Reference documentation and code samples for the Confidential Computing V1 API class Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.
Client for the ConfidentialComputing service.
Service describing handlers for resources
Inherits
- Object
Methods
.configure
def self.configure() { |config| ... } -> Client::Configuration
Configure the ConfidentialComputing Client class.
See Configuration for a description of the configuration fields.
- (config) — Configure the Client client.
- config (Client::Configuration)
# Modify the configuration for all ConfidentialComputing clients ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.configure do |config| config.timeout = 10.0 end
#configure
def configure() { |config| ... } -> Client::Configuration
Configure the ConfidentialComputing Client instance.
The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on Client.configure.
See Configuration for a description of the configuration fields.
- (config) — Configure the Client client.
- config (Client::Configuration)
#create_challenge
def create_challenge(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::Challenge
def create_challenge(parent: nil, challenge: nil) -> ::Google::Cloud::ConfidentialComputing::V1::Challenge
Creates a new Challenge in a given project and location.
def create_challenge(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::Challenge
create_challenge
via a request object, either of type
Google::Cloud::ConfidentialComputing::V1::CreateChallengeRequest or an equivalent Hash.
- request (::Google::Cloud::ConfidentialComputing::V1::CreateChallengeRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def create_challenge(parent: nil, challenge: nil) -> ::Google::Cloud::ConfidentialComputing::V1::Challenge
create_challenge
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
-
parent (::String) — Required. The resource name of the location where the Challenge will be
used, in the format
projects/*/locations/*
. - challenge (::Google::Cloud::ConfidentialComputing::V1::Challenge, ::Hash) — Required. The Challenge to be created. Currently this field can be empty as all the Challenge fields are set by the server.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::ConfidentialComputing::V1::Challenge)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/confidential_computing/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::ConfidentialComputing::V1::CreateChallengeRequest.new # Call the create_challenge method. result = client.create_challenge request # The returned object is of type Google::Cloud::ConfidentialComputing::V1::Challenge. p result
#initialize
def initialize() { |config| ... } -> Client
Create a new ConfidentialComputing client object.
- (config) — Configure the ConfidentialComputing client.
- config (Client::Configuration)
- (Client) — a new instance of Client
# Create a client using the default configuration client = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new # Create a client using a custom configuration client = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new do |config| config.timeout = 10.0 end
#location_client
def location_client() -> Google::Cloud::Location::Locations::Client
Get the associated client for mix-in of the Locations.
- (Google::Cloud::Location::Locations::Client)
#logger
def logger() -> Logger
The logger used for request/response debug logging.
- (Logger)
#universe_domain
def universe_domain() -> String
The effective universe domain
- (String)
#verify_attestation
def verify_attestation(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse
def verify_attestation(td_ccel: nil, sev_snp_attestation: nil, challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil, attester: nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse
Verifies the provided attestation info, returning a signed attestation token.
def verify_attestation(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse
verify_attestation
via a request object, either of type
VerifyAttestationRequest or an equivalent Hash.
- request (::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def verify_attestation(td_ccel: nil, sev_snp_attestation: nil, challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil, attester: nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse
verify_attestation
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
-
td_ccel (::Google::Cloud::ConfidentialComputing::V1::TdxCcelAttestation, ::Hash) — Optional. A TDX with CCEL and RTMR Attestation Quote.
Note: The following parameters are mutually exclusive:
td_ccel
,sev_snp_attestation
. At most one of these parameters can be set. If more than one is set, only one will be used, and it is not defined which one. -
sev_snp_attestation (::Google::Cloud::ConfidentialComputing::V1::SevSnpAttestation, ::Hash) — Optional. An SEV-SNP Attestation Report.
Note: The following parameters are mutually exclusive:
sev_snp_attestation
,td_ccel
. At most one of these parameters can be set. If more than one is set, only one will be used, and it is not defined which one. -
challenge (::String) — Required. The name of the Challenge whose nonce was used to generate the
attestation, in the format
projects/*/locations/*/challenges/*
. The provided Challenge will be consumed, and cannot be used again. - gcp_credentials (::Google::Cloud::ConfidentialComputing::V1::GcpCredentials, ::Hash) — Optional. Credentials used to populate the "emails" claim in the claims_token.
- tpm_attestation (::Google::Cloud::ConfidentialComputing::V1::TpmAttestation, ::Hash) — Required. The TPM-specific data provided by the attesting platform, used to populate any of the claims regarding platform state.
