chore: Update discovery artifacts (#1596)
## Deleted keys were detected in the following stable discovery artifacts:
ondemandscanning v1 https://github.com/googleapis/google-api-python-client/commit/9f998b473a80a9c92e1d9ff7c7e1c35c208c93f8
privateca v1 https://github.com/googleapis/google-api-python-client/commit/b4ae2c840870ff9cd6f6fe1f39ab4f00c5e87b08
## Deleted keys were detected in the following pre-stable discovery artifacts:
ondemandscanning v1beta1 https://github.com/googleapis/google-api-python-client/commit/9f998b473a80a9c92e1d9ff7c7e1c35c208c93f8
## Discovery Artifact Change Summary:
feat(androidmanagement): update the api https://github.com/googleapis/google-api-python-client/commit/be2e5dd39ea24ffb04bda06bcd6af55fe15a272f
feat(appengine): update the api https://github.com/googleapis/google-api-python-client/commit/4535ce54bf2a6638f1a70c394021f17883fa0f35
feat(artifactregistry): update the api https://github.com/googleapis/google-api-python-client/commit/882fdb3258c3ead813f0895539bc99503d3a4356
feat(chromepolicy): update the api https://github.com/googleapis/google-api-python-client/commit/c330a6f08c004f0809bfbc1b43801dd5c38dc805
feat(cloudidentity): update the api https://github.com/googleapis/google-api-python-client/commit/d0f05277b6caeab32d8283f2ffdf253608c67a78
feat(composer): update the api https://github.com/googleapis/google-api-python-client/commit/2bfa5a11741e6c653c6297a9e438c0316a9703a0
feat(compute): update the api https://github.com/googleapis/google-api-python-client/commit/b917688b232d9cc2ca59f25725e9013e2d6d09f7
feat(datastream): update the api https://github.com/googleapis/google-api-python-client/commit/218521cf0ac369533de05f866419d38295f17a40
feat(dns): update the api https://github.com/googleapis/google-api-python-client/commit/540233d5289624ba149069596ae46233fd31e2b7
feat(healthcare): update the api https://github.com/googleapis/google-api-python-client/commit/1e029c853a3232ea499035dd7a9c141d60df4ba1
feat(ondemandscanning): update the api https://github.com/googleapis/google-api-python-client/commit/9f998b473a80a9c92e1d9ff7c7e1c35c208c93f8
feat(osconfig): update the api https://github.com/googleapis/google-api-python-client/commit/59cea85511b634a99028cb73ef0e73fb1e194b5b
feat(paymentsresellersubscription): update the api https://github.com/googleapis/google-api-python-client/commit/efb5b4fc9229f0baa66b928cfa4ba6f6d1315643
feat(privateca): update the api https://github.com/googleapis/google-api-python-client/commit/b4ae2c840870ff9cd6f6fe1f39ab4f00c5e87b08
feat(recommender): update the api https://github.com/googleapis/google-api-python-client/commit/8dffae4069115fdb3dac902eee0bf2c9cbc39ce9
feat(retail): update the api https://github.com/googleapis/google-api-python-client/commit/f71107495bef44a7d7a9108dcdae2eada7815986
feat(storagetransfer): update the api https://github.com/googleapis/google-api-python-client/commit/c835926b3369ad8f8dbe277e6caa9c995db6342f
feat(streetviewpublish): update the api https://github.com/googleapis/google-api-python-client/commit/35f0b1b607af6386790a6ec49541f87bc3091453
feat(translate): update the api https://github.com/googleapis/google-api-python-client/commit/1f848a58c798840ee0ac4f768324c9f44b3cfc07
diff --git a/docs/dyn/ondemandscanning_v1.projects.locations.scans.vulnerabilities.html b/docs/dyn/ondemandscanning_v1.projects.locations.scans.vulnerabilities.html
index 3acb8ca..2b3a298 100644
--- a/docs/dyn/ondemandscanning_v1.projects.locations.scans.vulnerabilities.html
+++ b/docs/dyn/ondemandscanning_v1.projects.locations.scans.vulnerabilities.html
@@ -124,7 +124,7 @@
],
},
"build": { # Details of a build occurrence. # Describes a verifiable build.
- "intotoProvenance": { # In-toto Provenance representation as defined in spec.
+ "intotoProvenance": { # Deprecated. See InTotoStatement for the replacement. In-toto Provenance representation as defined in spec.
"builderConfig": { # required
"id": "A String",
},
@@ -158,7 +158,88 @@
"type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
},
},
- "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # Required. The actual provenance for the build.
+ "intotoStatement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json". # In-toto Statement representation as defined in spec. The intoto_statement can contain any type of provenance. The serialized payload of the statement can be stored and signed in the Occurrence's envelope.
+ "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+ "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
+ "provenance": {
+ "builderConfig": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ "A String",
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": [ # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Since the arguments field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": [ # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Since the environment field can greatly vary in structure, depending on the builder and recipe type, this is of form "Any".
