Class: Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Rest::Client

Inherits:

Object

• Object
• Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Rest::Client

Includes:

Paths

Defined in:

lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb

Overview

REST client for the ConfidentialComputing service.

Service describing handlers for resources

Defined Under Namespace

Classes: Configuration

Instance Attribute Summary

• #location_client ⇒ Google::Cloud::Location::Locations::Rest::Client readonly

  Get the associated client for mix-in of the Locations.

Class Method Summary

• .configure {|config| ... } ⇒ Client::Configuration

  Configure the ConfidentialComputing Client class.

Instance Method Summary

• #configure {|config| ... } ⇒ Client::Configuration

  Configure the ConfidentialComputing Client instance.

• #create_challenge(request, options = nil) {|result, operation| ... } ⇒ ::Google::Cloud::ConfidentialComputing::V1::Challenge

  Creates a new Challenge in a given project and location.

• #initialize {|config| ... } ⇒ Client constructor

  Create a new ConfidentialComputing REST client object.

• #universe_domain ⇒ String

  The effective universe domain.

• #verify_attestation(request, options = nil) {|result, operation| ... } ⇒ ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse

  Verifies the provided attestation info, returning a signed OIDC token.

Methods included from Paths

#challenge_path, #location_path

Constructor Details

#initialize {|config| ... } ⇒ Client

Create a new ConfidentialComputing REST client object.

Examples:

# Create a client using the default configuration
client = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Rest::Client.new

# Create a client using a custom configuration
client = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Rest::Client.new do |config|
  config.timeout = 10.0
end

Yields:

• (config) —

  Configure the ConfidentialComputing client.

Yield Parameters:

• config (Client::Configuration)

# File 'lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb', line 139

def initialize
  # Create the configuration object
  @config = Configuration.new Client.configure

  # Yield the configuration if needed
  yield @config if block_given?

  # Create credentials
  credentials = @config.credentials
  # Use self-signed JWT if the endpoint is unchanged from default,
  # but only if the default endpoint does not have a region prefix.
  enable_self_signed_jwt = @config.endpoint.nil? ||
                           (@config.endpoint == Configuration::DEFAULT_ENDPOINT &&
                           !@config.endpoint.split(".").first.include?("-"))
  credentials ||= Credentials.default scope: @config.scope,
                                      enable_self_signed_jwt: enable_self_signed_jwt
  if credentials.is_a?(::String) || credentials.is_a?(::Hash)
    credentials = Credentials.new credentials, scope: @config.scope
  end

  @quota_project_id = @config.quota_project
  @quota_project_id ||= credentials.quota_project_id if credentials.respond_to? :quota_project_id

  @confidential_computing_stub = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Rest::ServiceStub.new(
    endpoint: @config.endpoint,
    endpoint_template: DEFAULT_ENDPOINT_TEMPLATE,
    universe_domain: @config.universe_domain,
    credentials: credentials
  )

  @location_client = Google::Cloud::Location::Locations::Rest::Client.new do |config|
    config.credentials = credentials
    config.quota_project = @quota_project_id
    config.endpoint = @confidential_computing_stub.endpoint
    config.universe_domain = @confidential_computing_stub.universe_domain
    config.bindings_override = @config.bindings_override
  end
end

Instance Attribute Details

#location_client ⇒ Google::Cloud::Location::Locations::Rest::Client (readonly)

Get the associated client for mix-in of the Locations.

Returns:

• (Google::Cloud::Location::Locations::Rest::Client)

# File 'lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb', line 183

def location_client
  @location_client
end

Class Method Details

.configure {|config| ... } ⇒ Client::Configuration

Configure the ConfidentialComputing Client class.

See Configuration for a description of the configuration fields.

Examples:

# Modify the configuration for all ConfidentialComputing clients
::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Rest::Client.configure do |config|
  config.timeout = 10.0
end

Yields:

• (config) —

  Configure the Client client.

