feat: Add Digest, FileLocation and License (#186)

* feat:Import of Grafeas from Github PiperOrigin-RevId: 453542250 Source-Link: googleapis/googleapis@ac9c393 Source-Link: googleapis/googleapis-gen@d1e2f1a Copy-Tag: eyJwIjoiLmdpdGh1Yi8uT3dsQm90LnlhbWwiLCJoIjoiZDFlMmYxYWIzZGU2YjVhMzYxODZkNjkxNjU0MTJhYTY4NmFlZmIyNiJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
googleapis · Jun 9, 2022 · 69b5e8b · 69b5e8b
1 parent 636a2b7
commit 69b5e8b
Show file tree

Hide file tree

Showing 11 changed files with 484 additions and 17 deletions.
diff --git a/grafeas/grafeas/__init__.py b/grafeas/grafeas/__init__.py
@@ -22,8 +22,11 @@
 from grafeas.grafeas_v1.types.attestation import Jwt
 from grafeas.grafeas_v1.types.build import BuildNote
 from grafeas.grafeas_v1.types.build import BuildOccurrence
+from grafeas.grafeas_v1.types.common import Digest
 from grafeas.grafeas_v1.types.common import Envelope
 from grafeas.grafeas_v1.types.common import EnvelopeSignature
+from grafeas.grafeas_v1.types.common import FileLocation
+from grafeas.grafeas_v1.types.common import License
 from grafeas.grafeas_v1.types.common import RelatedUrl
 from grafeas.grafeas_v1.types.common import Signature
 from grafeas.grafeas_v1.types.common import NoteKind
@@ -92,6 +95,7 @@
 from grafeas.grafeas_v1.types.provenance import SourceContext
 from grafeas.grafeas_v1.types.severity import Severity
 from grafeas.grafeas_v1.types.slsa_provenance import SlsaProvenance
+from grafeas.grafeas_v1.types.slsa_provenance_zero_two import SlsaProvenanceZeroTwo
 from grafeas.grafeas_v1.types.upgrade import UpgradeDistribution
 from grafeas.grafeas_v1.types.upgrade import UpgradeNote
 from grafeas.grafeas_v1.types.upgrade import UpgradeOccurrence
@@ -107,8 +111,11 @@
     "Jwt",
     "BuildNote",
     "BuildOccurrence",
+    "Digest",
     "Envelope",
     "EnvelopeSignature",
+    "FileLocation",
+    "License",
     "RelatedUrl",
     "Signature",
     "NoteKind",
@@ -177,6 +184,7 @@
     "SourceContext",
     "Severity",
     "SlsaProvenance",
+    "SlsaProvenanceZeroTwo",
     "UpgradeDistribution",
     "UpgradeNote",
     "UpgradeOccurrence",

diff --git a/grafeas/grafeas_v1/__init__.py b/grafeas/grafeas_v1/__init__.py
@@ -22,8 +22,11 @@
 from .types.attestation import Jwt
 from .types.build import BuildNote
 from .types.build import BuildOccurrence
+from .types.common import Digest
 from .types.common import Envelope
 from .types.common import EnvelopeSignature
+from .types.common import FileLocation
+from .types.common import License
 from .types.common import RelatedUrl
 from .types.common import Signature
 from .types.common import NoteKind
@@ -92,6 +95,7 @@
 from .types.provenance import SourceContext
 from .types.severity import Severity
 from .types.slsa_provenance import SlsaProvenance
+from .types.slsa_provenance_zero_two import SlsaProvenanceZeroTwo
 from .types.upgrade import UpgradeDistribution
 from .types.upgrade import UpgradeNote
 from .types.upgrade import UpgradeOccurrence
@@ -130,12 +134,14 @@
     "DeleteOccurrenceRequest",
     "DeploymentNote",
     "DeploymentOccurrence",
+    "Digest",
     "DiscoveryNote",
     "DiscoveryOccurrence",
     "Distribution",
     "Envelope",
     "EnvelopeSignature",
     "FileHashes",
+    "FileLocation",
     "Fingerprint",
     "GerritSourceContext",
     "GetNoteRequest",
@@ -150,6 +156,7 @@
     "InTotoStatement",
     "Jwt",
     "Layer",
+    "License",
     "ListNoteOccurrencesRequest",
     "ListNoteOccurrencesResponse",
     "ListNotesRequest",
@@ -171,6 +178,7 @@
     "Severity",
     "Signature",
     "SlsaProvenance",
+    "SlsaProvenanceZeroTwo",
     "Source",
     "SourceContext",
     "Subject",

diff --git a/grafeas/grafeas_v1/types/__init__.py b/grafeas/grafeas_v1/types/__init__.py
@@ -23,8 +23,11 @@
     BuildOccurrence,
 )
 from .common import (
+    Digest,
     Envelope,
     EnvelopeSignature,
+    FileLocation,
+    License,
     RelatedUrl,
     Signature,
     NoteKind,
@@ -117,6 +120,9 @@
 from .slsa_provenance import (
     SlsaProvenance,
 )
+from .slsa_provenance_zero_two import (
+    SlsaProvenanceZeroTwo,
+)
 from .upgrade import (
     UpgradeDistribution,
     UpgradeNote,
@@ -134,8 +140,11 @@
     "Jwt",
     "BuildNote",
     "BuildOccurrence",
+    "Digest",
     "Envelope",
     "EnvelopeSignature",
+    "FileLocation",
+    "License",
     "RelatedUrl",
     "Signature",
     "NoteKind",
@@ -204,6 +213,7 @@
     "SourceContext",
     "Severity",
     "SlsaProvenance",
+    "SlsaProvenanceZeroTwo",
     "UpgradeDistribution",
     "UpgradeNote",
     "UpgradeOccurrence",

diff --git a/grafeas/grafeas_v1/types/common.py b/grafeas/grafeas_v1/types/common.py
@@ -24,6 +24,9 @@
         "Signature",
         "Envelope",
         "EnvelopeSignature",
+        "FileLocation",
+        "License",
+        "Digest",
     },
 )
 
