def Args(parser):
flags.AddArtifactUrlFlag(parser, required=False)
mutex_group = parser.add_mutually_exclusive_group(required=True)
flags.AddConcepts(
mutex_group,
flags.GetAuthorityPresentationSpec(
base_name='attestation-authority',
required=False, # one-of requirement is set in mutex_group.
positional=False,
use_global_project_flag=False,
group_help=textwrap.dedent("""\
The Attestation Authority whose Container Analysis Note will be
queried for attestations. Note that the caller must have the
`containeranalysis.notes.listOccurrences` permission on the note
being queried.""")
),
flags.GetAuthorityNotePresentationSpec(
base_name='attestation-authority-note',
required=False, # one-of requirement is set in mutex_group.
positional=False,
group_help=textwrap.dedent("""\
The Container Analysis ATTESTATION_AUTHORITY Note that will be
queried for attestations. When this option is passed, only
occurrences with kind ATTESTATION_AUTHORITY will be returned. The
occurrences might be from any project, not just the project where
the note lives. Note that the caller must have the
`containeranalysis.notes.listOccurrences` permission on the note
being queried.""")
),
)
def Args(parser):
flags.AddConcepts(
parser,
flags.GetAuthorityPresentationSpec(
positional=True,
group_help='The authority to be created.',
),
flags.GetAuthorityNotePresentationSpec(
base_name='authority-note',
required=True,
positional=False,
group_help=textwrap.dedent("""\
The Container Analysis ATTESTATION_AUTHORITY Note to which the
created attestation authority will be bound.
For the attestation authority to be able to access and use the Note,
the Note must exist and the active gcloud account (core/account)
must have the `containeranalysis.occurrences.viewer` permission
for the Note. This can be achieved by granting the
`containeranalysis.notes.viewer` role to the active account for
the Note resource in question.
"""),
),
)
def Args(parser):
# TODO(b/74193183): Add a comment option.
flags.AddConcepts(
parser,
flags.GetAuthorityPresentationSpec(
positional=True, group_help='The authority to update.'),
)
def Args(parser):
flags.AddConcepts(
parser,
flags.GetAuthorityPresentationSpec(
positional=True,
group_help='The authority whose IAM policy will be fetched.',
),
)
def Args(parser):
flags.AddConcepts(
parser,
flags.GetAuthorityPresentationSpec(
positional=True,
group_help='The authority to be deleted.'
),
)
def Args(parser):
flags.AddConcepts(
parser,
flags.GetAuthorityPresentationSpec(
positional=True,
group_help='The authority whose IAM policy will be modified.',
),
)
iam_util.AddArgsForRemoveIamPolicyBinding(parser)
def Args(parser):
flags.AddConcepts(
parser,
flags.GetAuthorityPresentationSpec(
positional=True, group_help='The authority to update.'),
)
parser.add_argument('--description',
required=False,
help='The new description for the authority')
def Args(parser):
flags.AddConcepts(
parser,
flags.GetAuthorityPresentationSpec(
required=True,
positional=False,
group_help=(
'The authority from which the public key should be removed.'),
),
)
parser.add_argument('public_key_fingerprint',
help='The fingerprint of the public key to remove.')
def Args(parser):
flags.AddConcepts(
parser,
flags.GetAuthorityPresentationSpec(
required=True,
positional=False,
group_help=(
'The authority to which the public key should be added.'),
),
)
parser.add_argument('--public-key-file',
type=arg_parsers.BufferedFileInput(),
help='The path to the file containing the '
'ASCII-armored PGP public key to add.',
required=True)
parser.add_argument('--comment',
help='The comment describing the public key.')
def Args(parser):
flags.AddArtifactUrlFlag(parser)
parser.add_argument('--signature-file',
required=True,
type=str,
help=textwrap.dedent("""\
Path to file containing the signature to store, or `-` to read signature
from stdin."""))
mutex_group = parser.add_mutually_exclusive_group(required=True)
flags.AddConcepts(
mutex_group,
flags.GetAuthorityPresentationSpec(
base_name='attestation-authority',
required=False, # one-of requirement is set in mutex_group.
positional=False,
use_global_project_flag=False,
group_help=textwrap.dedent("""\
The Attestation Authority whose Container Analysis Note will be
used to host the created attestation. In order to successfully
attach the attestation, the active gcloud account (core/account)
must have the `containeranalysis.notes.attachOccurrence`
permission for the Authority's underlying Note resource (usually
via the `containeranalysis.notes.attacher` role).""")),
flags.GetAuthorityNotePresentationSpec(
base_name='attestation-authority-note',
required=False, # one-of requirement is set in mutex_group.
positional=False,
group_help=textwrap.dedent("""\
The Container Analysis ATTESTATION_AUTHORITY Note that the created
attestation will be bound to. This note must exist and the active
gcloud account (core/account) must have the
`containeranalysis.notes.attachOccurrence` permission for the note
resource (usually via the `containeranalysis.notes.attacher`
role).""")),
)
parser.add_argument('--pgp-key-fingerprint',
type=str,
required=True,
help=textwrap.dedent("""\
The cryptographic ID of the key used to generate the signature. For
Binary Authorization, this must be the version 4, full 160-bit
fingerprint, expressed as a 40 character hexidecimal string. See
https://tools.ietf.org/html/rfc4880#section-12.2 for details."""))
