diff --git a/google-cloud-confidential_computing-v1/lib/google/cloud/confidential_computing/v1/confidential_computing/client.rb b/google-cloud-confidential_computing-v1/lib/google/cloud/confidential_computing/v1/confidential_computing/client.rb index efa14ac1068e..a1e94ccf17f3 100644 --- a/google-cloud-confidential_computing-v1/lib/google/cloud/confidential_computing/v1/confidential_computing/client.rb +++ b/google-cloud-confidential_computing-v1/lib/google/cloud/confidential_computing/v1/confidential_computing/client.rb @@ -293,11 +293,15 @@ def create_challenge request, options = nil # @param options [::Gapic::CallOptions, ::Hash] # Overrides the default settings for this call, e.g, timeout, retries, etc. Optional. # - # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil) + # @overload verify_attestation(td_ccel: nil, sev_snp_attestation: nil, challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil) # Pass arguments to `verify_attestation` via keyword arguments. Note that at # least one keyword argument is required. To specify no parameters, or to keep all # the default parameter values, pass an empty Hash as a request object (see above). # + # @param td_ccel [::Google::Cloud::ConfidentialComputing::V1::TdxCcelAttestation, ::Hash] + # Optional. A TDX with CCEL and RTMR Attestation Quote. + # @param sev_snp_attestation [::Google::Cloud::ConfidentialComputing::V1::SevSnpAttestation, ::Hash] + # Optional. An SEV-SNP Attestation Report. # @param challenge [::String] # Required. The name of the Challenge whose nonce was used to generate the # attestation, in the format `projects/*/locations/*/challenges/*`. The diff --git a/google-cloud-confidential_computing-v1/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb b/google-cloud-confidential_computing-v1/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb index 0d539dec83ba..66d3aada0117 100644 --- a/google-cloud-confidential_computing-v1/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb +++ b/google-cloud-confidential_computing-v1/lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb @@ -280,11 +280,15 @@ def create_challenge request, options = nil # @param options [::Gapic::CallOptions, ::Hash] # Overrides the default settings for this call, e.g, timeout, retries etc. Optional. # - # @overload verify_attestation(challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil) + # @overload verify_attestation(td_ccel: nil, sev_snp_attestation: nil, challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil) # Pass arguments to `verify_attestation` via keyword arguments. Note that at # least one keyword argument is required. To specify no parameters, or to keep all # the default parameter values, pass an empty Hash as a request object (see above). # + # @param td_ccel [::Google::Cloud::ConfidentialComputing::V1::TdxCcelAttestation, ::Hash] + # Optional. A TDX with CCEL and RTMR Attestation Quote. + # @param sev_snp_attestation [::Google::Cloud::ConfidentialComputing::V1::SevSnpAttestation, ::Hash] + # Optional. An SEV-SNP Attestation Report. # @param challenge [::String] # Required. The name of the Challenge whose nonce was used to generate the # attestation, in the format `projects/*/locations/*/challenges/*`. The diff --git a/google-cloud-confidential_computing-v1/lib/google/cloud/confidentialcomputing/v1/service_pb.rb b/google-cloud-confidential_computing-v1/lib/google/cloud/confidentialcomputing/v1/service_pb.rb index ab8f365a171b..471a58c4e2ac 100644 --- a/google-cloud-confidential_computing-v1/lib/google/cloud/confidentialcomputing/v1/service_pb.rb +++ b/google-cloud-confidential_computing-v1/lib/google/cloud/confidentialcomputing/v1/service_pb.rb @@ -12,7 +12,7 @@ require 'google/rpc/status_pb' -descriptor_data = "\n3google/cloud/confidentialcomputing/v1/service.proto\x12%google.cloud.confidentialcomputing.