diff --git a/google/devtools/containeranalysis/v1/BUILD.bazel b/google/devtools/containeranalysis/v1/BUILD.bazel index 86d88d62d..7fd45d4dc 100644 --- a/google/devtools/containeranalysis/v1/BUILD.bazel +++ b/google/devtools/containeranalysis/v1/BUILD.bazel @@ -1,4 +1,13 @@ # This file was automatically generated by BuildFileGenerator +# https://github.com/googleapis/rules_gapic/tree/master/bazel + +# Most of the manual changes to this file will be overwritten. +# It's **only** allowed to change the following rule attribute values: +# - names of *_gapic_assembly_* rules +# - certain parameters of *_gapic_library rules, including but not limited to: +# * extra_protoc_parameters +# * extra_protoc_file_parameters +# The complete list of preserved parameters can be found in the source code. # This is an API workspace, having public visibility by default makes perfect sense. package(default_visibility = ["//visibility:public"]) @@ -74,13 +83,16 @@ java_gapic_library( srcs = [":containeranalysis_proto_with_info"], gapic_yaml = "containeranalysis_gapic.yaml", grpc_service_config = "containeranalysis_grpc_service_config.json", + service_yaml = "containeranalysis_v1.yaml", test_deps = [ ":containeranalysis_java_grpc", "//google/iam/v1:iam_java_grpc", ], deps = [ ":containeranalysis_java_proto", + "//google/api:api_java_proto", "//google/iam/v1:iam_java_proto", + "//grafeas/v1:common_java_proto", ], ) @@ -125,38 +137,38 @@ go_proto_library( "//grafeas/v1:grafeas_go_proto", ], ) -# Fix compilation error -# cloud.google.com/go/containeranalysis/apiv1/container_analysis_client.go:66:9: undefined: containeranalysispb -#go_gapic_library( -# name = "containeranalysis_go_gapic", -# src = ":containeranalysis_proto_with_info", -# gapic_yaml = "containeranalysis_gapic.yaml", -# importpath = "cloud.google.com/go/containeranalysis/apiv1", -# package = "google.devtools.containeranalysis.v1", -# service_yaml = "//google/devtools/containeranalysis:containeranalysis_v1.yaml", -# deps = [ -# ":containeranalysis_go_proto", -# "//google/iam/v1:iam_go_proto", -# ], -#) -# -#go_test( -# name = "containeranalysis_go_gapic_test", -# srcs = [":containeranalysis_go_gapic_srcjar_test"], -# embed = [":containeranalysis_go_gapic"], -# importpath = "cloud.google.com/go/containeranalysis/apiv1", -#) -# -## Open Source Packages -#go_gapic_assembly_pkg( -# name = "gapi-cloud-devtools-containeranalysis-v1-go", -# deps = [ -# ":containeranalysis_go_gapic", -# ":containeranalysis_go_gapic_srcjar-smoke-test.srcjar", -# ":containeranalysis_go_gapic_srcjar-test.srcjar", -# ":containeranalysis_go_proto", -# ], -#) + +# go_gapic_library( +# name = "containeranalysis_go_gapic", +# srcs = [":containeranalysis_proto_with_info"], +# grpc_service_config = "containeranalysis_grpc_service_config.json", +# importpath = "cloud.google.com/go/devtools/containeranalysis/apiv1;containeranalysis", +# metadata = True, +# service_yaml = "containeranalysis_v1.yaml", +# deps = [ +# ":containeranalysis_go_proto", +# "//google/iam/v1:iam_go_proto", +# "//grafeas/v1:common_go_proto", +# ], +# ) + +# go_test( +# name = "containeranalysis_go_gapic_test", +# srcs = [":containeranalysis_go_gapic_srcjar_test"], +# embed = [":containeranalysis_go_gapic"], +# importpath = "cloud.google.com/go/devtools/containeranalysis/apiv1", +# ) + +# # Open Source Packages +# go_gapic_assembly_pkg( +# name = "gapi-cloud-devtools-containeranalysis-v1-go", +# deps = [ +# ":containeranalysis_go_gapic", +# ":containeranalysis_go_gapic_srcjar-metadata.srcjar", +# ":containeranalysis_go_gapic_srcjar-test.srcjar", +# ":containeranalysis_go_proto", +# ], +# ) ############################################################################## # Python @@ -208,6 +220,7 @@ php_gapic_library( name = "containeranalysis_php_gapic", srcs = [":containeranalysis_proto_with_info"], grpc_service_config = "containeranalysis_grpc_service_config.json", + service_yaml = "containeranalysis_v1.yaml", deps = [ ":containeranalysis_php_grpc", ":containeranalysis_php_proto", diff --git