Package Classes (0.5.0)

Service describing handlers for resources

Service describing handlers for resources

Token options that only apply to the AWS Principal Tags token type.

Allowed principal tags is used to define what principal tags will be placed in the token.

Allowed Container Image Signatures. Key IDs are required to allow this claim to fit within the narrow AWS IAM restrictions.

A Challenge from the server used to guarantee freshness of attestations

ConfidentialSpaceInfo contains information related to the Confidential Space TEE.

ContainerImageSignature holds necessary metadata to verify a container image signature.

Message for creating a Challenge

GceShieldedIdentity contains information about a Compute Engine instance.

Credentials issued by GCP which are linked to the platform attestation. These will be verified server-side as part of attestaion verification.

An SEV-SNP Attestation Report. Contains the attestation report and the certificate bundle that the client collects.

SignatureType enumerates supported signature types for attestation tokens.

SignedEntity represents an OCI image object containing everything necessary to verify container image signatures.

SigningAlgorithm enumerates all the supported signing algorithms.

A TDX Attestation quote.

Options to modify claims in the token to generate custom-purpose tokens.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

TokenProfile enumerates the supported token claims profiles.

Token type enum contains the different types of token responses Confidential Space supports

TPM2 data containing everything necessary to validate any platform state measured into the TPM.

Information about Platform Control Registers (PCRs) including a signature over their values, which can be used for remote validation.

The abstract base class for a message.

A request for an attestation token, providing all the necessary information needed for this service to verify the platform state of the requestor.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

A response once an attestation has been successfully verified, containing a signed attestation token.

A request for an attestation token, providing all the necessary information needed for this service to verify Confidential GKE platform state of the requestor.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

VerifyConfidentialGkeResponse response is returened once a Confidential GKE attestation has been successfully verified, containing a signed OIDC token.

A request for an attestation token, providing all the necessary information needed for this service to verify the platform state of the requestor.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Token options for Confidential Space attestation.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

VerifyConfidentialSpaceResponse is returned once a Confidential Space attestation has been successfully verified, containing a signed token.