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\"\xa5\x02\n\tChallenge\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04used\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\x12\x16\n\ttpm_nonce\x18\x06 \x01(\tB\x03\xe0\x41\x03:n\xea\x41k\n.confidentialcomputing.googleapis.com/Challenge\x12\x39projects/{project}/locations/{location}/challenges/{uuid}\"\x9d\x01\n\x16\x43reateChallengeRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12H\n\tchallenge\x18\x02 \x01(\x0b\x32\x30.google.cloud.confidentialcomputing.v1.ChallengeB\x03\xe0\x41\x02\"\xc4\x03\n\x18VerifyAttestationRequest\x12I\n\tchallenge\x18\x01 \x01(\tB6\xe0\x41\x02\xfa\x41\x30\n.confidentialcomputing.googleapis.com/Challenge\x12S\n\x0fgcp_credentials\x18\x02 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.GcpCredentialsB\x03\xe0\x41\x01\x12S\n\x0ftpm_attestation\x18\x03 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.TpmAttestationB\x03\xe0\x41\x02\x12\x62\n\x17\x63onfidential_space_info\x18\x04 \x01(\x0b\x32<.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfoB\x03\xe0\x41\x01\x12O\n\rtoken_options\x18\x05 \x01(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.TokenOptionsB\x03\xe0\x41\x01\"l\n\x19VerifyAttestationResponse\x12\x1e\n\x11oidc_claims_token\x18\x02 \x01(\tB\x03\xe0\x41\x03\x12/\n\x0epartial_errors\x18\x03 \x03(\x0b\x32\x12.google.rpc.StatusB\x03\xe0\x41\x03\"3\n\x0eGcpCredentials\x12!\n\x19service_account_id_tokens\x18\x02 \x03(\t\"\x84\x01\n\x0cTokenOptions\x12\x15\n\x08\x61udience\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\x12\n\x05nonce\x18\x02 \x03(\tB\x03\xe0\x41\x01\x12I\n\ntoken_type\x18\x03 \x01(\x0e\x32\x30.google.cloud.confidentialcomputing.v1.TokenTypeB\x03\xe0\x41\x01\"\x8f\x03\n\x0eTpmAttestation\x12K\n\x06quotes\x18\x01 \x03(\x0b\x32;.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote\x12\x15\n\rtcg_event_log\x18\x02 \x01(\x0c\x12\x1b\n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x12\x0f\n\x07\x61k_cert\x18\x04 \x01(\x0c\x12\x12\n\ncert_chain\x18\x05 \x03(\x0c\x1a\xd6\x01\n\x05Quote\x12\x11\n\thash_algo\x18\x01 \x01(\x05\x12^\n\npcr_values\x18\x02 \x03(\x0b\x32J.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote.PcrValuesEntry\x12\x11\n\traw_quote\x18\x03 \x01(\x0c\x12\x15\n\rraw_signature\x18\x04 \x01(\x0c\x1a\x30\n\x0ePcrValuesEntry\x12\x0b\n\x03key\x18\x01 \x01(\x05\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"j\n\x15\x43onfidentialSpaceInfo\x12Q\n\x0fsigned_entities\x18\x01 \x03(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.SignedEntityB\x03\xe0\x41\x01\"w\n\x0cSignedEntity\x12g\n\x1a\x63ontainer_image_signatures\x18\x01 \x03(\x0b\x32>.google.cloud.confidentialcomputing.v1.ContainerImageSignatureB\x03\xe0\x41\x01\"\xaf\x01\n\x17\x43ontainerImageSignature\x12\x14\n\x07payload\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tsignature\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x17\n\npublic_key\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12M\n\x07sig_alg\x18\x04 \x01(\x0e\x32\x37.google.cloud.confidentialcomputing.v1.SigningAlgorithmB\x03\xe0\x41\x01*\x7f\n\x10SigningAlgorithm\x12!\n\x1dSIGNING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x15\n\x11RSASSA_PSS_SHA256\x10\x01\x12\x1a\n\x16RSASSA_PKCS1V15_SHA256\x10\x02\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\x03*l\n\tTokenType\x12\x1a\n\x16TOKEN_TYPE_UNSPECIFIED\x10\x00\x12\x13\n\x0fTOKEN_TYPE_OIDC\x10\x01\x12\x12\n\x0eTOKEN_TYPE_PKI\x10\x02\x12\x1a\n\x16TOKEN_TYPE_LIMITED_AWS\x10\x03\x32\xb7\x04\n\x15\x43onfidentialComputing\x12\xd8\x01\n\x0f\x43reateChallenge\x12=.google.cloud.confidentialcomputing.v1.CreateChallengeRequest\x1a\x30.google.cloud.confidentialcomputing.v1.Challenge\"T\xda\x41\x10parent,challenge\x82\xd3\xe4\x93\x02;\"./v1/{parent=projects/*/locations/*}/challenges:\tchallenge\x12\xe8\x01\n\x11VerifyAttestation\x12?.google.cloud.confidentialcomputing.v1.VerifyAttestationRequest\x1a@.google.cloud.confidentialcomputing.v1.VerifyAttestationResponse\"P\x82\xd3\xe4\x93\x02J\"E/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation:\x01*\x1aX\xca\x41$confidentialcomputing.