As of January 1, 2020 this library no longer supports Python 2 on the latest released version.
Library versions released prior to that date will continue to be available. For more information please
visit Python 2 support on Google Cloud.
Source code for grafeas.grafeas_v1.types.attestation
# -*- coding: utf-8 -*-
# Copyright 2024 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
from __future__ import annotations
from typing import MutableMapping, MutableSequence
import proto # type: ignore
from grafeas.grafeas_v1.types import common
__protobuf__ = proto.module(
package="grafeas.v1",
manifest={
"AttestationNote",
"Jwt",
"AttestationOccurrence",
},
)
[docs]class AttestationNote(proto.Message):
r"""Note kind that represents a logical attestation "role" or
"authority". For example, an organization might have one
``Authority`` for "QA" and one for "build". This note is intended to
act strictly as a grouping mechanism for the attached occurrences
(Attestations). This grouping mechanism also provides a security
boundary, since IAM ACLs gate the ability for a principle to attach
an occurrence to a given note. It also provides a single point of
lookup to find all attached attestation occurrences, even if they
don't all live in the same project.
Attributes:
hint (grafeas.grafeas_v1.types.AttestationNote.Hint):
Hint hints at the purpose of the attestation
authority.
"""
[docs] class Hint(proto.Message):
r"""This submessage provides human-readable hints about the
purpose of the authority. Because the name of a note acts as its
resource reference, it is important to disambiguate the
canonical name of the Note (which might be a UUID for security
purposes) from "readable" names more suitable for debug output.
Note that these hints should not be used to look up authorities
in security sensitive contexts, such as when looking up
attestations to verify.
Attributes:
human_readable_name (str):
Required. The human readable name of this
attestation authority, for example "qa".
"""
human_readable_name: str = proto.Field(
proto.STRING,
number=1,
)
hint: Hint = proto.Field(
proto.MESSAGE,
number=1,
message=Hint,
)
[docs]class Jwt(proto.Message):
r"""
Attributes:
compact_jwt (str):
The compact encoding of a JWS, which is
always three base64 encoded strings joined by
periods. For details, see:
https://tools.ietf.org/html/rfc7515.html#section-3.1
"""
compact_jwt: str = proto.Field(
proto.STRING,
number=1,
)
[docs]class AttestationOccurrence(proto.Message):
r"""Occurrence that represents a single "attestation". The
authenticity of an attestation can be verified using the
attached signature. If the verifier trusts the public key of the
signer, then verifying the signature is sufficient to establish
trust. In this circumstance, the authority to which this
attestation is attached is primarily useful for lookup (how to
find this attestation if you already know the authority and
artifact to be verified) and intent (for which authority this
attestation was intended to sign.
Attributes:
serialized_payload (bytes):
Required. The serialized payload that is verified by one or
more ``signatures``.
signatures (MutableSequence[grafeas.grafeas_v1.types.Signature]):
One or more signatures over ``serialized_payload``. Verifier
implementations should consider this attestation message
verified if at least one ``signature`` verifies
``serialized_payload``. See ``Signature`` in common.proto
for more details on signature structure and verification.
jwts (MutableSequence[grafeas.grafeas_v1.types.Jwt]):
One or more JWTs encoding a self-contained attestation. Each
JWT encodes the payload that it verifies within the JWT
itself. Verifier implementation SHOULD ignore the
``serialized_payload`` field when verifying these JWTs. If
only JWTs are present on this AttestationOccurrence, then
the ``serialized_payload`` SHOULD be left empty. Each JWT
SHOULD encode a claim specific to the ``resource_uri`` of
this Occurrence, but this is not validated by Grafeas
metadata API implementations. The JWT itself is opaque to
Grafeas.
"""
serialized_payload: bytes = proto.Field(
proto.BYTES,
number=1,
)
signatures: MutableSequence[common.Signature] = proto.RepeatedField(
proto.MESSAGE,
number=2,
message=common.Signature,
)
jwts: MutableSequence["Jwt"] = proto.RepeatedField(
proto.MESSAGE,
number=3,
message="Jwt",
)
__all__ = tuple(sorted(__protobuf__.manifest))