a/google/devtools/containeranalysis/v1/containeranalysis.proto b/google/devtools/containeranalysis/v1/containeranalysis.proto index 2bd968c0c..2bfd52ccf 100644 --- a/google/devtools/containeranalysis/v1/containeranalysis.proto +++ b/google/devtools/containeranalysis/v1/containeranalysis.proto @@ -1,4 +1,4 @@ -// Copyright 2019 Google LLC +// Copyright 2021 Google LLC // // Licensed under the Apache License, Version 2.0 (the "License"); // you may not use this file except in compliance with the License. @@ -23,7 +23,9 @@ import "google/api/resource.proto"; import "google/iam/v1/iam_policy.proto"; import "google/iam/v1/policy.proto"; import "google/protobuf/timestamp.proto"; -import "grafeas/v1/vulnerability.proto"; +import "grafeas/v1/common.proto"; +import "grafeas/v1/grafeas.proto"; +import "grafeas/v1/severity.proto"; option csharp_namespace = "Google.Cloud.DevTools.ContainerAnalysis.V1"; option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1;containeranalysis"; @@ -48,8 +50,7 @@ option php_namespace = "Google\\Cloud\\ContainerAnalysis\\V1"; // image with the vulnerability referring to that note. service ContainerAnalysis { option (google.api.default_host) = "containeranalysis.googleapis.com"; - option (google.api.oauth_scopes) = - "https://www.googleapis.com/auth/cloud-platform"; + option (google.api.oauth_scopes) = "https://www.googleapis.com/auth/cloud-platform"; // Sets the access control policy on the specified note or occurrence. // Requires `containeranalysis.notes.setIamPolicy` or @@ -59,8 +60,7 @@ service ContainerAnalysis { // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for // occurrences. - rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) - returns (google.iam.v1.Policy) { + rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest) returns (google.iam.v1.Policy) { option (google.api.http) = { post: "/v1/{resource=projects/*/notes/*}:setIamPolicy" body: "*" @@ -80,8 +80,7 @@ service ContainerAnalysis { // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for // occurrences. - rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) - returns (google.iam.v1.Policy) { + rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest) returns (google.iam.v1.Policy) { option (google.api.http) = { post: "/v1/{resource=projects/*/notes/*}:getIamPolicy" body: "*" @@ -100,8 +99,7 @@ service ContainerAnalysis { // The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for // notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for // occurrences. - rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) - returns (google.iam.v1.TestIamPermissionsResponse) { + rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest) returns (google.iam.v1.TestIamPermissionsResponse) { option (google.api.http) = { post: "/v1/{resource=projects/*/notes/*}:testIamPermissions" body: "*" @@ -114,9 +112,7 @@ service ContainerAnalysis { } // Gets a summary of the number and severity of occurrences. - rpc GetVulnerabilityOccurrencesSummary( - GetVulnerabilityOccurrencesSummaryRequest) - returns (VulnerabilityOccurrencesSummary) { + rpc GetVulnerabilityOccurrencesSummary(GetVulnerabilityOccurrencesSummaryRequest) returns (VulnerabilityOccurrencesSummary) { option (google.api.http) = { get: "/v1/{parent=projects/*}/occurrences:vulnerabilitySummary" }; @@ -126,12 +122,13 @@ service ContainerAnalysis { // Request to get a vulnerability summary for some set of occurrences. message GetVulnerabilityOccurrencesSummaryRequest { - // The name of the project to get a vulnerability summary for in the form of + // Required. The name of the project to get a vulnerability summary for in the form of // `projects/[PROJECT_ID]`. string parent = 1 [ - (google.api.resource_reference).type = - "cloudresourcemanager.googleapis.com/Project", - (google.api.field_behavior) = REQUIRED + (google.api.field_behavior) = REQUIRED, + (google.api.resource_reference) = { + type: "cloudresourcemanager.googleapis.com/Project" + } ]; // The filter expression. diff --git a/google/devtools/containeranalysis/v1/containeranalysis_v1.yaml b/google/devtools/containeranalysis/v1/containeranalysis_v1.yaml index e1015739f..c59b10186 100644 --- a/google/devtools/containeranalysis/v1/containeranalysis_v1.yaml +++ b/google/devtools/containeranalysis/v1/containeranalysis_v1.yaml @@ -18,8 +18,6 @@ backend: rules: - selector: 'google.devtools.containeranalysis.v1.ContainerAnalysis.