You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
190 lines
6.7 KiB
190 lines
6.7 KiB
// Copyright 2018 Google LLC
|
|
//
|
|
// Licensed under the Apache License, Version 2.0 (the "License");
|
|
// you may not use this file except in compliance with the License.
|
|
// You may obtain a copy of the License at
|
|
//
|
|
// http://www.apache.org/licenses/LICENSE-2.0
|
|
//
|
|
// Unless required by applicable law or agreed to in writing, software
|
|
// distributed under the License is distributed on an "AS IS" BASIS,
|
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
// See the License for the specific language governing permissions and
|
|
// limitations under the License.
|
|
|
|
syntax = "proto3";
|
|
|
|
package google.devtools.containeranalysis.v1beta1;
|
|
|
|
import "google/api/annotations.proto";
|
|
import "google/iam/v1/iam_policy.proto";
|
|
import "google/iam/v1/policy.proto";
|
|
import "google/protobuf/timestamp.proto";
|
|
|
|
option go_package = "google.golang.org/genproto/googleapis/devtools/containeranalysis/v1beta1;containeranalysis";
|
|
option java_multiple_files = true;
|
|
option java_package = "com.google.containeranalysis.v1beta1";
|
|
option objc_class_prefix = "GCA";
|
|
|
|
// Retrieves analysis results of Cloud components such as Docker container
|
|
// images. The Container Analysis API is an implementation of the
|
|
// [Grafeas](grafeas.io) API.
|
|
//
|
|
// Analysis results are stored as a series of occurrences. An `Occurrence`
|
|
// contains information about a specific analysis instance on a resource. An
|
|
// occurrence refers to a `Note`. A note contains details describing the
|
|
// analysis and is generally stored in a separate project, called a `Provider`.
|
|
// Multiple occurrences can refer to the same note.
|
|
//
|
|
// For example, an SSL vulnerability could affect multiple images. In this case,
|
|
// there would be one note for the vulnerability and an occurrence for each
|
|
// image with the vulnerability referring to that note.
|
|
service ContainerAnalysisV1Beta1 {
|
|
// Sets the access control policy on the specified note or occurrence.
|
|
// Requires `containeranalysis.notes.setIamPolicy` or
|
|
// `containeranalysis.occurrences.setIamPolicy` permission if the resource is
|
|
// a note or an occurrence, respectively.
|
|
//
|
|
// The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
|
|
// notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
|
|
// occurrences.
|
|
rpc SetIamPolicy(google.iam.v1.SetIamPolicyRequest)
|
|
returns (google.iam.v1.Policy) {
|
|
option (google.api.http) = {
|
|
post: "/v1beta1/{resource=projects/*/notes/*}:setIamPolicy"
|
|
body: "*"
|
|
additional_bindings {
|
|
post: "/v1beta1/{resource=projects/*/occurrences/*}:setIamPolicy"
|
|
body: "*"
|
|
}
|
|
};
|
|
}
|
|
|
|
// Gets the access control policy for a note or an occurrence resource.
|
|
// Requires `containeranalysis.notes.setIamPolicy` or
|
|
// `containeranalysis.occurrences.setIamPolicy` permission if the resource is
|
|
// a note or occurrence, respectively.
|
|
//
|
|
// The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
|
|
// notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
|
|
// occurrences.
|
|
rpc GetIamPolicy(google.iam.v1.GetIamPolicyRequest)
|
|
returns (google.iam.v1.Policy) {
|
|
option (google.api.http) = {
|
|
post: "/v1beta1/{resource=projects/*/notes/*}:getIamPolicy"
|
|
body: "*"
|
|
additional_bindings {
|
|
post: "/v1beta1/{resource=projects/*/occurrences/*}:getIamPolicy"
|
|
body: "*"
|
|
}
|
|
};
|
|
}
|
|
|
|
// Returns the permissions that a caller has on the specified note or
|
|
// occurrence. Requires list permission on the project (for example,
|
|
// `containeranalysis.notes.list`).
|
|
//
|
|
// The resource takes the format `projects/[PROJECT_ID]/notes/[NOTE_ID]` for
|
|
// notes and `projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]` for
|
|
// occurrences.