+ {
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ ],
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "slsaProvenance": {
+ "builder": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ {
+ "digest": {
+ "a_key": "A String",
+ },
+ "uri": "A String",
+ },
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
+ "subject": [
+ {
+ "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
+ "a_key": "A String",
+ },
+ "name": "A String",
+ },
+ ],
+ },
+ "provenance": { # Provenance of a build. Contains all information needed to verify the full details about the build from source to completion. # The actual provenance for the build.
"buildOptions": { # Special options applied to this build. This is a catch-all field where build providers can enter any desired additional details.
"a_key": "A String",
},
@@ -315,7 +396,7 @@
"cpe": "A String", # The CPE of the resource being scanned.
"lastScanTime": "A String", # The last time this resource was scanned.
},
- "dsseAttestation": { # Describes an attestation of an artifact using dsse.
+ "dsseAttestation": { # Deprecated. Prefer to use a regular Occurrence, and populate the Envelope at the top level of the Occurrence. # Describes an attestation of an artifact using dsse.
"envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # If doing something security critical, make sure to verify the signatures in this metadata.
"payload": "A String",
"payloadType": "A String",
@@ -327,7 +408,8 @@
],
},
"statement": { # Spec defined at https://github.com/in-toto/attestation/tree/main/spec#statement The serialized InTotoStatement will be stored as Envelope.payload. Envelope.payloadType is always "application/vnd.in-toto+json".
- "predicateType": "A String", # "https://in-toto.io/Provenance/v0.1" for InTotoProvenance.
+ "_type": "A String", # Always "https://in-toto.io/Statement/v0.1".
+ "predicateType": "A String", # "https://slsa.dev/provenance/v0.1" for SlsaProvenance.
"provenance": {
"builderConfig": { # required
"id": "A String",
@@ -362,15 +444,49 @@
"type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
},
},
+ "slsaProvenance": {
+ "builder": { # required
+ "id": "A String",
+ },
+ "materials": [ # The collection of artifacts that influenced the build including sources, dependencies, build tools, base images, and so on. This is considered to be incomplete unless metadata.completeness.materials is true. Unset or null is equivalent to empty.
+ {
+ "digest": {
+ "a_key": "A String",
+ },
+ "uri": "A String",
+ },
+ ],
+ "metadata": { # Other properties of the build.
+ "buildFinishedOn": "A String", # The timestamp of when the build completed.
+ "buildInvocationId": "A String", # Identifies the particular build invocation, which can be useful for finding associated logs or other ad-hoc analysis. The value SHOULD be globally unique, per in-toto Provenance spec.
+ "buildStartedOn": "A String", # The timestamp of when the build started.
+ "completeness": { # Indicates that the builder claims certain fields in this message to be complete. # Indicates that the builder claims certain fields in this message to be complete.
+ "arguments": True or False, # If true, the builder claims that recipe.arguments is complete, meaning that all external inputs are properly captured in the recipe.
+ "environment": True or False, # If true, the builder claims that recipe.environment is claimed to be complete.
+ "materials": True or False, # If true, the builder claims that materials are complete, usually through some controls to prevent network access. Sometimes called "hermetic".
+ },
+ "reproducible": True or False, # If true, the builder claims that running the recipe on materials will produce bit-for-bit identical output.
+ },
+ "recipe": { # Steps taken to build the artifact. For a TaskRun, typically each container corresponds to one step in the recipe. # Identifies the configuration used for the build. When combined with materials, this SHOULD fully describe the build, such that re-running this recipe results in bit-for-bit identical output (if the build is reproducible). required
+ "arguments": { # Collection of all external inputs that influenced the build on top of recipe.definedInMaterial and recipe.entryPoint. For example, if the recipe type were "make", then this might be the flags passed to make aside from the target, which is captured in recipe.entryPoint. Depending on the recipe Type, the structure may be different.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "definedInMaterial": "A String", # Index in materials containing the recipe steps that are not implied by recipe.type. For example, if the recipe type were "make", then this would point to the source containing the Makefile, not the make program itself. Set to -1 if the recipe doesn't come from a material, as zero is default unset value for int64.
+ "entryPoint": "A String", # String identifying the entry point into the build. This is often a path to a configuration file and/or a target label within that file. The syntax and meaning are defined by recipe.type. For example, if the recipe type were "make", then this would reference the directory in which to run make as well as which target to use.
+ "environment": { # Any other builder-controlled inputs necessary for correctly evaluating the recipe. Usually only needed for reproducing the build but not evaluated as part of policy. Depending on the recipe Type, the structure may be different.
+ "a_key": "", # Properties of the object. Contains field @type with type URL.
+ },
+ "type": "A String", # URI indicating what type of recipe was performed. It determines the meaning of recipe.entryPoint, recipe.arguments, recipe.environment, and materials.
+ },
+ },
"subject": [
{
- "digest": { # "": ""
+ "digest": { # "": "" Algorithms can be e.g. sha256, sha512 See https://github.com/in-toto/attestation/blob/main/spec/field_types.md#DigestSet
"a_key": "A String",
},
"name": "A String",
},
],
- "type": "A String", # Always "https://in-toto.io/Statement/v0.1".
},
},
"envelope": { # MUST match https://github.com/secure-systems-lab/dsse/blob/master/envelope.proto. An authenticated message of arbitrary type. # https://github.com/secure-systems-lab/dsse