*' deadline: 30.0 - - selector: 'google.longrunning.Operations.*' - deadline: 30.0 authentication: rules: @@ -27,7 +25,3 @@ authentication: oauth: canonical_scopes: |- https://www.googleapis.com/auth/cloud-platform - - selector: 'google.longrunning.Operations.*' - oauth: - canonical_scopes: |- - https://www.googleapis.com/auth/cloud-platform diff --git a/grafeas/v1/BUILD.bazel b/grafeas/v1/BUILD.bazel index 1d8e8e628..e29021b2c 100644 --- a/grafeas/v1/BUILD.bazel +++ b/grafeas/v1/BUILD.bazel @@ -35,6 +35,7 @@ proto_library( "intoto_statement.proto", "package.proto", "provenance.proto", + "severity.proto", "slsa_provenance.proto", "upgrade.proto", "vulnerability.proto", @@ -60,6 +61,66 @@ proto_library_with_info( ], ) +# The compliance_proto, common_proto and severity_proto targets were added so +# that clients can depend on those specific targets rather than grafeas_proto. +# Some clients that run code on certain VMs needed the smaller targets. Note +# that these were added by hand and were not autogenerated. Please ensure that +# these are not deleted while updating this file. +proto_library( + name = "compliance_proto", + srcs = [ + "compliance.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/rpc:status_proto", + ":severity_proto", + "@com_google_protobuf//:any_proto", + "@com_google_protobuf//:empty_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library( + name = "common_proto", + srcs = [ + "common.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/rpc:status_proto", + "@com_google_protobuf//:any_proto", + "@com_google_protobuf//:empty_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + +proto_library( + name = "severity_proto", + srcs = [ + "severity.proto", + ], + deps = [ + "//google/api:annotations_proto", + "//google/api:client_proto", + "//google/api:field_behavior_proto", + "//google/api:resource_proto", + "//google/rpc:status_proto", + "@com_google_protobuf//:any_proto", + "@com_google_protobuf//:empty_proto", + "@com_google_protobuf//:field_mask_proto", + "@com_google_protobuf//:timestamp_proto", + ], +) + ############################################################################## # Java ############################################################################## @@ -94,6 +155,7 @@ java_gapic_library( ], deps = [ ":grafeas_java_proto", + ":common_proto", "//google/api:api_java_proto", ], ) @@ -103,7 +165,9 @@ java_gapic_test( test_classes = [ "io.grafeas.v1.GrafeasClientTest", ], - runtime_deps = [":grafeas_java_gapic_test"], + runtime_deps = [":grafeas_java_gapic_test", + ":common_proto", + ], ) # Open Source Packages @@ -117,6 +181,10 @@ java_gapic_assembly_gradle_pkg( ], ) +java_proto_library( + name = "common_java_proto", + deps = [":common_proto"], +) ############################################################################## # Go ############################################################################## @@ -132,7 +200,8 @@ go_proto_library( name = "grafeas_go_proto", compilers = ["@io_bazel_rules_go//proto:go_grpc"], importpath = "google.golang.org/genproto/googleapis/grafeas/v1", - protos = [":grafeas_proto"], + protos = [":grafeas_proto", + ], deps = [ "//google/api:annotations_go_proto", "//google/rpc:status_go_proto", @@ -169,6 +238,47 @@ go_gapic_assembly_pkg( ], ) +# The compliance_go_proto, common_go_proto and severity_go_proto targets were +# added so that clients can depend on those specific targets rather than +# grafeas_proto. Some clients that run code on certain VMs needed the +# smaller targets. Note that these were added by hand and were not +# autogenerated. Please ensure that these are not deleted while updating this +# file. +go_proto_library( + name = "compliance_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/grafeas/v1", + protos = [":compliance_proto", + ":severity_proto", + ], + deps = [ + "//google/api:annotations_go_proto", + "//google/rpc:status_go_proto", + ], +) + +go_proto_library( + name = "common_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/grafeas/v1", + protos = [":common_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/rpc:status_go_proto", + ], +) + +go_proto_library( + name = "severity_go_proto", + compilers = ["@io_bazel_rules_go//proto:go_grpc"], + importpath = "google.golang.org/genproto/googleapis/grafeas/v1", + protos = [":severity_proto"], + deps = [ + "//google/api:annotations_go_proto", + "//google/rpc:status_go_proto", + ], +) + ############################################################################## # Python ############################################################################## @@ -371,7 +481,7 @@ cc_proto_library( ) cc_grpc_library( - name = "logging_cc_grpc", + name = "grafeas_cc_grpc", srcs = [":grafeas_proto"], grpc_only = True, deps = [":grafeas_cc_proto"], diff --git a/grafeas/v1/compliance.proto b/grafeas/v1/compliance.proto index 1d41db2c4..7913151eb 100644 --- a/grafeas/v1/compliance.proto +++ b/grafeas/v1/compliance.proto @@ -16,7 +16,7 @@ syntax = "proto3"; package grafeas.v1; -import "grafeas/v1/vulnerability.proto"; +import "grafeas/v1/severity.proto"; option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas"; option java_multiple_files = true; diff --git a/grafeas/v1/cvss.proto b/grafeas/v1/cvss.proto index b41cd633d..bc2ed5209 100644 --- a/grafeas/v1/cvss.proto +++ b/grafeas/v1/cvss.proto @@ -83,3 +83,78 @@ message CVSSv3 { IMPACT_NONE = 3; } } + +// Common Vulnerability Scoring System. +// For details, see https://www.first.org/cvss/specification-document +// This is a message we will try to use for storing multiple versions of +// CVSS. The intention is that as new versions of CVSS scores get added, we +// will be able to modify this message rather than adding new protos for each +// new version of the score. +message CVSS { + // The base score is a function of the base metric scores. + float base_score = 1; + + float exploitability_score = 2; + + float impact_score = 3; + + // Base Metrics + // Represents the intrinsic characteristics of a vulnerability that are + // constant over time and across user environments. + AttackVector attack_vector = 4; + AttackComplexity attack_complexity = 5; + Authentication authentication = 6; + PrivilegesRequired privileges_required = 7; + UserInteraction user_interaction = 8; + Scope scope = 9; + Impact confidentiality_impact = 10; + Impact integrity_impact = 11; + Impact availability_impact = 12; + + enum AttackVector { + ATTACK_VECTOR_UNSPECIFIED = 0; + ATTACK_VECTOR_NETWORK = 1; + ATTACK_VECTOR_ADJACENT = 2; + ATTACK_VECTOR_LOCAL = 3; + ATTACK_VECTOR_PHYSICAL = 4; + } + + enum AttackComplexity { + ATTACK_COMPLEXITY_UNSPECIFIED = 0; + ATTACK_COMPLEXITY_LOW = 1; + ATTACK_COMPLEXITY_HIGH = 2; + } + + enum Authentication { + AUTHENTICATION_UNSPECIFIED = 0; + AUTHENTICATION_MULTIPLE = 1; + AUTHENTICATION_SINGLE = 2; + AUTHENTICATION_NONE = 3; + } + + enum PrivilegesRequired { + PRIVILEGES_REQUIRED_UNSPECIFIED = 0; + PRIVILEGES_REQUIRED_NONE = 1; + PRIVILEGES_REQUIRED_LOW = 2; + PRIVILEGES_REQUIRED_HIGH = 3; + } + + enum UserInteraction { + USER_INTERACTION_UNSPECIFIED = 0; + USER_INTERACTION_NONE = 1; + USER_INTERACTION_REQUIRED = 2; + } + + enum Scope { + SCOPE_UNSPECIFIED = 0; + SCOPE_UNCHANGED = 1; + SCOPE_CHANGED = 2; + } + + enum Impact { + IMPACT_UNSPECIFIED = 0; + IMPACT_HIGH = 1; + IMPACT_LOW = 2; + IMPACT_NONE = 3; + } +} diff --git a/grafeas/v1/discovery.proto b/grafeas/v1/discovery.proto index e07992557..13939b25c 100644 --- a/grafeas/v1/discovery.proto +++ b/grafeas/v1/discovery.proto @@ -16,6 +16,7 @@ syntax = "proto3"; package grafeas.v1; +import "google/api/field_behavior.proto"; import "google/protobuf/timestamp.proto"; import "google/rpc/status.proto"; import "grafeas/v1/common.proto"; @@ -80,4 +81,8 @@ message DiscoveryOccurrence { // The last time this resource was