feat: [confidentialcomputing] Added support for signed container imag…

…e and custom audience and nonce requests (#9701) * feat: Added support for signed container image and custom audience and nonce requests New fields have been incorporated into the VerifyAttestationRequest proto message to accommodate two additional features: signed container image and custom audience and nonce. PiperOrigin-RevId: 551026956 Source-Link: googleapis/googleapis@a31b53e Source-Link: googleapis/googleapis-gen@640cd43 Copy-Tag: eyJwIjoiamF2YS1jb25maWRlbnRpYWxjb21wdXRpbmcvLk93bEJvdC55YW1sIiwiaCI6IjY0MGNkNDM0ZmMzYjQ2OWJiYzIzNmZjNGQ1MjUxYjY5NmIxODAxYjYifQ== * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
googleapis · Aug 2, 2023 · c5c0b87 · c5c0b87
1 parent 4659951
commit c5c0b87
Show file tree

Hide file tree

Showing 20 changed files with 5,541 additions and 39 deletions.
diff --git a/java-confidentialcomputing/README.md b/java-confidentialcomputing/README.md
@@ -201,7 +201,7 @@ Java is a registered trademark of Oracle and/or its affiliates.
 [kokoro-badge-link-5]: http://storage.googleapis.com/cloud-devrel-public/java/badges/java-confidentialcomputing/java11.html
 [stability-image]: https://img.shields.io/badge/stability-preview-yellow
 [maven-version-image]: https://img.shields.io/maven-central/v/com.google.cloud/google-cloud-confidentialcomputing.svg
-[maven-version-link]: https://central.sonatype.com/artifact/com.google.cloud/google-cloud-confidentialcomputing/0.7.0
+[maven-version-link]: https://central.sonatype.com/artifact/com.google.cloud/google-cloud-confidentialcomputing/0.8.0
 [authentication]: https://github.com/googleapis/google-cloud-java#authentication
 [auth-scopes]: https://developers.google.com/identity/protocols/oauth2/scopes
 [predefined-iam-roles]: https://cloud.google.com/iam/docs/understanding-roles#predefined_roles

diff --git a/.../src/main/java/com/google/cloud/confidentialcomputing/v1/ConfidentialComputingClient.java b/.../src/main/java/com/google/cloud/confidentialcomputing/v1/ConfidentialComputingClient.java
@@ -327,6 +327,8 @@ public final UnaryCallable<CreateChallengeRequest, Challenge> createChallengeCal
    *           .setChallenge(ChallengeName.of("[PROJECT]", "[LOCATION]", "[UUID]").toString())
    *           .setGcpCredentials(GcpCredentials.newBuilder().build())
    *           .setTpmAttestation(TpmAttestation.newBuilder().build())
+   *           .setConfidentialSpaceInfo(ConfidentialSpaceInfo.newBuilder().build())
+   *           .setTokenOptions(TokenOptions.newBuilder().build())
    *           .build();
    *   VerifyAttestationResponse response = confidentialComputingClient.verifyAttestation(request);
    * }
@@ -358,6 +360,8 @@ public final VerifyAttestationResponse verifyAttestation(VerifyAttestationReques
    *           .setChallenge(ChallengeName.of("[PROJECT]", "[LOCATION]", "[UUID]").toString())
    *           .setGcpCredentials(GcpCredentials.newBuilder().build())
    *           .setTpmAttestation(TpmAttestation.newBuilder().build())
+   *           .setConfidentialSpaceInfo(ConfidentialSpaceInfo.newBuilder().build())
+   *           .setTokenOptions(TokenOptions.newBuilder().build())
    *           .build();
    *   ApiFuture<VerifyAttestationResponse> future =
    *       confidentialComputingClient.verifyAttestationCallable().futureCall(request);