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x97\x02\n)com.google.cloud.confidentialcomputing.v1B\x0cServiceProtoP\x01Z_cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb\xaa\x02%Google.Cloud.ConfidentialComputing.V1\xca\x02%Google\\Cloud\\ConfidentialComputing\\V1\xea\x02(Google::Cloud::ConfidentialComputing::V1b\x06proto3" +descriptor_data = "\n3google/cloud/confidentialcomputing/v1/service.proto\x12%google.cloud.confidentialcomputing.v1\x1a\x1cgoogle/api/annotations.proto\x1a\x17google/api/client.proto\x1a\x1fgoogle/api/field_behavior.proto\x1a\x19google/api/resource.proto\x1a\x1fgoogle/protobuf/timestamp.proto\x1a\x17google/rpc/status.proto\"\xa5\x02\n\tChallenge\x12\x11\n\x04name\x18\x01 \x01(\tB\x03\xe0\x41\x03\x12\x34\n\x0b\x63reate_time\x18\x02 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x34\n\x0b\x65xpire_time\x18\x03 \x01(\x0b\x32\x1a.google.protobuf.TimestampB\x03\xe0\x41\x03\x12\x11\n\x04used\x18\x04 \x01(\x08\x42\x03\xe0\x41\x03\x12\x16\n\ttpm_nonce\x18\x06 \x01(\tB\x03\xe0\x41\x03:n\xea\x41k\n.confidentialcomputing.googleapis.com/Challenge\x12\x39projects/{project}/locations/{location}/challenges/{uuid}\"\x9d\x01\n\x16\x43reateChallengeRequest\x12\x39\n\x06parent\x18\x01 \x01(\tB)\xe0\x41\x02\xfa\x41#\n!locations.googleapis.com/Location\x12H\n\tchallenge\x18\x02 \x01(\x0b\x32\x30.google.cloud.confidentialcomputing.v1.ChallengeB\x03\xe0\x41\x02\"\x88\x05\n\x18VerifyAttestationRequest\x12Q\n\x07td_ccel\x18\x06 \x01(\x0b\x32\x39.google.cloud.confidentialcomputing.v1.TdxCcelAttestationB\x03\xe0\x41\x01H\x00\x12\\\n\x13sev_snp_attestation\x18\x07 \x01(\x0b\x32\x38.google.cloud.confidentialcomputing.v1.SevSnpAttestationB\x03\xe0\x41\x01H\x00\x12I\n\tchallenge\x18\x01 \x01(\tB6\xe0\x41\x02\xfa\x41\x30\n.confidentialcomputing.googleapis.com/Challenge\x12S\n\x0fgcp_credentials\x18\x02 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.GcpCredentialsB\x03\xe0\x41\x01\x12S\n\x0ftpm_attestation\x18\x03 \x01(\x0b\x32\x35.google.cloud.confidentialcomputing.v1.TpmAttestationB\x03\xe0\x41\x02\x12\x62\n\x17\x63onfidential_space_info\x18\x04 \x01(\x0b\x32<.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfoB\x03\xe0\x41\x01\x12O\n\rtoken_options\x18\x05 \x01(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.TokenOptionsB\x03\xe0\x41\x01\x42\x11\n\x0ftee_attestation\"\x83\x01\n\x12TdxCcelAttestation\x12\x1c\n\x0f\x63\x63\x65l_acpi_table\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tccel_data\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12 \n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x15\n\x08td_quote\x18\x04 \x01(\x0c\x42\x03\xe0\x41\x01\"?\n\x11SevSnpAttestation\x12\x13\n\x06report\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x15\n\x08\x61ux_blob\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\"l\n\x19VerifyAttestationResponse\x12\x1e\n\x11oidc_claims_token\x18\x02 \x01(\tB\x03\xe0\x41\x03\x12/\n\x0epartial_errors\x18\x03 \x03(\x0b\x32\x12.google.rpc.StatusB\x03\xe0\x41\x03\"3\n\x0eGcpCredentials\x12!\n\x19service_account_id_tokens\x18\x02 \x03(\t\"\x84\x01\n\x0cTokenOptions\x12\x15\n\x08\x61udience\x18\x01 \x01(\tB\x03\xe0\x41\x01\x12\x12\n\x05nonce\x18\x02 \x03(\tB\x03\xe0\x41\x01\x12I\n\ntoken_type\x18\x03 \x01(\x0e\x32\x30.google.cloud.confidentialcomputing.v1.TokenTypeB\x03\xe0\x41\x01\"\x8f\x03\n\x0eTpmAttestation\x12K\n\x06quotes\x18\x01 \x03(\x0b\x32;.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote\x12\x15\n\rtcg_event_log\x18\x02 \x01(\x0c\x12\x1b\n\x13\x63\x61nonical_event_log\x18\x03 \x01(\x0c\x12\x0f\n\x07\x61k_cert\x18\x04 \x01(\x0c\x12\x12\n\ncert_chain\x18\x05 \x03(\x0c\x1a\xd6\x01\n\x05Quote\x12\x11\n\thash_algo\x18\x01 \x01(\x05\x12^\n\npcr_values\x18\x02 \x03(\x0b\x32J.google.cloud.confidentialcomputing.v1.TpmAttestation.Quote.PcrValuesEntry\x12\x11\n\traw_quote\x18\x03 \x01(\x0c\x12\x15\n\rraw_signature\x18\x04 \x01(\x0c\x1a\x30\n\x0ePcrValuesEntry\x12\x0b\n\x03key\x18\x01 \x01(\x05\x12\r\n\x05value\x18\x02 \x01(\x0c:\x02\x38\x01\"j\n\x15\x43onfidentialSpaceInfo\x12Q\n\x0fsigned_entities\x18\x01 \x03(\x0b\x32\x33.google.cloud.confidentialcomputing.v1.SignedEntityB\x03\xe0\x41\x01\"w\n\x0cSignedEntity\x12g\n\x1a\x63ontainer_image_signatures\x18\x01 \x03(\x0b\x32>.google.cloud.confidentialcomputing.v1.ContainerImageSignatureB\x03\xe0\x41\x01\"\xaf\x01\n\x17\x43ontainerImageSignature\x12\x14\n\x07payload\x18\x01 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x16\n\tsignature\x18\x02 \x01(\x0c\x42\x03\xe0\x41\x01\x12\x17\n\npublic_key\x18\x03 \x01(\x0c\x42\x03\xe0\x41\x01\x12M\n\x07sig_alg\x18\x04 \x01(\x0e\x32\x37.google.cloud.confidentialcomputing.v1.SigningAlgorithmB\x03\xe0\x41\x01*\x7f\n\x10SigningAlgorithm\x12!