def Args(parser): flags.AddArtifactUrlFlag(parser, required=False) mutex_group = parser.add_mutually_exclusive_group(required=True) flags.AddConcepts( mutex_group, flags.GetAuthorityPresentationSpec( base_name='attestation-authority', required=False, # one-of requirement is set in mutex_group. positional=False, use_global_project_flag=False, group_help=textwrap.dedent("""\ The Attestation Authority whose Container Analysis Note will be queried for attestations. Note that the caller must have the `containeranalysis.notes.listOccurrences` permission on the note being queried.""") ), flags.GetAuthorityNotePresentationSpec( base_name='attestation-authority-note', required=False, # one-of requirement is set in mutex_group. positional=False, group_help=textwrap.dedent("""\ The Container Analysis ATTESTATION_AUTHORITY Note that will be queried for attestations. When this option is passed, only occurrences with kind ATTESTATION_AUTHORITY will be returned. The occurrences might be from any project, not just the project where the note lives. Note that the caller must have the `containeranalysis.notes.listOccurrences` permission on the note being queried.""") ), )
def Args(parser): flags.AddConcepts( parser, flags.GetAuthorityPresentationSpec( positional=True, group_help='The authority to be created.', ), flags.GetAuthorityNotePresentationSpec( base_name='authority-note', required=True, positional=False, group_help=textwrap.dedent("""\ The Container Analysis ATTESTATION_AUTHORITY Note to which the created attestation authority will be bound. For the attestation authority to be able to access and use the Note, the Note must exist and the active gcloud account (core/account) must have the `containeranalysis.occurrences.viewer` permission for the Note. This can be achieved by granting the `containeranalysis.notes.viewer` role to the active account for the Note resource in question. """), ), )
def Args(parser): # TODO(b/74193183): Add a comment option. flags.AddConcepts( parser, flags.GetAuthorityPresentationSpec( positional=True, group_help='The authority to update.'), )
def Args(parser): flags.AddConcepts( parser, flags.GetAuthorityPresentationSpec( positional=True, group_help='The authority whose IAM policy will be fetched.', ), )
def Args(parser): flags.AddConcepts( parser, flags.GetAuthorityPresentationSpec( positional=True, group_help='The authority to be deleted.' ), )
def Args(parser): flags.AddConcepts( parser, flags.GetAuthorityPresentationSpec( positional=True, group_help='The authority whose IAM policy will be modified.', ), ) iam_util.AddArgsForRemoveIamPolicyBinding(parser)
def Args(parser): flags.AddConcepts( parser, flags.GetAuthorityPresentationSpec( positional=True, group_help='The authority to update.'), ) parser.add_argument('--description', required=False, help='The new description for the authority')
def Args(parser): flags.AddConcepts( parser, flags.GetAuthorityPresentationSpec( required=True, positional=False, group_help=( 'The authority from which the public key should be removed.'), ), ) parser.add_argument('public_key_fingerprint', help='The fingerprint of the public key to remove.')
def Args(parser): flags.AddConcepts( parser, flags.GetAuthorityPresentationSpec( required=True, positional=False, group_help=( 'The authority to which the public key should be added.'), ), ) parser.add_argument('--public-key-file', type=arg_parsers.BufferedFileInput(), help='The path to the file containing the ' 'ASCII-armored PGP public key to add.', required=True) parser.add_argument('--comment', help='The comment describing the public key.')
def Args(parser): flags.AddArtifactUrlFlag(parser) parser.add_argument('--signature-file', required=True, type=str, help=textwrap.dedent("""\ Path to file containing the signature to store, or `-` to read signature from stdin.""")) mutex_group = parser.add_mutually_exclusive_group(required=True) flags.AddConcepts( mutex_group, flags.GetAuthorityPresentationSpec( base_name='attestation-authority', required=False, # one-of requirement is set in mutex_group. positional=False, use_global_project_flag=False, group_help=textwrap.dedent("""\ The Attestation Authority whose Container Analysis Note will be used to host the created attestation. In order to successfully attach the attestation, the active gcloud account (core/account) must have the `containeranalysis.notes.attachOccurrence` permission for the Authority's underlying Note resource (usually via the `containeranalysis.notes.attacher` role).""")), flags.GetAuthorityNotePresentationSpec( base_name='attestation-authority-note', required=False, # one-of requirement is set in mutex_group. positional=False, group_help=textwrap.dedent("""\ The Container Analysis ATTESTATION_AUTHORITY Note that the created attestation will be bound to. This note must exist and the active gcloud account (core/account) must have the `containeranalysis.notes.attachOccurrence` permission for the note resource (usually via the `containeranalysis.notes.attacher` role).""")), ) parser.add_argument('--pgp-key-fingerprint', type=str, required=True, help=textwrap.dedent("""\ The cryptographic ID of the key used to generate the signature. For Binary Authorization, this must be the version 4, full 160-bit fingerprint, expressed as a 40 character hexidecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details."""))