scanned. google.protobuf.Timestamp last_scan_time = 5; + + // The time occurrences related to this discovery occurrence were archived. + google.protobuf.Timestamp archive_time = 6 + [(google.api.field_behavior) = OUTPUT_ONLY]; } diff --git a/grafeas/v1/severity.proto b/grafeas/v1/severity.proto new file mode 100644 index 000000000..cc9cc3845 --- /dev/null +++ b/grafeas/v1/severity.proto @@ -0,0 +1,38 @@ +// Copyright 2021 The Grafeas Authors. All rights reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +syntax = "proto3"; + +package grafeas.v1; + +option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas"; +option java_multiple_files = true; +option java_package = "io.grafeas.v1"; +option objc_class_prefix = "GRA"; + +// Note provider assigned severity/impact ranking. +enum Severity { + // Unknown. + SEVERITY_UNSPECIFIED = 0; + // Minimal severity. + MINIMAL = 1; + // Low severity. + LOW = 2; + // Medium severity. + MEDIUM = 3; + // High severity. + HIGH = 4; + // Critical severity. + CRITICAL = 5; +} diff --git a/grafeas/v1/vulnerability.proto b/grafeas/v1/vulnerability.proto index 476d32029..434e14983 100644 --- a/grafeas/v1/vulnerability.proto +++ b/grafeas/v1/vulnerability.proto @@ -21,28 +21,13 @@ import "google/protobuf/timestamp.proto"; import "grafeas/v1/common.proto"; import "grafeas/v1/cvss.proto"; import "grafeas/v1/package.proto"; +import "grafeas/v1/severity.proto"; option go_package = "google.golang.org/genproto/googleapis/grafeas/v1;grafeas"; option java_multiple_files = true; option java_package = "io.grafeas.v1"; option objc_class_prefix = "GRA"; -// Note provider assigned severity/impact ranking. -enum Severity { - // Unknown. - SEVERITY_UNSPECIFIED = 0; - // Minimal severity. - MINIMAL = 1; - // Low severity. - LOW = 2; - // Medium severity. - MEDIUM = 3; - // High severity. - HIGH = 4; - // Critical severity. - CRITICAL = 5; -} - // A security vulnerability that can be found in resources. message VulnerabilityNote { // The CVSS score of this vulnerability. CVSS score is on a scale of 0 - 10 @@ -50,7 +35,7 @@ message VulnerabilityNote { float cvss_score = 1; // The note provider assigned severity of this vulnerability. - Severity severity = 2; + grafeas.v1.Severity severity = 2; // Details of all known distros and packages affected by this vulnerability. repeated Detail details = 3; @@ -172,24 +157,15 @@ message VulnerabilityOccurrence { string type = 1; // Output only. The note provider assigned severity of this vulnerability. - Severity severity = 2; + grafeas.v1.Severity severity = 2; // Output only. The CVSS score of this vulnerability. CVSS score is on a // scale of 0 - 10 where 0 indicates low severity and 10 indicates high // severity. float cvss_score = 3; - // The CVSS v3 score for this vulnerability. - message CVSSV3 { - // The base score for for this vulnerability according to cvss v3. - float base_score = 1; - // The severity rating assigned to this vulnerability by vulnerability - // provider. - Severity severity = 2; - } - // The cvss v3 score for the vulnerability. - CVSSV3 cvssv3 = 10; + CVSS cvssv3 = 10; // Required. The set of affected locations and their fixes (if available) // within the associated resource. @@ -231,7 +207,8 @@ message VulnerabilityOccurrence { // The distro or language system assigned severity for this vulnerability // when that is available and note provider assigned severity when it is not // available. - Severity effective_severity = 9 [(google.api.field_behavior) = OUTPUT_ONLY]; + grafeas.v1.Severity effective_severity = 9 + [(google.api.field_behavior) = OUTPUT_ONLY]; } // Output only. A one sentence description of this vulnerability. @@ -253,7 +230,7 @@ message VulnerabilityOccurrence { // PackageIssue level. In the case where multiple PackageIssues have differing // effective severities, this field should be the highest severity for any of // the PackageIssues. - Severity effective_severity = 8; + grafeas.v1.Severity effective_severity = 8; // Output only. Whether at least one of the affected packages has a fix // available.