feat: Publish Binary Authorization ContinuousValidationEvent proto.

This is used in the new Continuous Validation feature: https://cloud.google.com/binary-authorization/docs/overview-cv Committer: @rbutoi PiperOrigin-RevId: 373173593
4 years ago · bceaea9f82
parent 6c96d191b3
commit bceaea9f82
2 changed files with 177 additions and 32 deletions
--- a/google/cloud/binaryauthorization/v1beta1/BUILD.bazel
+++ b/google/cloud/binaryauthorization/v1beta1/BUILD.bazel
@ -9,46 +9,19 @@
 #    * extra_protoc_file_parameters
 # The complete list of preserved parameters can be found in the source code.

+# This is an API workspace, having public visibility by default makes perfect sense.
+package(default_visibility = ["//visibility:public"])
+
 ##############################################################################
 # Common
 ##############################################################################
 load("@rules_proto//proto:defs.bzl", "proto_library")
-load(
-    "@com_google_googleapis_imports//:imports.bzl",
-    "csharp_gapic_assembly_pkg",
-    "csharp_gapic_library",
-    "csharp_grpc_library",
-    "csharp_proto_library",
-    "go_gapic_assembly_pkg",
-    "go_gapic_library",
-    "go_proto_library",
-    "go_test",
-    "java_gapic_assembly_gradle_pkg",
-    "java_gapic_library",
-    "java_gapic_test",
-    "java_grpc_library",
-    "java_proto_library",
-    "nodejs_gapic_assembly_pkg",
-    "nodejs_gapic_library",
-    "proto_library_with_info",
-    "py_gapic_assembly_pkg",
-    "py_gapic_library",
-    "ruby_cloud_gapic_library",
-    "ruby_gapic_assembly_pkg",
-    "ruby_grpc_library",
-    "ruby_proto_library",
-    php_gapic_assembly_pkg = "php_gapic_assembly_pkg2",
-    php_gapic_library = "php_gapic_library2",
-    php_grpc_library = "php_grpc_library2",
-    php_proto_library = "php_proto_library2",
-)
-
-# This is an API workspace, having public visibility by default makes perfect sense.
-package(default_visibility = ["//visibility:public"])
+load("@com_google_googleapis_imports//:imports.bzl", "proto_library_with_info")

 proto_library(
    name = "binaryauthorization_proto",
    srcs = [
+        "continuous_validation_logging.proto",
        "resources.proto",
        "service.proto",
    ],
@ -70,6 +43,18 @@ proto_library_with_info(
    ],
 )

+##############################################################################
+# Java
+##############################################################################
+load(
+    "@com_google_googleapis_imports//:imports.bzl",
+    "java_gapic_assembly_gradle_pkg",
+    "java_gapic_library",
+    "java_gapic_test",
+    "java_grpc_library",
+    "java_proto_library",
+)
+
 java_proto_library(
    name = "binaryauthorization_java_proto",
    deps = [":binaryauthorization_proto"],
@ -112,6 +97,17 @@ java_gapic_assembly_gradle_pkg(
    ],
 )

+##############################################################################
+# Go
+##############################################################################
+load(
+    "@com_google_googleapis_imports//:imports.bzl",
+    "go_gapic_assembly_pkg",
+    "go_gapic_library",
+    "go_proto_library",
+    "go_test",
+)
+
 go_proto_library(
    name = "binaryauthorization_go_proto",
    compilers = ["@io_bazel_rules_go//proto:go_grpc"],
@ -152,6 +148,15 @@ go_gapic_assembly_pkg(
    ],
 )

+##############################################################################
+# Python
+##############################################################################
+load(
+    "@com_google_googleapis_imports//:imports.bzl",
+    "py_gapic_assembly_pkg",
+    "py_gapic_library",
+)
+
 py_gapic_library(
    name = "binaryauthorization_py_gapic",
    srcs = [":binaryauthorization_proto"],
@ -166,6 +171,17 @@ py_gapic_assembly_pkg(
    ],
 )

+##############################################################################
+# PHP
+##############################################################################
+load(
+    "@com_google_googleapis_imports//:imports.bzl",
+    php_gapic_assembly_pkg = "php_gapic_assembly_pkg2",
+    php_gapic_library = "php_gapic_library2",
+    php_grpc_library = "php_grpc_library2",
+    php_proto_library = "php_proto_library2",
+)
+
 php_proto_library(
    name = "binaryauthorization_php_proto",
    deps = [":binaryauthorization_proto"],
@ -181,6 +197,7 @@ php_gapic_library(
    name = "binaryauthorization_php_gapic",
    srcs = [":binaryauthorization_proto_with_info"],
    grpc_service_config = "binaryauthorization_grpc_service_config.json",
+    service_yaml = "binaryauthorization_v1beta1.yaml",
    deps = [
        ":binaryauthorization_php_grpc",
        ":binaryauthorization_php_proto",
@ -197,6 +214,15 @@ php_gapic_assembly_pkg(
    ],
 )

