def Run(self, args):
project_ref = resources.REGISTRY.Parse(
properties.VALUES.core.project.Get(required=True),
collection='cloudresourcemanager.projects',
)
normalized_artifact_url = binauthz_command_util.NormalizeArtifactUrl(
args.artifact_url)
signature = console_io.ReadFromFileOrStdin(args.signature_file,
binary=False)
attestor_ref = args.CONCEPTS.attestor.Parse()
api_version = apis.GetApiVersion(self.ReleaseTrack())
attestor = authorities.Client(api_version).Get(attestor_ref)
# TODO(b/79709480): Add other types of attestors if/when supported.
note_ref = resources.REGISTRY.ParseResourceId(
'containeranalysis.projects.notes',
attestor.userOwnedDrydockNote.noteReference, {})
client = binauthz_api_util.ContainerAnalysisClient()
return client.CreateAttestationOccurrence(
project_ref=project_ref,
note_ref=note_ref,
artifact_url=normalized_artifact_url,
pgp_key_fingerprint=args.pgp_key_fingerprint,
signature=signature,
)
def Run(self, args):
normalized_artifact_url = None
if args.artifact_url:
normalized_artifact_url = binauthz_command_util.NormalizeArtifactUrl(
args.artifact_url)
note_ref = args.CONCEPTS.attestation_authority_note.Parse()
if note_ref is None:
authority_ref = args.CONCEPTS.attestation_authority.Parse()
api_version = apis.GetApiVersion(self.ReleaseTrack())
authority = authorities.Client(api_version).Get(authority_ref)
# TODO(b/79709480): Add other types of authorities if/when supported.
note_ref = resources.REGISTRY.ParseResourceId(
'containeranalysis.projects.notes',
authority.userOwnedDrydockNote.noteReference, {})
client = binauthz_api_util.ContainerAnalysisClient()
if normalized_artifact_url:
return client.YieldPgpKeyFingerprintsAndSignatures(
note_ref=note_ref,
artifact_url=normalized_artifact_url,
)
else:
return client.YieldUrlsWithOccurrences(note_ref)
def Run(self, args):
attestors_client = authorities.Client(apis.V1_BETA1)
attestor_ref = args.CONCEPTS.attestor.Parse()
attestors_client.RemoveKey(
attestor_ref, fingerprint_to_remove=args.public_key_fingerprint)
def Run(self, args):
authorities_client = authorities.Client()
authority_ref = args.CONCEPTS.authority.Parse()
authorities_client.RemoveKey(
authority_ref, fingerprint_to_remove=args.public_key_fingerprint)
def Run(self, args):
authorities_client = authorities.Client()
authority_ref = args.CONCEPTS.authority.Parse()
# TODO(b/71700164): Validate the contents of the public key file.
return authorities_client.AddKey(authority_ref, args.public_key_file,
args.comment)
def Run(self, args):
attestors_client = authorities.Client(apis.V1_BETA1)
attestor_ref = args.CONCEPTS.attestor.Parse()
# TODO(b/71700164): Validate the contents of the public key file.
return attestors_client.AddKey(attestor_ref, args.public_key_file,
args.comment)
def Run(self, args):
attestor_ref = args.CONCEPTS.attestor.Parse()
return authorities.Client(apis.V1_BETA1).Update(
attestor_ref, description=args.description)
def Run(self, args):
attestor_ref = args.CONCEPTS.attestor.Parse()
return authorities.Client(apis.V1_BETA1).Get(attestor_ref)
def Run(self, args):
authority_ref = args.CONCEPTS.authority.Parse()
note_ref = args.CONCEPTS.authority_note.Parse()
# TODO(b/74193183): Add a comment option.
return authorities.Client().Create(authority_ref, note_ref)
def Run(self, args):
return authorities.Client().List(util.GetProjectRef())
def Run(self, args): authority_ref = args.CONCEPTS.authority.Parse() return authorities.Client().Delete(authority_ref)
def Run(self, args):
authority_ref = args.CONCEPTS.authority.Parse()
return authorities.Client().Update(authority_ref,
description=args.description)
def Run(self, args):
attestor_ref = args.CONCEPTS.attestor.Parse()
note_ref = args.CONCEPTS.attestation_authority_note.Parse()
return authorities.Client(apis.V1_BETA1).Create(
attestor_ref, note_ref, description=args.description)
def Run(self, args):
return authorities.Client(apis.V1_BETA1).List(util.GetProjectRef())
