fix: Modify the bazel.BUILD file by hand to include the compliance protos which are not autogenerated

PiperOrigin-RevId: 420306668
3 years ago · 9a8910e4ea
parent 111609236c
commit 9a8910e4ea
9 changed files with 298 additions and 89 deletions
--- a/google/devtools/containeranalysis/v1/BUILD.bazel
+++ b/google/devtools/containeranalysis/v1/BUILD.bazel
@ -1,4 +1,13 @@
 # This file was automatically generated by BuildFileGenerator
+# https://github.com/googleapis/rules_gapic/tree/master/bazel
+
+# Most of the manual changes to this file will be overwritten.
+# It's **only** allowed to change the following rule attribute values:
+# - names of *_gapic_assembly_* rules
+# - certain parameters of *_gapic_library rules, including but not limited to:
+#    * extra_protoc_parameters
+#    * extra_protoc_file_parameters
+# The complete list of preserved parameters can be found in the source code.

 # This is an API workspace, having public visibility by default makes perfect sense.
 package(default_visibility = ["//visibility:public"])
@ -74,13 +83,16 @@ java_gapic_library(
    srcs = [":containeranalysis_proto_with_info"],
    gapic_yaml = "containeranalysis_gapic.yaml",
    grpc_service_config = "containeranalysis_grpc_service_config.json",
+    service_yaml = "containeranalysis_v1.yaml",
    test_deps = [
        ":containeranalysis_java_grpc",
        "//google/iam/v1:iam_java_grpc",
    ],
    deps = [
        ":containeranalysis_java_proto",
+        "//google/api:api_java_proto",
        "//google/iam/v1:iam_java_proto",
+        "//grafeas/v1:common_java_proto",
    ],
 )

@ -125,38 +137,38 @@ go_proto_library(
        "//grafeas/v1:grafeas_go_proto",
    ],
 )
-# Fix compilation error
-#  cloud.google.com/go/containeranalysis/apiv1/container_analysis_client.go:66:9: undefined: containeranalysispb
-#go_gapic_library(
-#    name = "containeranalysis_go_gapic",
-#    src = ":containeranalysis_proto_with_info",
-#    gapic_yaml = "containeranalysis_gapic.yaml",
-#    importpath = "cloud.google.com/go/containeranalysis/apiv1",
-#    package = "google.devtools.containeranalysis.v1",
-#    service_yaml = "//google/devtools/containeranalysis:containeranalysis_v1.yaml",
-#    deps = [
-#        ":containeranalysis_go_proto",
-#        "//google/iam/v1:iam_go_proto",
-#    ],
-#)
-#
-#go_test(
-#    name = "containeranalysis_go_gapic_test",
-#    srcs = [":containeranalysis_go_gapic_srcjar_test"],
-#    embed = [":containeranalysis_go_gapic"],
-#    importpath = "cloud.google.com/go/containeranalysis/apiv1",
-#)
-#
-## Open Source Packages
-#go_gapic_assembly_pkg(
-#    name = "gapi-cloud-devtools-containeranalysis-v1-go",
-#    deps = [
-#        ":containeranalysis_go_gapic",
-#        ":containeranalysis_go_gapic_srcjar-smoke-test.srcjar",
-#        ":containeranalysis_go_gapic_srcjar-test.srcjar",
-#        ":containeranalysis_go_proto",
-#    ],
-#)
+
+# go_gapic_library(
+#     name = "containeranalysis_go_gapic",
+#     srcs = [":containeranalysis_proto_with_info"],
+#     grpc_service_config = "containeranalysis_grpc_service_config.json",
+#     importpath = "cloud.google.com/go/devtools/containeranalysis/apiv1;containeranalysis",
+#     metadata = True,
+#     service_yaml = "containeranalysis_v1.yaml",
+#     deps = [
+#         ":containeranalysis_go_proto",
+#         "//google/iam/v1:iam_go_proto",
+#         "//grafeas/v1:common_go_proto",
+#     ],
+# )
+
+# go_test(
+#     name = "containeranalysis_go_gapic_test",
+#     srcs = [":containeranalysis_go_gapic_srcjar_test"],
+#     embed = [":containeranalysis_go_gapic"],
+#     importpath = "cloud.google.com/go/devtools/containeranalysis/apiv1",
+# )
+
+# # Open Source Packages
+# go_gapic_assembly_pkg(
+#     name = "gapi-cloud-devtools-containeranalysis-v1-go",
+#     deps = [
+#         ":containeranalysis_go_gapic",
+#         ":containeranalysis_go_gapic_srcjar-metadata.srcjar",
+#         ":containeranalysis_go_gapic_srcjar-test.srcjar",
+#         ":containeranalysis_go_proto",
+#     ],
+# )

