def Args(cls, parser):
flags.AddArtifactUrlFlag(parser)
flags.AddConcepts(
parser,
flags.GetAttestorPresentationSpec(base_name='attestor',
required=True,
positional=False,
use_global_project_flag=False,
group_help=textwrap.dedent("""\
The Attestor whose Container Analysis Note will be used to host
the created attestation. In order to successfully attach the
attestation, the active gcloud account (core/account) must
be able to read this attestor and must have the
`containeranalysis.notes.attachOccurrence` permission for the
Attestor's underlying Note resource (usually via the
`containeranalysis.notes.attacher` role).""")),
flags.GetCryptoKeyVersionPresentationSpec(
base_name='keyversion',
required=True,
positional=False,
use_global_project_flag=False,
group_help=textwrap.dedent("""\
The Cloud KMS (Key Management Service) CryptoKeyVersion to use to
sign the attestation payload.""")),
)
parser.add_argument('--public-key-id-override',
type=str,
help=textwrap.dedent("""\
If provided, the ID of the public key that will be used to verify the
Attestation instead of the default generated one. This ID should match
the one found on the Attestor resource(s) which will use this
Attestation.
This parameter is only necessary if the `--public-key-id-override`
flag was provided when this KMS key was added to the Attestor."""))
def Args(cls, parser):
flags.AddConcepts(
parser,
flags.GetAttestorPresentationSpec(
required=True,
positional=False,
group_help=(
'The attestor to which the public key should be added.'),
),
)
parser.add_argument(
'--comment', help='The comment describing the public key.')
key_group = parser.add_group(mutex=True, required=True)
pgp_group = key_group.add_group()
pgp_group.add_argument(
'--pgp-public-key-file',
type=arg_parsers.BufferedFileInput(),
help='The path to the file containing the '
'ASCII-armored PGP public key to add.')
kms_group = key_group.add_group()
flags.AddConcepts(
kms_group,
flags.GetCryptoKeyVersionPresentationSpec(
base_name='keyversion',
required=True,
positional=False,
use_global_project_flag=False,
group_help=textwrap.dedent("""\
The Cloud KMS (Key Management Service) CryptoKeyVersion whose
public key will be added to the attestor.""")),
)
pkix_group = key_group.add_group()
pkix_group.add_argument(
'--pkix-public-key-file',
required=True,
type=arg_parsers.BufferedFileInput(),
help='The path to the file containing the PKIX public key to add.')
pkix_group.add_argument(
'--pkix-public-key-algorithm',
choices=pkix.GetAlgorithmMapper().choices,
required=True,
help=textwrap.dedent("""\
The signing algorithm of the associated key. This will be used to
verify the signatures associated with this key."""))
parser.add_argument(
'--public-key-id-override',
type=str,
help=textwrap.dedent("""\
If provided, the ID to replace the default API-generated one. All IDs
must be valid URIs as defined by RFC 3986
(https://tools.ietf.org/html/rfc3986).
When creating Attestations to be verified by this key, one must always
provide this custom ID as the public key ID."""))