 3370 // }, 3371 // "scopes": [ 3372 // "https://www.googleapis.com/auth/cloud-platform" 3373 // ] 3374 // } 3375 3376} 3377 3378// method id "binaryauthorization.systempolicy.getPolicy": 3379 3380type SystempolicyGetPolicyCall struct { 3381 s *Service 3382 name string 3383 urlParams_ gensupport.URLParams 3384 ifNoneMatch_ string 3385 ctx_ context.Context 3386 header_ http.Header 3387} 3388 3389// GetPolicy: Gets the current system policy in the specified location. 3390// 3391// - name: The resource name, in the format `locations/*/policy`. Note 3392// that the system policy is not associated with a project. 3393func (r *SystempolicyService) GetPolicy(name string) *SystempolicyGetPolicyCall { 3394 c := &SystempolicyGetPolicyCall{s: r.s, urlParams_: make(gensupport.URLParams)} 3395 c.name = name 3396 return c 3397} 3398 3399// Fields allows partial responses to be retrieved. See 3400// https://developers.google.com/gdata/docs/2.0/basics#PartialResponse 3401// for more information. 3402func (c *SystempolicyGetPolicyCall) Fields(s ...googleapi.Field) *SystempolicyGetPolicyCall { 3403 c.urlParams_.Set("fields", googleapi.CombineFields(s)) 3404 return c 3405} 3406 3407// IfNoneMatch sets the optional parameter which makes the operation 3408// fail if the object's ETag matches the given value. This is useful for 3409// getting updates only after the object has changed since the last 3410// request. Use googleapi.IsNotModified to check whether the response 3411// error from Do is the result of In-None-Match. 3412func (c *SystempolicyGetPolicyCall) IfNoneMatch(entityTag string) *SystempolicyGetPolicyCall { 3413 c.ifNoneMatch_ = entityTag 3414 return c 3415} 3416 3417// Context sets the context to be used in this call's Do method. Any 3418// pending HTTP request will be aborted if the provided context is 3419// canceled. 3420func (c *SystempolicyGetPolicyCall) Context(ctx context.Context) *SystempolicyGetPolicyCall { 3421 c.ctx_ = ctx 3422 return c 3423} 3424 3425// Header returns an http.Header that can be modified by the caller to 3426// add HTTP headers to the request. 3427func (c *SystempolicyGetPolicyCall) Header() http.Header { 3428 if c.header_ == nil { 3429 c.header_ = make(http.Header) 3430 } 3431 return c.header_ 3432} 3433 3434func (c *SystempolicyGetPolicyCall) doRequest(alt string) (*http.Response, error) { 3435 reqHeaders := make(http.Header) 3436 reqHeaders.Set("x-goog-api-client", "gl-go/"+gensupport.GoVersion()+" gdcl/20211201") 3437 for k, v := range c.header_ { 3438 reqHeaders[k] = v 3439 } 3440 reqHeaders.Set("User-Agent", c.s.userAgent()) 3441 if c.ifNoneMatch_ != "" { 3442 reqHeaders.Set("If-None-Match", c.ifNoneMatch_) 3443 } 3444 var body io.Reader = nil 3445 c.urlParams_.Set("alt", alt) 3446 c.urlParams_.Set("prettyPrint", "false") 3447 urls := googleapi.ResolveRelative(c.s.BasePath, "v1beta1/{+name}") 3448 urls += "?" + c.urlParams_.Encode() 3449 req, err := http.NewRequest("GET", urls, body) 3450 if err != nil { 3451 return nil, err 3452 } 3453 req.Header = reqHeaders 3454 googleapi.Expand(req.URL, map[string]string{ 3455 "name": c.name, 3456 }) 3457 return gensupport.SendRequest(c.ctx_, c.s.client, req) 3458} 3459 3460// Do executes the "binaryauthorization.systempolicy.getPolicy" call. 3461// Exactly one of *Policy or error will be non-nil. Any non-2xx status 3462// code is an error. Response headers are in either 3463// *Policy.ServerResponse.Header or (if a response was returned at all) 3464// in error.(*googleapi.Error).Header. Use googleapi.IsNotModified to 3465// check whether the returned error was because http.StatusNotModified 3466// was returned. 3467func (c *SystempolicyGetPolicyCall) Do(opts ...googleapi.CallOption) (*Policy, error) { 3468 gensupport.SetOptions(c.urlParams_, opts...) 3469 res, err := c.doRequest("json") 3470 if res != nil && res.StatusCode == http.StatusNotModified { 3471 if res.Body != nil { 3472 res.Body.Close() 3473 } 3474 return nil, &googleapi.Error{ 3475 Code: res.StatusCode, 3476 Header: res.Header, 3477 } 3478 } 3479 if err != nil { 3480 return nil, err 3481 } 3482 defer googleapi.CloseBody(res) 3483 if err := googleapi.CheckResponse(res); err != nil { 3484 return nil, err 3485 } 3486 ret := &Policy{ 3487 ServerResponse: googleapi.ServerResponse{ 3488 Header: res.Header, 3489 HTTPStatusCode: res.StatusCode, 3490 }, 3491 } 3492 target := &ret 3493 if err := gensupport.DecodeResponse(target, res); err != nil { 3494 return nil, err 3495 } 3496 return ret, nil 3497 // { 3498 // "description": "Gets the current system policy in the specified location.", 3499 // "flatPath": "v1beta1/locations/{locationsId}/policy", 3500 // "httpMethod": "GET", 3501 // "id": "binaryauthorization.systempolicy.getPolicy", 3502 // "parameterOrder": [ 3503 // "name" 3504 // ], 3505 // "parameters": { 3506 // "name": { 3507 // "description": "Required. The resource name, in the format `locations/*/policy`. Note that the system policy is not associated with a project.", 3508 // "location": "path", 3509 // "pattern": "^locations/[^/]+/policy$", 3510 // "required": true, 3511 // "type": "string" 3512 // } 3513 // }, 3514 // "path": "v1beta1/{+name}", 3515 // "response": { 3516 // "$ref": "Policy" 3517 // }, 3518 // "scopes": [ 3519 // "https://www.googleapis.com/auth/cloud-platform" 3520 // ] 3521 // } 3522 3523} 3524