 ##############################################################################
 # Python
@ -208,6 +220,7 @@ php_gapic_library(
    name = "containeranalysis_php_gapic",
    srcs = [":containeranalysis_proto_with_info"],
    grpc_service_config = "containeranalysis_grpc_service_config.json",
+    service_yaml = "containeranalysis_v1.yaml",
    deps = [
        ":containeranalysis_php_grpc",
        ":containeranalysis_php_proto",
--- a/google/devtools/containeranalysis/v1/containeranalysis.proto
+++ b/google/devtools/containeranalysis/v1/containeranalysis.proto
@ -1,4 +1,4 @@
-// Copyright 2019 Google LLC
+// Copyright 2021 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@ -23,7 +23,9 @@ import "google/api/resource.proto";
 import "google/iam/v1/iam_policy.proto";
 import "google/iam/v1/policy.proto";
 import "google/protobuf/timestamp.proto";
-import "grafeas/v1/vulnerability.proto";
+import "grafeas/v1/common.proto";
+import "grafeas/v1/grafeas.proto";
+import "grafeas/v1/severity.proto";

 option csharp_namespace = "Google.Cloud.DevTools.ContainerAnalysis.V1";
 option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1;containeranalysis";
@ -48,8 +50,7 @@ option php_namespace = "Google\\Cloud\\ContainerAnalysis\\V1";
 // image with the vulnerability referring to that note.
 service ContainerAnalysis {
  option (google.api.default_host) = "containeranalysis.googleapis.com";
-  option (google.api.oauth_scopes) =
-      "https://www.googleapis.com/auth/cloud-platform";
+  option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform";

  // Sets the access control policy on the specified note or occurrence.
  // Requires `containeranalysis.notes.setIamPolicy` or
@ -59,8 +60,7 @@ service ContainerAnalysis {
  // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
  // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
  // occurrences.
-  rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest)
-      returns (google.iam.v1.Policy) {
+  rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) {
    option (google.api.http) = {
      post: "/v1/{resource=projects/*/notes/*}:setIamPolicy"
      body: "*"
@ -80,8 +80,7 @@ service ContainerAnalysis {
  // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
  // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
  // occurrences.
-  rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest)
-      returns (google.iam.v1.Policy) {
+  rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) {
    option (google.api.http) = {
      post: "/v1/{resource=projects/*/notes/*}:getIamPolicy"
      body: "*"
@ -100,8 +99,7 @@ service ContainerAnalysis {
  // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
  // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
  // occurrences.
-  rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest)
-      returns (google.iam.v1.TestIamPermissionsResponse) {
+  rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) {
    option (google.api.http) = {
      post: "/v1/{resource=projects/*/notes/*}:testIamPermissions"
      body: "*"
@ -114,9 +112,7 @@ service ContainerAnalysis {
  }

