chore: Update discovery artifacts (#1477)
## Deleted keys were detected in the following stable discovery artifacts:
apigee v1 https://github.com/googleapis/google-api-python-client/commit/4485c5f3b32c9bda4f50a2a96c5870414f7d870f
sqladmin v1 https://github.com/googleapis/google-api-python-client/commit/41d51e34759b181692ed96d9d490a9cfc5a28459
## Deleted keys were detected in the following pre-stable discovery artifacts:
sqladmin v1beta4 https://github.com/googleapis/google-api-python-client/commit/41d51e34759b181692ed96d9d490a9cfc5a28459
transcoder v1beta1 https://github.com/googleapis/google-api-python-client/commit/1e0b0854e31f52013a8c5423efbd5e34c953e08c
## Discovery Artifact Change Summary:
feat(accesscontextmanager): update the api https://github.com/googleapis/google-api-python-client/commit/30216a669249442cac8f0fb8bb347b1352d8f087
feat(alertcenter): update the api https://github.com/googleapis/google-api-python-client/commit/39b084706537111e8403be6e69f0fc9d82b2f383
feat(apigee): update the api https://github.com/googleapis/google-api-python-client/commit/4485c5f3b32c9bda4f50a2a96c5870414f7d870f
feat(bigquery): update the api https://github.com/googleapis/google-api-python-client/commit/304bbde2360066caf55575e3be5a04fdc8bf8b09
feat(chromemanagement): update the api https://github.com/googleapis/google-api-python-client/commit/0ba28b47236a81a996a3607567b61ab38150617d
feat(cloudasset): update the api https://github.com/googleapis/google-api-python-client/commit/792aa5593ea64ceb4b565e950e153e396274b3b8
feat(cloudbuild): update the api https://github.com/googleapis/google-api-python-client/commit/6b06387ca29e76d26f257c7a4eb6864fe27e082e
feat(cloudchannel): update the api https://github.com/googleapis/google-api-python-client/commit/0b0444ea192f79c5564745be8b1d52b52a74d1fb
feat(cloudkms): update the api https://github.com/googleapis/google-api-python-client/commit/7dc278459cbd32bf15b39633327743cfa0beeea3
feat(composer): update the api https://github.com/googleapis/google-api-python-client/commit/92131bff38ab7644e549f3d71f9c0a84755455db
feat(container): update the api https://github.com/googleapis/google-api-python-client/commit/53d8b4b3e3c5d16ffd14ba1af1cf1769d9249067
feat(containeranalysis): update the api https://github.com/googleapis/google-api-python-client/commit/9ab94f3f4c2ccafdf8b298dad8c6a5c2aa61a606
feat(dialogflow): update the api https://github.com/googleapis/google-api-python-client/commit/b49bfdaedbed3378b061e85f937a36e97732fcd4
feat(iam): update the api https://github.com/googleapis/google-api-python-client/commit/0832247d126965b472a271167028499f015de1ae
feat(metastore): update the api https://github.com/googleapis/google-api-python-client/commit/dd83236343d603e964613b16e9afa25eff60f97c
feat(ondemandscanning): update the api https://github.com/googleapis/google-api-python-client/commit/6ffbe182425ec217230fc083e217676e915bb786
feat(osconfig): update the api https://github.com/googleapis/google-api-python-client/commit/e079d43be4291ca10be7caf432012c6553e0398e
feat(oslogin): update the api https://github.com/googleapis/google-api-python-client/commit/d3ec653bdd293a63ae0b3772ce83e1fda73d5de5
feat(pubsub): update the api https://github.com/googleapis/google-api-python-client/commit/06dfff22baec2551508b93e29e4c36fa442ab299
feat(pubsublite): update the api https://github.com/googleapis/google-api-python-client/commit/4287a7d537741391a9afe9e669b98010ed4fc0ab
feat(recaptchaenterprise): update the api https://github.com/googleapis/google-api-python-client/commit/ebfeb8fc00a1c6a8603b35640845c5cdacf53cb2
feat(recommender): update the api https://github.com/googleapis/google-api-python-client/commit/01f2d6cc989ce337537a51ead8ffd3d6fc7e6c5d
feat(speech): update the api https://github.com/googleapis/google-api-python-client/commit/601afcf08fd96421b64ef4c6f098f09f0748ce69
feat(sqladmin): update the api https://github.com/googleapis/google-api-python-client/commit/41d51e34759b181692ed96d9d490a9cfc5a28459
feat(tagmanager): update the api https://github.com/googleapis/google-api-python-client/commit/47a522aac79ae9283a0c7ee7a2d0716e605d8c21
feat(transcoder): update the api https://github.com/googleapis/google-api-python-client/commit/1e0b0854e31f52013a8c5423efbd5e34c953e08c
diff --git a/docs/dyn/ondemandscanning_v1.projects.locations.scans.vulnerabilities.html b/docs/dyn/ondemandscanning_v1.projects.locations.scans.vulnerabilities.html
index 9dfe9f1..023892c 100644
--- a/docs/dyn/ondemandscanning_v1.projects.locations.scans.vulnerabilities.html
+++ b/docs/dyn/ondemandscanning_v1.projects.locations.scans.vulnerabilities.html
@@ -124,6 +124,36 @@
],
},
"build": { # Details of a build occurrence. # Describes a verifiable build.
+ "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint.
+ "A String",
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy.
+ "a_key": "A String",
+ },
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
"provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
"buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
"a_key": "A String",
@@ -281,6 +311,70 @@
"cpe": "A String", # The CPE of the resource being scanned.
"lastScanTime": "A String", # The last time this resource was scanned.
},
+ "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
+ "statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
+ "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+ "provenance": {
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint.
+ "A String",
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy.
+ "a_key": "A String",
+ },
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "subject": [
+ {
+ "digest": { # "": ""
+ "a_key": "A String",
+ },
+ "name": "A String",
+ },
+ ],
+ "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+ },
+ },
+ "envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse
+ "payload": "A String",
+ "payloadType": "A String",
+ "signatures": [
+ {
+ "keyid": "A String",
+ "sig": "A String",
+ },
+ ],
+ },
"image": { # Details of the derived image portion of the DockerImage relationship. This image would be produced from a Dockerfile with FROM . # Describes how this resource derives from the basis in the associated note.
"baseResourceUrl": "A String", # Output only. This contains the base image URL for the derived image occurrence.
"distance": 42, # Output only. The number of layers by which this image differs from the associated image basis.