- confidential_space_info (::Google::Cloud::ConfidentialComputing::V1::ConfidentialSpaceInfo, ::Hash) — Optional. Optional information related to the Confidential Space TEE.
- token_options (::Google::Cloud::ConfidentialComputing::V1::TokenOptions, ::Hash) — Optional. A collection of optional, workload-specified claims that modify the token output.
- attester (::String) — Optional. An optional indicator of the attester, only applies to certain products.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/confidential_computing/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest.new # Call the verify_attestation method. result = client.verify_attestation request # The returned object is of type Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse. p result
#verify_confidential_gke
def verify_confidential_gke(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeResponse
def verify_confidential_gke(tpm_attestation: nil, challenge: nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeResponse
Verifies the provided Confidential GKE attestation info, returning a signed OIDC token.
def verify_confidential_gke(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeResponse
verify_confidential_gke
via a request object, either of type
VerifyConfidentialGkeRequest or an equivalent Hash.
- request (::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def verify_confidential_gke(tpm_attestation: nil, challenge: nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeResponse
verify_confidential_gke
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
- tpm_attestation (::Google::Cloud::ConfidentialComputing::V1::TpmAttestation, ::Hash) — The TPM-specific data provided by the attesting platform, used to populate any of the claims regarding platform state.
- challenge (::String) — Required. The name of the Challenge whose nonce was used to generate the attestation, in the format projects//locations//challenges/*. The provided Challenge will be consumed, and cannot be used again.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeResponse)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/confidential_computing/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeRequest.new # Call the verify_confidential_gke method. result = client.verify_confidential_gke request # The returned object is of type Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeResponse. p result
#verify_confidential_space
def verify_confidential_space(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceResponse
def verify_confidential_space(td_ccel: nil, tpm_attestation: nil, challenge: nil, gcp_credentials: nil, signed_entities: nil, gce_shielded_identity: nil, options: nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceResponse
Verifies whether the provided attestation info is valid, returning a signed attestation token if so.
def verify_confidential_space(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceResponse
verify_confidential_space
via a request object, either of type
VerifyConfidentialSpaceRequest or an equivalent Hash.
- request (::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def verify_confidential_space(td_ccel: nil, tpm_attestation: nil, challenge: nil, gcp_credentials: nil, signed_entities: nil, gce_shielded_identity: nil, options: nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceResponse
verify_confidential_space
via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
-
td_ccel (::Google::Cloud::ConfidentialComputing::V1::TdxCcelAttestation, ::Hash) — Input only. A TDX with CCEL and RTMR Attestation Quote.
Note: The following parameters are mutually exclusive:
td_ccel
,tpm_attestation
. At most one of these parameters can be set. If more than one is set, only one will be used, and it is not defined which one. -
tpm_attestation (::Google::Cloud::ConfidentialComputing::V1::TpmAttestation, ::Hash) — Input only. The TPM-specific data provided by the attesting platform,
used to populate any of the claims regarding platform state.
Note: The following parameters are mutually exclusive:
tpm_attestation
,td_ccel
. At most one of these parameters can be set. If more than one is set, only one will be used, and it is not defined which one. -
challenge (::String) — Required. The name of the Challenge whose nonce was used to generate the
attestation, in the format
projects/*/locations/*/challenges/*
. The provided Challenge will be consumed, and cannot be used again. - gcp_credentials (::Google::Cloud::ConfidentialComputing::V1::GcpCredentials, ::Hash) — Optional. Credentials used to populate the "emails" claim in the claims_token. If not present, token will not contain the "emails" claim.
- signed_entities (::Array<::Google::Cloud::ConfidentialComputing::V1::SignedEntity, ::Hash>) — Optional. A list of signed entities containing container image signatures that can be used for server-side signature verification.
- gce_shielded_identity (::Google::Cloud::ConfidentialComputing::V1::GceShieldedIdentity, ::Hash) — Optional. Information about the associated Compute Engine instance. Required for td_ccel requests only - tpm_attestation requests will provide this information in the attestation.
- options (::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceRequest::ConfidentialSpaceOptions, ::Hash) — Optional. A collection of fields that modify the token output.
- (response, operation) — Access the result along with the RPC operation
- response (::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceResponse)
- operation (::GRPC::ActiveCall::Operation)
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/confidential_computing/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceRequest.new # Call the verify_confidential_space method. result = client.verify_confidential_space request # The returned object is of type Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceResponse. p result