  // Gets a summary of the number and severity of occurrences.
-  rpc GetVulnerabilityOccurrencesSummary(
-      GetVulnerabilityOccurrencesSummaryRequest)
-      returns (VulnerabilityOccurrencesSummary) {
+  rpc GetVulnerabilityOccurrencesSummary(GetVulnerabilityOccurrencesSummaryRequest) returns (VulnerabilityOccurrencesSummary) {
    option (google.api.http) = {
      get: "/v1/{parent=projects/*}/occurrences:vulnerabilitySummary"
    };
@ -126,12 +122,13 @@ service ContainerAnalysis {

 // Request to get a vulnerability summary for some set of occurrences.
 message GetVulnerabilityOccurrencesSummaryRequest {
-  // The name of the project to get a vulnerability summary for in the form of
+  // Required. The name of the project to get a vulnerability summary for in the form of
  // `projects/[PROJECT_ID]`.
  string parent = 1 [
-    (google.api.resource_reference).type =
-        "cloudresourcemanager.googleapis.com/Project",
-    (google.api.field_behavior) = REQUIRED
+    (google.api.field_behavior) = REQUIRED,
+    (google.api.resource_reference) = {
+      type: "cloudresourcemanager.googleapis.com/Project"
+    }
  ];

  // The filter expression.
--- a/google/devtools/containeranalysis/v1/containeranalysis_v1.yaml
+++ b/google/devtools/containeranalysis/v1/containeranalysis_v1.yaml
@ -18,8 +18,6 @@ backend:
  rules:
  - selector: 'google.devtools.containeranalysis.v1.ContainerAnalysis.*'
    deadline: 30.0
-  - selector: 'google.longrunning.Operations.*'
-    deadline: 30.0

 authentication:
  rules:
@ -27,7 +25,3 @@ authentication:
    oauth:
      canonical_scopes: |-
        https://www.googleapis.com/auth/cloud-platform
-  - selector: 'google.longrunning.Operations.*'
-    oauth:
-      canonical_scopes: |-
-        https://www.googleapis.com/auth/cloud-platform
--- a/grafeas/v1/BUILD.bazel
+++ b/grafeas/v1/BUILD.bazel
@ -35,6 +35,7 @@ proto_library(
        "intoto_statement.proto",
        "package.proto",
        "provenance.proto",
+        "severity.proto",
        "slsa_provenance.proto",
        "upgrade.proto",
        "vulnerability.proto",
@ -60,6 +61,66 @@ proto_library_with_info(
    ],
 )

+# The compliance_proto, common_proto and severity_proto targets were added so
+# that clients can depend on those specific targets rather than grafeas_proto.
+# Some clients that run code on certain VMs needed the smaller targets. Note
+# that these were added by hand and were not autogenerated. Please ensure that
+# these are not deleted while updating this file.
+proto_library(
+    name = "compliance_proto",
+    srcs = [
+        "compliance.proto",
+    ],
+    deps = [
+        "//google/api:annotations_proto",
+        "//google/api:client_proto",
+        "//google/api:field_behavior_proto",
+        "//google/api:resource_proto",
+        "//google/rpc:status_proto",
+        ":severity_proto",
+        "@com_google_protobuf//:any_proto",
+        "@com_google_protobuf//:empty_proto",
+        "@com_google_protobuf//:field_mask_proto",
+        "@com_google_protobuf//:timestamp_proto",
+    ],
+)
+
+proto_library(
+    name = "common_proto",
+    srcs = [
+        "common.proto",
+    ],
+    deps = [
+        "//google/api:annotations_proto",
+        "//google/api:client_proto",
+        "//google/api:field_behavior_proto",
+        "//google/api:resource_proto",
+        "//google/rpc:status_proto",
+        "@com_google_protobuf//:any_proto",
+        "@com_google_protobuf//:empty_proto",
+        "@com_google_protobuf//:field_mask_proto",
+        "@com_google_protobuf//:timestamp_proto",
+    ],
+)
+
+proto_library(
+    name = "severity_proto",
+    srcs = [
+        "severity.proto",
+    ],
+    deps = [
+        "//google/api:annotations_proto",
+        "//google/api:client_proto",
+        "//google/api:field_behavior_proto",
+        "//google/api:resource_proto",
+        "//google/rpc:status_proto",
+        "@com_google_protobuf//:any_proto",
+        "@com_google_protobuf//:empty_proto",
+        "@com_google_protobuf//:field_mask_proto",
+        "@com_google_protobuf//:timestamp_proto",
+    ],
+)
+
 ##############################################################################
 # Java
 ##############################################################################
@ -94,6 +155,7 @@ java_gapic_library(
    ],
    deps = [
        ":grafeas_java_proto",
+        ":common_proto",
        "//google/api:api_java_proto",
    ],
 )
@ -103,7 +165,9 @@ java_gapic_test(
    test_classes = [
        "io.grafeas.v1.GrafeasClientTest",
    ],
-    runtime_deps = [":grafeas_java_gapic_test"],
+    runtime_deps = [":grafeas_java_gapic_test",
+                    ":common_proto",
+                   ],
 )