diff --git a/...urces/META-INF/native-image/com.google.cloud.confidentialcomputing.v1/reflect-config.json b/...urces/META-INF/native-image/com.google.cloud.confidentialcomputing.v1/reflect-config.json
@@ -395,6 +395,42 @@
     "allDeclaredClasses": true,
     "allPublicClasses": true
   },
+  {
+    "name": "com.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfo",
+    "queryAllDeclaredConstructors": true,
+    "queryAllPublicConstructors": true,
+    "queryAllDeclaredMethods": true,
+    "allPublicMethods": true,
+    "allDeclaredClasses": true,
+    "allPublicClasses": true
+  },
+  {
+    "name": "com.google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfo$Builder",
+    "queryAllDeclaredConstructors": true,
+    "queryAllPublicConstructors": true,
+    "queryAllDeclaredMethods": true,
+    "allPublicMethods": true,
+    "allDeclaredClasses": true,
+    "allPublicClasses": true
+  },
+  {
+    "name": "com.google.cloud.confidentialcomputing.v1.ContainerImageSignature",
+    "queryAllDeclaredConstructors": true,
+    "queryAllPublicConstructors": true,
+    "queryAllDeclaredMethods": true,
+    "allPublicMethods": true,
+    "allDeclaredClasses": true,
+    "allPublicClasses": true
+  },
+  {
+    "name": "com.google.cloud.confidentialcomputing.v1.ContainerImageSignature$Builder",
+    "queryAllDeclaredConstructors": true,
+    "queryAllPublicConstructors": true,
+    "queryAllDeclaredMethods": true,
+    "allPublicMethods": true,
+    "allDeclaredClasses": true,
+    "allPublicClasses": true
+  },
   {
     "name": "com.google.cloud.confidentialcomputing.v1.CreateChallengeRequest",
     "queryAllDeclaredConstructors": true,
@@ -431,6 +467,51 @@
     "allDeclaredClasses": true,
     "allPublicClasses": true
   },
+  {
+    "name": "com.google.cloud.confidentialcomputing.v1.SignedEntity",
+    "queryAllDeclaredConstructors": true,
+    "queryAllPublicConstructors": true,
+    "queryAllDeclaredMethods": true,
+    "allPublicMethods": true,
+    "allDeclaredClasses": true,
+    "allPublicClasses": true
+  },
+  {
+    "name": "com.google.cloud.confidentialcomputing.v1.SignedEntity$Builder",
+    "queryAllDeclaredConstructors": true,
+    "queryAllPublicConstructors": true,
+    "queryAllDeclaredMethods": true,
+    "allPublicMethods": true,
+    "allDeclaredClasses": true,
+    "allPublicClasses": true
+  },
+  {
+    "name": "com.google.cloud.confidentialcomputing.v1.SigningAlgorithm",
+    "queryAllDeclaredConstructors": true,
+    "queryAllPublicConstructors": true,
+    "queryAllDeclaredMethods": true,
+    "allPublicMethods": true,
+    "allDeclaredClasses": true,
+    "allPublicClasses": true
+  },
+  {
+    "name": "com.google.cloud.confidentialcomputing.v1.TokenOptions",
+    "queryAllDeclaredConstructors": true,
+    "queryAllPublicConstructors": true,
+    "queryAllDeclaredMethods": true,
+    "allPublicMethods": true,
+    "allDeclaredClasses": true,
+    "allPublicClasses": true
+  },
+  {
+    "name": "com.google.cloud.confidentialcomputing.v1.TokenOptions$Builder",
+    "queryAllDeclaredConstructors": true,
+    "queryAllPublicConstructors": true,
+    "queryAllDeclaredMethods": true,
+    "allPublicMethods": true,
+    "allDeclaredClasses": true,
+    "allPublicClasses": true
+  },
   {
     "name": "com.google.cloud.confidentialcomputing.v1.TpmAttestation",
     "queryAllDeclaredConstructors": true,

diff --git a/...va/com/google/cloud/confidentialcomputing/v1/ConfidentialComputingClientHttpJsonTest.java b/...va/com/google/cloud/confidentialcomputing/v1/ConfidentialComputingClientHttpJsonTest.java
@@ -195,6 +195,8 @@ public void verifyAttestationTest() throws Exception {
             .setChallenge(ChallengeName.of("[PROJECT]", "[LOCATION]", "[UUID]").toString())
             .setGcpCredentials(GcpCredentials.newBuilder().build())
             .setTpmAttestation(TpmAttestation.newBuilder().build())
+            .setConfidentialSpaceInfo(ConfidentialSpaceInfo.newBuilder().build())
+            .setTokenOptions(TokenOptions.newBuilder().build())
             .build();
 
     VerifyAttestationResponse actualResponse = client.verifyAttestation(request);
@@ -228,6 +230,8 @@ public void verifyAttestationExceptionTest() throws Exception {
               .setChallenge(ChallengeName.of("[PROJECT]", "[LOCATION]", "[UUID]").toString())
               .setGcpCredentials(GcpCredentials.newBuilder().build())
               .setTpmAttestation(TpmAttestation.newBuilder().build())
+              .setConfidentialSpaceInfo(ConfidentialSpaceInfo.newBuilder().build())
+              .setTokenOptions(TokenOptions.newBuilder().build())
               .build();
       client.verifyAttestation(request);
       Assert.fail("No exception raised");

diff --git a/.../test/java/com/google/cloud/confidentialcomputing/v1/ConfidentialComputingClientTest.java b/.../test/java/com/google/cloud/confidentialcomputing/v1/ConfidentialComputingClientTest.java
@@ -191,6 +191,8 @@ public void verifyAttestationTest() throws Exception {
             .setChallenge(ChallengeName.of("[PROJECT]", "[LOCATION]", "[UUID]").toString())
             .setGcpCredentials(GcpCredentials.newBuilder().build())
             .setTpmAttestation(TpmAttestation.newBuilder().build())
+            .setConfidentialSpaceInfo(ConfidentialSpaceInfo.newBuilder().build())
+            .setTokenOptions(TokenOptions.newBuilder().build())
             .build();
 
     VerifyAttestationResponse actualResponse = client.verifyAttestation(request);
@@ -203,6 +205,9 @@ public void verifyAttestationTest() throws Exception {
     Assert.assertEquals(request.getChallenge(), actualRequest.getChallenge());
     Assert.assertEquals(request.getGcpCredentials(), actualRequest.getGcpCredentials());
     Assert.assertEquals(request.getTpmAttestation(), actualRequest.getTpmAttestation());
+    Assert.assertEquals(
+        request.getConfidentialSpaceInfo(), actualRequest.getConfidentialSpaceInfo());
+    Assert.assertEquals(request.getTokenOptions(), actualRequest.getTokenOptions());
     Assert.assertTrue(
         channelProvider.isHeaderSent(
             ApiClientHeaderProvider.getDefaultApiClientHeaderKey(),
@@ -220,6 +225,8 @@ public void verifyAttestationExceptionTest() throws Exception {
               .setChallenge(ChallengeName.of("[PROJECT]", "[LOCATION]", "[UUID]").toString())
               .setGcpCredentials(GcpCredentials.newBuilder().build())
               .setTpmAttestation(TpmAttestation.newBuilder().build())
+              .setConfidentialSpaceInfo(ConfidentialSpaceInfo.newBuilder().build())
+              .setTokenOptions(TokenOptions.newBuilder().build())
               .build();
       client.verifyAttestation(request);
       Assert.fail("No exception raised");