\n\x1dSIGNING_ALGORITHM_UNSPECIFIED\x10\x00\x12\x15\n\x11RSASSA_PSS_SHA256\x10\x01\x12\x1a\n\x16RSASSA_PKCS1V15_SHA256\x10\x02\x12\x15\n\x11\x45\x43\x44SA_P256_SHA256\x10\x03*l\n\tTokenType\x12\x1a\n\x16TOKEN_TYPE_UNSPECIFIED\x10\x00\x12\x13\n\x0fTOKEN_TYPE_OIDC\x10\x01\x12\x12\n\x0eTOKEN_TYPE_PKI\x10\x02\x12\x1a\n\x16TOKEN_TYPE_LIMITED_AWS\x10\x03\x32\xb7\x04\n\x15\x43onfidentialComputing\x12\xd8\x01\n\x0f\x43reateChallenge\x12=.google.cloud.confidentialcomputing.v1.CreateChallengeRequest\x1a\x30.google.cloud.confidentialcomputing.v1.Challenge\"T\xda\x41\x10parent,challenge\x82\xd3\xe4\x93\x02;\"./v1/{parent=projects/*/locations/*}/challenges:\tchallenge\x12\xe8\x01\n\x11VerifyAttestation\x12?.google.cloud.confidentialcomputing.v1.VerifyAttestationRequest\x1a@.google.cloud.confidentialcomputing.v1.VerifyAttestationResponse\"P\x82\xd3\xe4\x93\x02J\"E/v1/{challenge=projects/*/locations/*/challenges/*}:verifyAttestation:\x01*\x1aX\xca\x41$confidentialcomputing.googleapis.com\xd2\x41.https://www.googleapis.com/auth/cloud-platformB\x97\x02\n)com.google.cloud.confidentialcomputing.v1B\x0cServiceProtoP\x01Z_cloud.google.com/go/confidentialcomputing/apiv1/confidentialcomputingpb;confidentialcomputingpb\xaa\x02%Google.Cloud.ConfidentialComputing.V1\xca\x02%Google\\Cloud\\ConfidentialComputing\\V1\xea\x02(Google::Cloud::ConfidentialComputing::V1b\x06proto3" pool = Google::Protobuf::DescriptorPool.generated_pool @@ -47,6 +47,8 @@ module V1 Challenge = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.Challenge").msgclass CreateChallengeRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.CreateChallengeRequest").msgclass VerifyAttestationRequest = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.VerifyAttestationRequest").msgclass + TdxCcelAttestation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TdxCcelAttestation").msgclass + SevSnpAttestation = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.SevSnpAttestation").msgclass VerifyAttestationResponse = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.VerifyAttestationResponse").msgclass GcpCredentials = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.GcpCredentials").msgclass TokenOptions = ::Google::Protobuf::DescriptorPool.generated_pool.lookup("google.cloud.confidentialcomputing.v1.TokenOptions").msgclass diff --git a/google-cloud-confidential_computing-v1/proto_docs/google/cloud/confidentialcomputing/v1/service.rb b/google-cloud-confidential_computing-v1/proto_docs/google/cloud/confidentialcomputing/v1/service.rb index 1db75a877d9e..6cacce16ddea 100644 --- a/google-cloud-confidential_computing-v1/proto_docs/google/cloud/confidentialcomputing/v1/service.rb +++ b/google-cloud-confidential_computing-v1/proto_docs/google/cloud/confidentialcomputing/v1/service.rb @@ -60,6 +60,12 @@ class CreateChallengeRequest # A request for an OIDC token, providing all the necessary information needed # for this service to verify the plaform state of the requestor. + # @!attribute [rw] td_ccel + # @return [::Google::Cloud::ConfidentialComputing::V1::TdxCcelAttestation] + # Optional. A TDX with CCEL and RTMR Attestation Quote. + # @!attribute [rw] sev_snp_attestation + # @return [::Google::Cloud::ConfidentialComputing::V1::SevSnpAttestation] + # Optional. An SEV-SNP Attestation Report. # @!attribute [rw] challenge # @return [::String] # Required. The name of the Challenge whose nonce was used to generate the @@ -85,6 +91,47 @@ class VerifyAttestationRequest extend ::Google::Protobuf::MessageExts::ClassMethods end + # A TDX Attestation quote. + # @!attribute [rw] ccel_acpi_table + # @return [::String] + # Optional. The Confidential Computing Event Log (CCEL) ACPI table. Formatted + # as described