 # Open Source Packages
@ -117,6 +181,10 @@ java_gapic_assembly_gradle_pkg(
    ],
 )

+java_proto_library(
+    name = "common_java_proto",
+    deps = [":common_proto"],
+)
 ##############################################################################
 # Go
 ##############################################################################
@ -132,7 +200,8 @@ go_proto_library(
    name = "grafeas_go_proto",
    compilers = ["@io_bazel_rules_go//proto:go_grpc"],
    importpath = "google.golang.org/genproto/googleapis/grafeas/v1",
-    protos = [":grafeas_proto"],
+    protos = [":grafeas_proto",
+             ],
    deps = [
        "//google/api:annotations_go_proto",
        "//google/rpc:status_go_proto",
@ -169,6 +238,47 @@ go_gapic_assembly_pkg(
    ],
 )

+# The compliance_go_proto, common_go_proto and severity_go_proto targets were
+# added so that clients can depend on those specific targets rather than
+# grafeas_proto. Some clients that run code on certain VMs needed the
+# smaller targets. Note that these were added by hand and were not
+# autogenerated. Please ensure that these are not deleted while updating this
+# file.
+go_proto_library(
+    name = "compliance_go_proto",
+    compilers = ["@io_bazel_rules_go//proto:go_grpc"],
+    importpath = "google.golang.org/genproto/googleapis/grafeas/v1",
+    protos = [":compliance_proto",
+              ":severity_proto",
+              ],
+    deps = [
+        "//google/api:annotations_go_proto",
+        "//google/rpc:status_go_proto",
+    ],
+)
+
+go_proto_library(
+    name = "common_go_proto",
+    compilers = ["@io_bazel_rules_go//proto:go_grpc"],
+    importpath = "google.golang.org/genproto/googleapis/grafeas/v1",
+    protos = [":common_proto"],
+    deps = [
+        "//google/api:annotations_go_proto",
+        "//google/rpc:status_go_proto",
+    ],
+)
+
+go_proto_library(
+    name = "severity_go_proto",
+    compilers = ["@io_bazel_rules_go//proto:go_grpc"],
+    importpath = "google.golang.org/genproto/googleapis/grafeas/v1",
+    protos = [":severity_proto"],
+    deps = [
+        "//google/api:annotations_go_proto",
+        "//google/rpc:status_go_proto",
+    ],
+)
+
 ##############################################################################
 # Python
 ##############################################################################
@ -371,7 +481,7 @@ cc_proto_library(
 )

 cc_grpc_library(
-    name = "logging_cc_grpc",
+    name = "grafeas_cc_grpc",
    srcs = [":grafeas_proto"],
    grpc_only = True,
    deps = [":grafeas_cc_proto"],
--- a/grafeas/v1/compliance.proto
+++ b/grafeas/v1/compliance.proto
@ -16,7 +16,7 @@ syntax = "proto3";

 package grafeas.v1;

