def Args(parser): flags.AddArtifactUrlFlag(parser, required=False) mutex_group = parser.add_mutually_exclusive_group(required=True) flags.AddConcepts( mutex_group, flags.GetAuthorityPresentationSpec( base_name='attestation-authority', required=False, # one-of requirement is set in mutex_group. positional=False, use_global_project_flag=False, group_help=textwrap.dedent("""\ The Attestation Authority whose Container Analysis Note will be queried for attestations. Note that the caller must have the `containeranalysis.notes.listOccurrences` permission on the note being queried.""") ), flags.GetAuthorityNotePresentationSpec( base_name='attestation-authority-note', required=False, # one-of requirement is set in mutex_group. positional=False, group_help=textwrap.dedent("""\ The Container Analysis ATTESTATION_AUTHORITY Note that will be queried for attestations. When this option is passed, only occurrences with kind ATTESTATION_AUTHORITY will be returned. The occurrences might be from any project, not just the project where the note lives. Note that the caller must have the `containeranalysis.notes.listOccurrences` permission on the note being queried.""") ), )
def Args(cls, parser): flags.AddConcepts( parser, flags.GetAttestorPresentationSpec( positional=True, group_help='The attestor to be created.', ), flags.GetAuthorityNotePresentationSpec( base_name='attestation-authority-note', required=True, positional=False, group_help=textwrap.dedent("""\ The Container Analysis ATTESTATION_AUTHORITY Note to which the created attestor will be bound. For the attestor to be able to access and use the Note, the Note must exist and the active gcloud account (core/account) must have the `containeranalysis.occurrences.viewer` permission for the Note. This can be achieved by granting the `containeranalysis.notes.viewer` role to the active account for the Note resource in question. """), ), ) parser.add_argument('--description', required=False, help='A description for the attestor')
def Args(parser): flags.AddArtifactUrlFlag(parser) parser.add_argument('--signature-file', required=True, type=str, help=textwrap.dedent("""\ Path to file containing the signature to store, or `-` to read signature from stdin.""")) mutex_group = parser.add_mutually_exclusive_group(required=True) flags.AddConcepts( mutex_group, flags.GetAuthorityPresentationSpec( base_name='attestation-authority', required=False, # one-of requirement is set in mutex_group. positional=False, use_global_project_flag=False, group_help=textwrap.dedent("""\ The Attestation Authority whose Container Analysis Note will be used to host the created attestation. In order to successfully attach the attestation, the active gcloud account (core/account) must have the `containeranalysis.notes.attachOccurrence` permission for the Authority's underlying Note resource (usually via the `containeranalysis.notes.attacher` role).""")), flags.GetAuthorityNotePresentationSpec( base_name='attestation-authority-note', required=False, # one-of requirement is set in mutex_group. positional=False, group_help=textwrap.dedent("""\ The Container Analysis ATTESTATION_AUTHORITY Note that the created attestation will be bound to. This note must exist and the active gcloud account (core/account) must have the `containeranalysis.notes.attachOccurrence` permission for the note resource (usually via the `containeranalysis.notes.attacher` role).""")), ) parser.add_argument('--pgp-key-fingerprint', type=str, required=True, help=textwrap.dedent("""\ The cryptographic ID of the key used to generate the signature. For Binary Authorization, this must be the version 4, full 160-bit fingerprint, expressed as a 40 character hexidecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details."""))