Yield Parameters:

• config (Client::Configuration)

Returns:

• (Client::Configuration)

# File 'lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb', line 65

def self.configure
  @configure ||= begin
    namespace = ["Google", "Cloud", "ConfidentialComputing", "V1"]
    parent_config = while namespace.any?
                      parent_name = namespace.join "::"
                      parent_const = const_get parent_name
                      break parent_const.configure if parent_const.respond_to? :configure
                      namespace.pop
                    end
    default_config = Client::Configuration.new parent_config

    default_config.timeout = 60.0

    default_config.rpcs.create_challenge.timeout = 60.0
    default_config.rpcs.create_challenge.retry_policy = {
      initial_delay: 1.0, max_delay: 60.0, multiplier: 1.3, retry_codes: [14]
    }

    default_config.rpcs.verify_attestation.timeout = 60.0
    default_config.rpcs.verify_attestation.retry_policy = {
      initial_delay: 1.0, max_delay: 60.0, multiplier: 1.3, retry_codes: [14]
    }

    default_config
  end
  yield @configure if block_given?
  @configure
end

Instance Method Details

#configure {|config| ... } ⇒ Client::Configuration

Configure the ConfidentialComputing Client instance.

The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on configure.

See Configuration for a description of the configuration fields.

Yields:

• (config) —

  Configure the Client client.

Yield Parameters:

• config (Client::Configuration)

Returns:

• (Client::Configuration)

# File 'lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb', line 109

def configure
  yield @config if block_given?
  @config
end

#create_challenge(request, options = nil) ⇒ ::Google::Cloud::ConfidentialComputing::V1::Challenge #create_challenge(parent: nil, challenge: nil) ⇒ ::Google::Cloud::ConfidentialComputing::V1::Challenge

Creates a new Challenge in a given project and location.

Examples:

Basic example

require "google/cloud/confidential_computing/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Rest::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::ConfidentialComputing::V1::CreateChallengeRequest.new

# Call the create_challenge method.
result = client.create_challenge request

# The returned object is of type Google::Cloud::ConfidentialComputing::V1::Challenge.
p result

Overloads:

• #create_challenge(request, options = nil) ⇒ ::Google::Cloud::ConfidentialComputing::V1::Challenge

  Pass arguments to create_challenge via a request object, either of type Google::Cloud::ConfidentialComputing::V1::CreateChallengeRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::ConfidentialComputing::V1::CreateChallengeRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries etc. Optional.

• #create_challenge(parent: nil, challenge: nil) ⇒ ::Google::Cloud::ConfidentialComputing::V1::Challenge

  Pass arguments to create_challenge via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • parent (::String) (defaults to: nil) —

    Required. The resource name of the location where the Challenge will be used, in the format projects/*/locations/*.

  • challenge (::Google::Cloud::ConfidentialComputing::V1::Challenge, ::Hash) (defaults to: nil) —

    Required. The Challenge to be created. Currently this field can be empty as all the Challenge fields are set by the server.

Yields:

• (result, operation) —

  Access the result along with the TransportOperation object

Yield Parameters:

• result (::Google::Cloud::ConfidentialComputing::V1::Challenge)
• operation (::Gapic::Rest::TransportOperation)

Returns:

• (::Google::Cloud::ConfidentialComputing::V1::Challenge)

Raises:

• (::Google::Cloud::Error) —

  if the REST call is aborted.

# File 'lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb', line 234

def create_challenge request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::ConfidentialComputing::V1::CreateChallengeRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  call_metadata = @config.rpcs.create_challenge.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::ConfidentialComputing::V1::VERSION,
    transports_version_send: [:rest]

  call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  options.apply_defaults timeout:      @config.rpcs.create_challenge.timeout,
                         metadata:     call_metadata,
                         retry_policy: @config.rpcs.create_challenge.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @confidential_computing_stub.create_challenge request, options do |result, operation|
    yield result, operation if block_given?
    return result
  end
rescue ::Gapic::Rest::Error => e
  raise ::Google::Cloud::Error.from_error(e)
end

#universe_domain ⇒ String

The effective universe domain

Returns:

• (String)

# File 'lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb', line 119

def universe_domain
  @confidential_computing_stub.universe_domain
end

#verify_attestation(request, options = nil) ⇒ ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse #verify_attestation(td_ccel: nil, sev_snp_attestation: nil, challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil) ⇒ ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse

Verifies the provided attestation info, returning a signed OIDC token.