-import "grafeas/v1/vulnerability.proto";
+import "grafeas/v1/severity.proto";

 option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
 option java_multiple_files = true;
--- a/grafeas/v1/cvss.proto
+++ b/grafeas/v1/cvss.proto
@ -83,3 +83,78 @@ message CVSSv3 {
    IMPACT_NONE = 3;
  }
 }
+
+// Common Vulnerability Scoring System.
+// For details, see https://www.first.org/cvss/specification-document
+// This is a message we will try to use for storing multiple versions of
+// CVSS. The intention is that as new versions of CVSS scores get added, we
+// will be able to modify this message rather than adding new protos for each
+// new version of the score.
+message CVSS {
+  // The base score is a function of the base metric scores.
+  float base_score = 1;
+
+  float exploitability_score = 2;
+
+  float impact_score = 3;
+
+  // Base Metrics
+  // Represents the intrinsic characteristics of a vulnerability that are
+  // constant over time and across user environments.
+  AttackVector attack_vector = 4;
+  AttackComplexity attack_complexity = 5;
+  Authentication authentication = 6;
+  PrivilegesRequired privileges_required = 7;
+  UserInteraction user_interaction = 8;
+  Scope scope = 9;
+  Impact confidentiality_impact = 10;
+  Impact integrity_impact = 11;
+  Impact availability_impact = 12;
+
+  enum AttackVector {
+    ATTACK_VECTOR_UNSPECIFIED = 0;
+    ATTACK_VECTOR_NETWORK = 1;
+    ATTACK_VECTOR_ADJACENT = 2;
+    ATTACK_VECTOR_LOCAL = 3;
+    ATTACK_VECTOR_PHYSICAL = 4;
+  }
+
+  enum AttackComplexity {
+    ATTACK_COMPLEXITY_UNSPECIFIED = 0;
+    ATTACK_COMPLEXITY_LOW = 1;
+    ATTACK_COMPLEXITY_HIGH = 2;
+  }
+
+  enum Authentication {
+    AUTHENTICATION_UNSPECIFIED = 0;
+    AUTHENTICATION_MULTIPLE = 1;
+    AUTHENTICATION_SINGLE = 2;
+    AUTHENTICATION_NONE = 3;
+  }
+
+  enum PrivilegesRequired {
+    PRIVILEGES_REQUIRED_UNSPECIFIED = 0;
+    PRIVILEGES_REQUIRED_NONE = 1;
+    PRIVILEGES_REQUIRED_LOW = 2;
+    PRIVILEGES_REQUIRED_HIGH = 3;
+  }
+
+  enum UserInteraction {
+    USER_INTERACTION_UNSPECIFIED = 0;
+    USER_INTERACTION_NONE = 1;
+    USER_INTERACTION_REQUIRED = 2;
+  }
+
+  enum Scope {
+    SCOPE_UNSPECIFIED = 0;
+    SCOPE_UNCHANGED = 1;
+    SCOPE_CHANGED = 2;
+  }
+
+  enum Impact {
+    IMPACT_UNSPECIFIED = 0;
+    IMPACT_HIGH = 1;
+    IMPACT_LOW = 2;
+    IMPACT_NONE = 3;
+  }
+}
--- a/grafeas/v1/discovery.proto
+++ b/grafeas/v1/discovery.proto
@ -16,6 +16,7 @@ syntax = "proto3";

 package grafeas.v1;

+import "google/api/field_behavior.proto";
 import "google/protobuf/timestamp.proto";
 import "google/rpc/status.proto";
 import "grafeas/v1/common.proto";
@ -80,4 +81,8 @@ message DiscoveryOccurrence {

