feat: Added support for signed container image and custom audience an…

…d nonce requests (#6491) New fields have been incorporated into the VerifyAttestationRequest proto message to accommodate two additional features: signed container image and custom audience and nonce. PiperOrigin-RevId: 551026956 Source-Link: googleapis/googleapis@a31b53e Source-Link: googleapis/googleapis-gen@640cd43 Copy-Tag: eyJwIjoiQ29uZmlkZW50aWFsQ29tcHV0aW5nLy5Pd2xCb3QueWFtbCIsImgiOiI2NDBjZDQzNGZjM2I0NjliYmMyMzZmYzRkNTI1MWI2OTZiMTgwMWI2In0= Co-authored-by: Yash Sahu <[email protected]>
googleapis · Jul 27, 2023 · 168fd7f · 168fd7f
1 parent 5fa1d05
commit 168fd7f
Show file tree

Hide file tree

Showing 8 changed files with 636 additions and 0 deletions.
diff --git a/ConfidentialComputing/metadata/V1/Service.php b/ConfidentialComputing/metadata/V1/Service.php
diff --git a/ConfidentialComputing/src/V1/ConfidentialSpaceInfo.php b/ConfidentialComputing/src/V1/ConfidentialSpaceInfo.php
diff --git a/ConfidentialComputing/src/V1/ContainerImageSignature.php b/ConfidentialComputing/src/V1/ContainerImageSignature.php
diff --git a/ConfidentialComputing/src/V1/Gapic/ConfidentialComputingGapicClient.php b/ConfidentialComputing/src/V1/Gapic/ConfidentialComputingGapicClient.php
@@ -35,8 +35,10 @@
 use Google\ApiCore\ValidationException;
 use Google\Auth\FetchAuthTokenInterface;
 use Google\Cloud\ConfidentialComputing\V1\Challenge;
+use Google\Cloud\ConfidentialComputing\V1\ConfidentialSpaceInfo;
 use Google\Cloud\ConfidentialComputing\V1\CreateChallengeRequest;
 use Google\Cloud\ConfidentialComputing\V1\GcpCredentials;
+use Google\Cloud\ConfidentialComputing\V1\TokenOptions;
 use Google\Cloud\ConfidentialComputing\V1\TpmAttestation;
 use Google\Cloud\ConfidentialComputing\V1\VerifyAttestationRequest;
 use Google\Cloud\ConfidentialComputing\V1\VerifyAttestationResponse;
@@ -384,6 +386,11 @@ public function createChallenge(
      *     @type GcpCredentials $gcpCredentials
      *           Optional. Credentials used to populate the "emails" claim in the
      *           claims_token.
+     *     @type ConfidentialSpaceInfo $confidentialSpaceInfo
+     *           Optional. Optional information related to the Confidential Space TEE.
+     *     @type TokenOptions $tokenOptions
+     *           Optional. A collection of optional, workload-specified claims that modify
+     *           the token output.
      *     @type RetrySettings|array $retrySettings
      *           Retry settings to use for this call. Can be a {@see RetrySettings} object, or an
      *           associative array of retry settings parameters. See the documentation on
@@ -408,6 +415,16 @@ public function verifyAttestation(
             $request->setGcpCredentials($optionalArgs['gcpCredentials']);
         }
 
+        if (isset($optionalArgs['confidentialSpaceInfo'])) {
+            $request->setConfidentialSpaceInfo(
+                $optionalArgs['confidentialSpaceInfo']
+            );
+        }
+
+        if (isset($optionalArgs['tokenOptions'])) {
+            $request->setTokenOptions($optionalArgs['tokenOptions']);
+        }
+
         $requestParams = new RequestParamsHeaderDescriptor(
             $requestParamHeaders
         );

diff --git a/ConfidentialComputing/src/V1/SignedEntity.php b/ConfidentialComputing/src/V1/SignedEntity.php