def Run(self, args):
project_ref = resources.REGISTRY.Parse(
properties.VALUES.core.project.Get(required=True),
collection='cloudresourcemanager.projects',
)
normalized_artifact_url = binauthz_command_util.NormalizeArtifactUrl(
args.artifact_url)
signature = files.GetFileOrStdinContents(args.signature_file)
if args.attestation_authority_note:
client = binauthz_api_util.ContainerAnalysisClient()
return client.CreateAttestationOccurrence(
project_ref=project_ref,
note_ref=args.CONCEPTS.attestation_authority_note.Parse(),
artifact_url=normalized_artifact_url,
pgp_key_fingerprint=args.pgp_key_fingerprint,
signature=signature,
)
else:
return self.CreateLegacyAttestation(
project_ref=project_ref,
normalized_artifact_url=normalized_artifact_url,
signature=signature,
public_key_file=args.public_key_file,
)
def _ReadFileOrStdin(self, path, max_bytes):
data = files.GetFileOrStdinContents(path, binary=True)
if len(data) > max_bytes:
raise exceptions.BadFileException(
'The file [{0}] is larger than the maximum size of {1} bytes.'.
format(path, max_bytes))
return data
def _IsJsonFile(filename):
"""Check and validate if given filename is proper json file."""
content = files.GetFileOrStdinContents(filename, binary=True)
try:
return json.loads(content), True
except ValueError as e:
if filename.endswith('.json'):
raise auth_service_account.BadCredentialFileException(
'Could not read json file {0}: {1}'.format(filename, e))
return content, False
def FromFile(cls, fname, allow_rsa_encrypted):
"""FromFile loads a CsekKeyStore from a file.
Args:
fname: str, the name of a file intended to contain a well-formed key file
allow_rsa_encrypted: bool, whether to allow keys of type 'rsa-encrypted'
Returns:
A CsekKeyStore, if found
Raises:
googlecloudsdk.core.util.files.Error: If the file cannot be read or is
larger than max_bytes.
"""
content = files.GetFileOrStdinContents(fname)
return cls(content, allow_rsa_encrypted)
def Run(self, args):
project_ref = resources.REGISTRY.Parse(
properties.VALUES.core.project.Get(required=True),
collection='cloudresourcemanager.projects')
normalized_artifact_url = binauthz_command_util.NormalizeArtifactUrl(
args.artifact_url)
public_key = files.GetFileContents(args.public_key_file)
signature = files.GetFileOrStdinContents(args.signature_file)
note_id = binauthz_command_util.NoteId(normalized_artifact_url,
public_key, signature)
provider_ref = binauthz_command_util.CreateProviderRefFromProjectRef(
project_ref)
provider_note_ref = binauthz_command_util.ParseProviderNote(
note_id=note_id, provider_ref=provider_ref)
return binauthz_api_util.ContainerAnalysisClient().PutSignature(
occurrence_project_ref=project_ref,
provider_ref=provider_ref,
provider_note_ref=provider_note_ref,
note_id=note_id,
artifact_url=normalized_artifact_url,
public_key=public_key,
signature=signature)
def _ParsePayloadArgs(args):
if args.IsSpecified('payload_file'):
return files.GetFileOrStdinContents(args.payload_file, binary=False)
elif args.IsSpecified('payload_content'):
return args.payload_content