  // The last time this resource was scanned.
  google.protobuf.Timestamp last_scan_time = 5;
+
+  // The time occurrences related to this discovery occurrence were archived.
+  google.protobuf.Timestamp archive_time = 6
+      [(google.api.field_behavior) = OUTPUT_ONLY];
 }
--- a/grafeas/v1/severity.proto
+++ b/grafeas/v1/severity.proto
@ -0,0 +1,38 @@
+// Copyright 2021 The Grafeas Authors. All rights reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//    http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package grafeas.v1;
+
+option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
+option java_multiple_files = true;
+option java_package = "io.grafeas.v1";
+option objc_class_prefix = "GRA";
+
+// Note provider assigned severity/impact ranking.
+enum Severity {
+  // Unknown.
+  SEVERITY_UNSPECIFIED = 0;
+  // Minimal severity.
+  MINIMAL = 1;
+  // Low severity.
+  LOW = 2;
+  // Medium severity.
+  MEDIUM = 3;
+  // High severity.
+  HIGH = 4;
+  // Critical severity.
+  CRITICAL = 5;
+}
--- a/grafeas/v1/vulnerability.proto
+++ b/grafeas/v1/vulnerability.proto
@ -21,28 +21,13 @@ import "google/protobuf/timestamp.proto";
 import "grafeas/v1/common.proto";
 import "grafeas/v1/cvss.proto";
 import "grafeas/v1/package.proto";
+import "grafeas/v1/severity.proto";

 option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas";
 option java_multiple_files = true;
 option java_package = "io.grafeas.v1";
 option objc_class_prefix = "GRA";

-// Note provider assigned severity/impact ranking.
-enum Severity {
-  // Unknown.
-  SEVERITY_UNSPECIFIED = 0;
-  // Minimal severity.
-  MINIMAL = 1;
-  // Low severity.
-  LOW = 2;
-  // Medium severity.
-  MEDIUM = 3;
-  // High severity.
-  HIGH = 4;
-  // Critical severity.
-  CRITICAL = 5;
-}
-
 // A security vulnerability that can be found in resources.
 message VulnerabilityNote {
  // The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10
@ -50,7 +35,7 @@ message VulnerabilityNote {
  float cvss_score = 1;

  // The note provider assigned severity of this vulnerability.
-  Severity severity = 2;
+  grafeas.v1.Severity severity = 2;

  // Details of all known distros and packages affected by this vulnerability.
  repeated Detail details = 3;
@ -172,24 +157,15 @@ message VulnerabilityOccurrence {
  string type = 1;

  // Output only. The note provider assigned severity of this vulnerability.
-  Severity severity = 2;
+  grafeas.v1.Severity severity = 2;

  // Output only. The CVSS score of this vulnerability. CVSS score is on a
  // scale of 0 - 10 where 0 indicates low severity and 10 indicates high
  // severity.
  float cvss_score = 3;

-  // The CVSS v3 score for this vulnerability.
-  message CVSSV3 {
-    // The base score for for this vulnerability according to cvss v3.
-    float base_score = 1;
-    // The severity rating assigned to this vulnerability by vulnerability
-    // provider.
-    Severity severity = 2;
-  }
-
  // The cvss v3 score for the vulnerability.
-  CVSSV3 cvssv3 = 10;
+  CVSS cvssv3 = 10;

  // Required. The set of affected locations and their fixes (if available)
  // within the associated resource.
@ -231,7 +207,8 @@ message VulnerabilityOccurrence {
    // The distro or language system assigned severity for this vulnerability
    // when that is available and note provider assigned severity when it is not
    // available.
-    Severity effective_severity = 9 [(google.api.field_behavior) = OUTPUT_ONLY];
+    grafeas.v1.Severity effective_severity = 9
+        [(google.api.field_behavior) = OUTPUT_ONLY];
  }

  // Output only. A one sentence description of this vulnerability.
@ -253,7 +230,7 @@ message VulnerabilityOccurrence {
  // PackageIssue level. In the case where multiple PackageIssues have differing
  // effective severities, this field should be the highest severity for any of
  // the PackageIssues.
-  Severity effective_severity = 8;
+  grafeas.v1.Severity effective_severity = 8;

  // Output only. Whether at least one of the affected packages has a fix
  // available.