in the ACPI Specification 6.5. + # @!attribute [rw] ccel_data + # @return [::String] + # Optional. The CCEL event log. Formatted as described in the UEFI 2.10. + # @!attribute [rw] canonical_event_log + # @return [::String] + # Optional. An Event Log containing additional events measured into the RTMR + # that are not already present in the CCEL. + # @!attribute [rw] td_quote + # @return [::String] + # Optional. The TDX attestation quote from the guest. It contains the RTMR + # values. + class TdxCcelAttestation + include ::Google::Protobuf::MessageExts + extend ::Google::Protobuf::MessageExts::ClassMethods + end + + # An SEV-SNP Attestation Report. + # Contains the attestation report and the certificate bundle that the client + # collects. + # @!attribute [rw] report + # @return [::String] + # Optional. The SEV-SNP Attestation Report + # Format is in revision 1.55, ยง7.3 Attestation, Table 22. ATTESTATION_REPORT + # Structure in this document: + # https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56860.pdf + # @!attribute [rw] aux_blob + # @return [::String] + # Optional. Certificate bundle defined in the GHCB protocol definition + # Format is documented in GHCB revision 2.03, section 4.1.8.1 struct + # cert_table in this document: + # https://www.amd.com/content/dam/amd/en/documents/epyc-technical-docs/specifications/56421.pdf + class SevSnpAttestation + include ::Google::Protobuf::MessageExts + extend ::Google::Protobuf::MessageExts::ClassMethods + end + # A response once an attestation has been successfully verified, containing a # signed OIDC token. # @!attribute [r] oidc_claims_token diff --git a/google-cloud-confidential_computing-v1/test/google/cloud/confidential_computing/v1/confidential_computing_rest_test.rb b/google-cloud-confidential_computing-v1/test/google/cloud/confidential_computing/v1/confidential_computing_rest_test.rb index 9c07580801d8..5adceb327db1 100644 --- a/google-cloud-confidential_computing-v1/test/google/cloud/confidential_computing/v1/confidential_computing_rest_test.rb +++ b/google-cloud-confidential_computing-v1/test/google/cloud/confidential_computing/v1/confidential_computing_rest_test.rb @@ -133,6 +133,7 @@ def test_verify_attestation call_options = {} # Create request parameters for a unary method. + td_ccel = {} challenge = "hello world" gcp_credentials = {} tpm_attestation = {} @@ -153,27 +154,27 @@ def test_verify_attestation end # Use hash object - client.verify_attestation({ challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options }) do |_result, response| + client.verify_attestation({ td_ccel: td_ccel, challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options }) do |_result, response| assert_equal http_response, response.underlying_op end # Use named arguments - client.verify_attestation challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options do |_result, response| + client.verify_attestation td_ccel: td_ccel, challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options do |_result, response| assert_equal http_response, response.underlying_op end # Use protobuf object - client.verify_attestation ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest.new(challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options) do |_result, response| + client.verify_attestation ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest.new(td_ccel: td_ccel, challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options) do |_result, response| assert_equal http_response, response.underlying_op end # Use hash object with options - client.verify_attestation({ challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options }, call_options) do |_result, response| + client.verify_attestation({ td_ccel: td_ccel, challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options }, call_options) do |_result, response| assert_equal http_response, response.underlying_op end # Use protobuf object with options - client.verify_attestation(::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest.new(challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options), call_options) do |_result, response| + client.verify_attestation(::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest.new(td_ccel: td_ccel, challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options), call_options) do |_result, response| assert_equal http_response, response.underlying_op end diff --git a/google-cloud-confidential_computing-v1/test/google/cloud/confidential_computing/v1/confidential_computing_test.rb b/google-cloud-confidential_computing-v1/test/google/cloud/confidential_computing/v1/confidential_computing_test.rb index fbd21206286c..277e1f62267c 100644 --- a/google-cloud-confidential_computing-v1/test/google/cloud/confidential_computing/v1/confidential_computing_test.rb +++ b/google-cloud-confidential_computing-v1/test/google/cloud/confidential_computing/v1/confidential_computing_test.rb @@ -123,6 +123,7 @@ def test_verify_attestation grpc_options = {} # Create request parameters for a unary method. + td_ccel = {} challenge = "hello world" gcp_credentials = {} tpm_attestation = {} @@ -132,6 +133,8 @@ def test_verify_attestation verify_attestation_client_stub = ClientStub.new grpc_response, grpc_operation do |name, request, options:| assert_equal :verify_attestation, name assert_kind_of ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest, request + assert_equal Gapic::Protobuf.coerce({}, to: ::Google::Cloud::ConfidentialComputing::V1::TdxCcelAttestation), request["td_ccel"] + assert_equal :td_ccel, request.tee_attestation assert_equal "hello world", request["challenge"] assert_equal Gapic::Protobuf.coerce({}, to: ::Google::Cloud::ConfidentialComputing::V1::GcpCredentials), request["gcp_credentials"] assert_equal Gapic::Protobuf.coerce({}, to: ::Google::Cloud::ConfidentialComputing::V1::TpmAttestation), request["tpm_attestation"] @@ -147,31 +150,31 @@ def test_verify_attestation end # Use hash object - client.verify_attestation({ challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options }) do |response, operation| + client.verify_attestation({ td_ccel: td_ccel, challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options }) do |response, operation| assert_equal grpc_response, response assert_equal grpc_operation, operation end # Use named arguments - client.verify_attestation challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options do |response, operation| + client.verify_attestation td_ccel: td_ccel, challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options do |response, operation| assert_equal grpc_response, response assert_equal grpc_operation, operation end # Use protobuf object - client.verify_attestation ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest.new(challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options) do |response, operation| + client.verify_attestation ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest.new(td_ccel: td_ccel, challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options) do |response, operation| assert_equal grpc_response, response assert_equal grpc_operation, operation end # Use hash object with options - client.verify_attestation({ challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options }, grpc_options) do |response, operation| + client.verify_attestation({ td_ccel: td_ccel, challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options }, grpc_options) do |response, operation| assert_equal grpc_response, response assert_equal grpc_operation, operation end # Use protobuf object with options - client.verify_attestation(::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest.new(challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options), grpc_options) do |response, operation| + client.verify_attestation(::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest.new(td_ccel: td_ccel, challenge: challenge, gcp_credentials: gcp_credentials, tpm_attestation: tpm_attestation, confidential_space_info: confidential_space_info, token_options: token_options), grpc_options) do |response, operation| assert_equal grpc_response, response assert_equal grpc_operation, operation end