+##############################################################################
+# Node.js
+##############################################################################
+load(
+    "@com_google_googleapis_imports//:imports.bzl",
+    "nodejs_gapic_assembly_pkg",
+    "nodejs_gapic_library",
+)
+
 nodejs_gapic_library(
    name = "binaryauthorization_nodejs_gapic",
    package_name = "@google-cloud/binary-authorization",
@ -216,6 +242,17 @@ nodejs_gapic_assembly_pkg(
    ],
 )

+##############################################################################
+# Ruby
+##############################################################################
+load(
+    "@com_google_googleapis_imports//:imports.bzl",
+    "ruby_cloud_gapic_library",
+    "ruby_gapic_assembly_pkg",
+    "ruby_grpc_library",
+    "ruby_proto_library",
+)
+
 ruby_proto_library(
    name = "binaryauthorization_ruby_proto",
    deps = [":binaryauthorization_proto"],
@ -257,6 +294,17 @@ ruby_gapic_assembly_pkg(
    ],
 )

+##############################################################################
+# C#
+##############################################################################
+load(
+    "@com_google_googleapis_imports//:imports.bzl",
+    "csharp_gapic_assembly_pkg",
+    "csharp_gapic_library",
+    "csharp_grpc_library",
+    "csharp_proto_library",
+)
+
 csharp_proto_library(
    name = "binaryauthorization_csharp_proto",
    deps = [":binaryauthorization_proto"],
--- a/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto
+++ b/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto
@ -0,0 +1,97 @@
+// Copyright 2021 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+syntax = "proto3";
+
+package google.cloud.binaryauthorization.v1beta1;
+
+import "google/protobuf/timestamp.proto";
+
+option cc_enable_arenas = true;
+option csharp_namespace = "Google.Cloud.BinaryAuthorization.V1Beta1";
+option go_package = "google.golang.org/genproto/googleapis/cloud/binaryauthorization/v1beta1;binaryauthorization";
+option java_multiple_files = true;
+option java_outer_classname = "ContinuousValidationLoggingProto";
+option java_package = "com.google.cloud.binaryauthorization.v1beta1";
+option php_namespace = "Google\\Cloud\\BinaryAuthorization\\V1beta1";
+option ruby_package = "Google::Cloud::BinaryAuthorization::V1beta1";
+
+// Represents an auditing event from Continuous Validation.
+message ContinuousValidationEvent {
+  // An auditing event for one Pod.
+  message ContinuousValidationPodEvent {
+    // Container image with auditing details.
+    message ImageDetails {
+      // Result of the audit.
+      enum AuditResult {
+        // Unspecified result. This is an error.
+        AUDIT_RESULT_UNSPECIFIED = 0;
+
+        // Image is allowed.
+        ALLOW = 1;
+
+        // Image is denied.
+        DENY = 2;
+      }
+
+      // The name of the image.
+      string image = 1;
+
+      // The result of the audit for this image.
+      AuditResult result = 2;
+
+      // Description of the above result.
+      string description = 3;
+    }
+
+    // Audit time policy conformance verdict.
+    enum PolicyConformanceVerdict {
+      // We should always have a verdict. This is an error.
+      POLICY_CONFORMANCE_VERDICT_UNSPECIFIED = 0;
+
+      // The pod violates the policy.
+      VIOLATES_POLICY = 1;
+    }
+
+    // The name of the Pod.
+    string pod = 1;
+
+    // Deploy time of the Pod from k8s.
+    google.protobuf.Timestamp deploy_time = 2;
+
+    // Termination time of the Pod from k8s, or nothing if still running.
+    google.protobuf.Timestamp end_time = 3;
+
+    // Auditing verdict for this Pod.
+    PolicyConformanceVerdict verdict = 4;
+
+    // List of images with auditing details.
+    repeated ImageDetails images = 5;
+  }
+
+  // An event describing that the project policy is unsupported by CV.
+  message UnsupportedPolicyEvent {
+    // A description of the unsupported policy.
+    string description = 1;
+  }
+
+  // Type of CV event.
+  oneof event_type {
+    // Pod event.
+    ContinuousValidationPodEvent pod_event = 1;
+
+    // Unsupported policy event.
+    UnsupportedPolicyEvent unsupported_policy_event = 2;
+  }
+}