|
|
rpc TestIamPermissions(google.iam.v1.TestIamPermissionsRequest)
|
|
returns (google.iam.v1.TestIamPermissionsResponse) {
|
|
option (google.api.http) = {
|
|
post: "/v1beta1/{resource=projects/*/notes/*}:testIamPermissions"
|
|
body: "*"
|
|
additional_bindings {
|
|
post: "/v1beta1/{resource=projects/*/occurrences/*}:testIamPermissions"
|
|
body: "*"
|
|
}
|
|
};
|
|
}
|
|
|
|
// Gets the specified scan configuration.
|
|
rpc GetScanConfig(GetScanConfigRequest) returns (ScanConfig) {
|
|
option (google.api.http) = {
|
|
get: "/v1beta1/{name=projects/*/scanConfigs/*}"
|
|
};
|
|
}
|
|
|
|
// Lists scan configurations for the specified project.
|
|
rpc ListScanConfigs(ListScanConfigsRequest)
|
|
returns (ListScanConfigsResponse) {
|
|
option (google.api.http) = {
|
|
get: "/v1beta1/{parent=projects/*}/scanConfigs"
|
|
};
|
|
}
|
|
|
|
// Updates the specified scan configuration.
|
|
rpc UpdateScanConfig(UpdateScanConfigRequest) returns (ScanConfig) {
|
|
option (google.api.http) = {
|
|
put: "/v1beta1/{name=projects/*/scanConfigs/*}"
|
|
body: "scan_config"
|
|
};
|
|
}
|
|
}
|
|
|
|
// A scan configuration specifies whether Cloud components in a project have a
|
|
// particular type of analysis being run. For example, it can configure whether
|
|
// vulnerability scanning is being done on Docker images or not.
|
|
message ScanConfig {
|
|
// Output only. The name of the scan configuration in the form of
|
|
// `projects/[PROJECT_ID]/scanConfigs/[SCAN_CONFIG_ID]`.
|
|
string name = 1;
|
|
|
|
// Output only. A human-readable description of what the scan configuration
|
|
// does.
|
|
string description = 2;
|
|
|
|
// Whether the scan is enabled.
|
|
bool enabled = 3;
|
|
|
|
// Output only. The time this scan config was created.
|
|
google.protobuf.Timestamp create_time = 4;
|
|
|
|
// Output only. The time this scan config was last updated.
|
|
google.protobuf.Timestamp update_time = 5;
|
|
}
|
|
|
|
// Request to get a scan configuration.
|
|
message GetScanConfigRequest {
|
|
// The name of the scan configuration in the form of
|
|
// `projects/[PROJECT_ID]/scanConfigs/[SCAN_CONFIG_ID]`.
|
|
string name = 1;
|
|
}
|
|
|
|
// Request to list scan configurations.
|
|
message ListScanConfigsRequest {
|
|
// The name of the project to list scan configurations for in the form of
|
|
// `projects/[PROJECT_ID]`.
|
|
string parent = 1;
|
|
|
|
// The filter expression.
|
|
string filter = 2;
|
|
|
|
// The number of scan configs to return in the list.
|
|
int32 page_size = 3;
|
|
|
|
// Token to provide to skip to a particular spot in the list.
|
|
string page_token = 4;
|
|
}
|
|
|
|
// Response for listing scan configurations.
|
|
message ListScanConfigsResponse {
|
|
// The scan configurations requested.
|
|
repeated ScanConfig scan_configs = 1;
|
|
|
|
// The next pagination token in the list response. It should be used as
|
|
// `page_token` for the following request. An empty value means no more
|
|
// results.
|
|
string next_page_token = 2;
|
|
}
|
|
|
|
// A request to update a scan configuration.
|
|
message UpdateScanConfigRequest {
|
|
// The name of the scan configuration in the form of
|
|
// `projects/[PROJECT_ID]/scanConfigs/[SCAN_CONFIG_ID]`.
|
|
string name = 1;
|
|
|
|
// The updated scan configuration.
|
|
ScanConfig scan_config = 2;
|
|
}
|
|
|