def Args(cls, parser): flags.AddArtifactUrlFlag(parser) flags.AddConcepts( parser, flags.GetAttestorPresentationSpec(base_name='attestor', required=True, positional=False, use_global_project_flag=False, group_help=textwrap.dedent("""\ The Attestor whose Container Analysis Note will be used to host the created attestation. In order to successfully attach the attestation, the active gcloud account (core/account) must be able to read this attestor and must have the `containeranalysis.notes.attachOccurrence` permission for the Attestor's underlying Note resource (usually via the `containeranalysis.notes.attacher` role).""")), flags.GetCryptoKeyVersionPresentationSpec( base_name='keyversion', required=True, positional=False, use_global_project_flag=False, group_help=textwrap.dedent("""\ The Cloud KMS (Key Management Service) CryptoKeyVersion to use to sign the attestation payload.""")), ) parser.add_argument('--public-key-id-override', type=str, help=textwrap.dedent("""\ If provided, the ID of the public key that will be used to verify the Attestation instead of the default generated one. This ID should match the one found on the Attestor resource(s) which will use this Attestation. This parameter is only necessary if the `--public-key-id-override` flag was provided when this KMS key was added to the Attestor."""))
def Args(cls, parser): flags.AddConcepts( parser, flags.GetAttestorPresentationSpec( required=True, positional=False, group_help=( 'The attestor to which the public key should be added.'), ), ) parser.add_argument( '--comment', help='The comment describing the public key.') key_group = parser.add_group(mutex=True, required=True) pgp_group = key_group.add_group() pgp_group.add_argument( '--pgp-public-key-file', type=arg_parsers.BufferedFileInput(), help='The path to the file containing the ' 'ASCII-armored PGP public key to add.') kms_group = key_group.add_group() flags.AddConcepts( kms_group, flags.GetCryptoKeyVersionPresentationSpec( base_name='keyversion', required=True, positional=False, use_global_project_flag=False, group_help=textwrap.dedent("""\ The Cloud KMS (Key Management Service) CryptoKeyVersion whose public key will be added to the attestor.""")), ) pkix_group = key_group.add_group() pkix_group.add_argument( '--pkix-public-key-file', required=True, type=arg_parsers.BufferedFileInput(), help='The path to the file containing the PKIX public key to add.') pkix_group.add_argument( '--pkix-public-key-algorithm', choices=pkix.GetAlgorithmMapper().choices, required=True, help=textwrap.dedent("""\ The signing algorithm of the associated key. This will be used to verify the signatures associated with this key.""")) parser.add_argument( '--public-key-id-override', type=str, help=textwrap.dedent("""\ If provided, the ID to replace the default API-generated one. All IDs must be valid URIs as defined by RFC 3986 (https://tools.ietf.org/html/rfc3986). When creating Attestations to be verified by this key, one must always provide this custom ID as the public key ID."""))