@@ -185,4 +188,67 @@ class EnvelopeSignature(proto.Message):
     )
 
 
+class FileLocation(proto.Message):
+    r"""Indicates the location at which a package was found.
+
+    Attributes:
+        file_path (str):
+            For jars that are contained inside .war
+            files, this filepath can indicate the path to
+            war file combined with the path to jar file.
+    """
+
+    file_path = proto.Field(
+        proto.STRING,
+        number=1,
+    )
+
+
+class License(proto.Message):
+    r"""License information.
+
+    Attributes:
+        expression (str):
+            Often a single license can be used to
+            represent the licensing terms. Sometimes it is
+            necessary to include a choice of one or more
+            licenses or some combination of license
+            identifiers.
+            Examples: "LGPL-2.1-only OR MIT", "LGPL-2.1-only
+            AND MIT", "GPL-2.0-or-later WITH
+            Bison-exception-2.2".
+        comments (str):
+            Comments
+    """
+
+    expression = proto.Field(
+        proto.STRING,
+        number=1,
+    )
+    comments = proto.Field(
+        proto.STRING,
+        number=2,
+    )
+
+
+class Digest(proto.Message):
+    r"""Digest information.
+
+    Attributes:
+        algo (str):
+            ``SHA1``, ``SHA512`` etc.
+        digest_bytes (bytes):
+            Value of the digest.
+    """
+
+    algo = proto.Field(
+        proto.STRING,
+        number=1,
+    )
+    digest_bytes = proto.Field(
+        proto.BYTES,
+        number=2,
+    )
+
+
 __all__ = tuple(sorted(__protobuf__.manifest))
diff --git a/grafeas/grafeas_v1/types/compliance.py b/grafeas/grafeas_v1/types/compliance.py
@@ -119,6 +119,9 @@ class ComplianceVersion(proto.Message):
             The CPE URI
             (https://cpe.mitre.org/specification/) this
             benchmark is applicable to.
+        benchmark_document (str):
+            The name of the document that defines this
+            benchmark, e.g. "CIS Container-Optimized OS".
         version (str):
             The version of the benchmark. This is set to
             the version of the OS-specific CIS document the
@@ -129,6 +132,10 @@ class ComplianceVersion(proto.Message):
         proto.STRING,
         number=1,
     )
+    benchmark_document = proto.Field(
+        proto.STRING,
+        number=3,
+    )
     version = proto.Field(
         proto.STRING,
         number=2,

diff --git a/grafeas/grafeas_v1/types/cvss.py b/grafeas/grafeas_v1/types/cvss.py
@@ -157,10 +157,9 @@ class CVSS(proto.Message):
     r"""Common Vulnerability Scoring System.
     For details, see
     https://www.first.org/cvss/specification-document This is a
-    message we will try to use for storing multiple versions of
-    CVSS. The intention is that as new versions of CVSS scores get
-    added, we will be able to modify this message rather than adding
-    new protos for each new version of the score.
+    message we will try to use for storing various versions of CVSS
+    rather than making a separate proto for storing a specific
+    version.
 
     Attributes:
         base_score (float):

diff --git a/grafeas/grafeas_v1/types/intoto_statement.py b/grafeas/grafeas_v1/types/intoto_statement.py
@@ -17,6 +17,9 @@
 
 from grafeas.grafeas_v1.types import intoto_provenance
 from grafeas.grafeas_v1.types import slsa_provenance as g_slsa_provenance
+from grafeas.grafeas_v1.types import (
+    slsa_provenance_zero_two as g_slsa_provenance_zero_two,
+)
 
 
 __protobuf__ = proto.module(
@@ -54,6 +57,9 @@ class InTotoStatement(proto.Message):
             This field is a member of `oneof`_ ``predicate``.
         slsa_provenance (grafeas.grafeas_v1.types.SlsaProvenance):
 
+            This field is a member of `oneof`_ ``predicate``.
+        slsa_provenance_zero_two (grafeas.grafeas_v1.types.SlsaProvenanceZeroTwo):
+
             This field is a member of `oneof`_ ``predicate``.
     """
 
@@ -82,6 +88,12 @@ class InTotoStatement(proto.Message):
         oneof="predicate",
         message=g_slsa_provenance.SlsaProvenance,
     )
+    slsa_provenance_zero_two = proto.Field(
+        proto.MESSAGE,
+        number=6,
+        oneof="predicate",
+        message=g_slsa_provenance_zero_two.SlsaProvenanceZeroTwo,
+    )
 
 
 class Subject(proto.Message):