Examples:

Basic example

require "google/cloud/confidential_computing/v1"

# Create a client object. The client can be reused for multiple calls.
client = Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Rest::Client.new

# Create a request. To set request fields, pass in keyword arguments.
request = Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest.new

# Call the verify_attestation method.
result = client.verify_attestation request

# The returned object is of type Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse.
p result

Overloads:

• #verify_attestation(request, options = nil) ⇒ ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse

  Pass arguments to verify_attestation via a request object, either of type VerifyAttestationRequest or an equivalent Hash.

  Parameters:

  • request (::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest, ::Hash) —

    A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.

  • options (::Gapic::CallOptions, ::Hash) (defaults to: nil) —

    Overrides the default settings for this call, e.g, timeout, retries etc. Optional.

• #verify_attestation(td_ccel: nil, sev_snp_attestation: nil, challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil) ⇒ ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse

  Pass arguments to verify_attestation via keyword arguments. Note that at least one keyword argument is required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash as a request object (see above).

  Parameters:

  • td_ccel (::Google::Cloud::ConfidentialComputing::V1::TdxCcelAttestation, ::Hash) (defaults to: nil) —

    Optional. A TDX with CCEL and RTMR Attestation Quote.

  • sev_snp_attestation (::Google::Cloud::ConfidentialComputing::V1::SevSnpAttestation, ::Hash) (defaults to: nil) —

    Optional. An SEV-SNP Attestation Report.

  • challenge (::String) (defaults to: nil) —

    Required. The name of the Challenge whose nonce was used to generate the attestation, in the format projects/*/locations/*/challenges/*. The provided Challenge will be consumed, and cannot be used again.

  • gcp_credentials (::Google::Cloud::ConfidentialComputing::V1::GcpCredentials, ::Hash) (defaults to: nil) —

    Optional. Credentials used to populate the "emails" claim in the claims_token.

  • tpm_attestation (::Google::Cloud::ConfidentialComputing::V1::TpmAttestation, ::Hash) (defaults to: nil) —

    Required. The TPM-specific data provided by the attesting platform, used to populate any of the claims regarding platform state.

  • confidential_space_info (::Google::Cloud::ConfidentialComputing::V1::ConfidentialSpaceInfo, ::Hash) (defaults to: nil) —

    Optional. Optional information related to the Confidential Space TEE.

  • token_options (::Google::Cloud::ConfidentialComputing::V1::TokenOptions, ::Hash) (defaults to: nil) —

    Optional. A collection of optional, workload-specified claims that modify the token output.

Yields:

• (result, operation) —

  Access the result along with the TransportOperation object

Yield Parameters:

• result (::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse)
• operation (::Gapic::Rest::TransportOperation)

Returns:

• (::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse)

Raises:

• (::Google::Cloud::Error) —

  if the REST call is aborted.

# File 'lib/google/cloud/confidential_computing/v1/confidential_computing/rest/client.rb', line 330

def verify_attestation request, options = nil
  raise ::ArgumentError, "request must be provided" if request.nil?

  request = ::Gapic::Protobuf.coerce request, to: ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest

  # Converts hash and nil to an options object
  options = ::Gapic::CallOptions.new(**options.to_h) if options.respond_to? :to_h

  # Customize the options with defaults
  call_metadata = @config.rpcs.verify_attestation.metadata.to_h

  # Set x-goog-api-client, x-goog-user-project and x-goog-api-version headers
  call_metadata[:"x-goog-api-client"] ||= ::Gapic::Headers.x_goog_api_client \
    lib_name: @config.lib_name, lib_version: @config.lib_version,
    gapic_version: ::Google::Cloud::ConfidentialComputing::V1::VERSION,
    transports_version_send: [:rest]

  call_metadata[:"x-goog-api-version"] = API_VERSION unless API_VERSION.empty?
  call_metadata[:"x-goog-user-project"] = @quota_project_id if @quota_project_id

  options.apply_defaults timeout:      @config.rpcs.verify_attestation.timeout,
                         metadata:     call_metadata,
                         retry_policy: @config.rpcs.verify_attestation.retry_policy

  options.apply_defaults timeout:      @config.timeout,
                         metadata:     @config.metadata,
                         retry_policy: @config.retry_policy

  @confidential_computing_stub.verify_attestation request, options do |result, operation|
    yield result, operation if block_given?
    return result
  end
rescue ::Gapic::Rest::Error => e
  raise ::Google::Cloud::Error.from_error(e)
end