Reference documentation and code samples for the Confidential Computing V1 API class Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.
Client for the ConfidentialComputing service.
Service describing handlers for resources
Inherits
- Object
Methods
.configure
def self.configure() { |config| ... } -> Client::ConfigurationConfigure the ConfidentialComputing Client class.
See Configuration for a description of the configuration fields.
Yields
- (config) — Configure the Client client.
Yield Parameter
- config (Client::Configuration)
Returns
Example
# Modify the configuration for all ConfidentialComputing clients ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.configure do |config| config.timeout = 10.0 end
#configure
def configure() { |config| ... } -> Client::ConfigurationConfigure the ConfidentialComputing Client instance.
The configuration is set to the derived mode, meaning that values can be changed, but structural changes (adding new fields, etc.) are not allowed. Structural changes should be made on Client.configure.
See Configuration for a description of the configuration fields.
Yields
- (config) — Configure the Client client.
Yield Parameter
- config (Client::Configuration)
Returns
#create_challenge
def create_challenge(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::Challenge
def create_challenge(parent: nil, challenge: nil) -> ::Google::Cloud::ConfidentialComputing::V1::ChallengeCreates a new Challenge in a given project and location.
Overloads
def create_challenge(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::Challenge
Pass arguments to
create_challenge via a request object, either of type
Google::Cloud::ConfidentialComputing::V1::CreateChallengeRequest or an equivalent Hash.
Parameters
- request (::Google::Cloud::ConfidentialComputing::V1::CreateChallengeRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def create_challenge(parent: nil, challenge: nil) -> ::Google::Cloud::ConfidentialComputing::V1::Challenge
Pass arguments to
create_challenge via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
Parameters
-
parent (::String) — Required. The resource name of the location where the Challenge will be
used, in the format
projects/*/locations/*. - challenge (::Google::Cloud::ConfidentialComputing::V1::Challenge, ::Hash) — Required. The Challenge to be created. Currently this field can be empty as all the Challenge fields are set by the server.
Yields
- (response, operation) — Access the result along with the RPC operation
Yield Parameters
- response (::Google::Cloud::ConfidentialComputing::V1::Challenge)
- operation (::GRPC::ActiveCall::Operation)
Raises
Example
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/confidential_computing/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::ConfidentialComputing::V1::CreateChallengeRequest.new # Call the create_challenge method. result = client.create_challenge request # The returned object is of type Google::Cloud::ConfidentialComputing::V1::Challenge. p result
#initialize
def initialize() { |config| ... } -> ClientCreate a new ConfidentialComputing client object.
Yields
- (config) — Configure the ConfidentialComputing client.
Yield Parameter
- config (Client::Configuration)
Returns
Example
- (Client) — a new instance of Client
# Create a client using the default configuration client = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new # Create a client using a custom configuration client = ::Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new do |config| config.timeout = 10.0 end
#location_client
def location_client() -> Google::Cloud::Location::Locations::ClientGet the associated client for mix-in of the Locations.
Returns
- (Google::Cloud::Location::Locations::Client)
#logger
def logger() -> LoggerThe logger used for request/response debug logging.
Returns
- (Logger)
#universe_domain
def universe_domain() -> StringThe effective universe domain
Returns
- (String)
#verify_attestation
def verify_attestation(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse
def verify_attestation(td_ccel: nil, sev_snp_attestation: nil, challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil, attester: nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponseVerifies the provided attestation info, returning a signed attestation token.
Overloads
def verify_attestation(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse
Pass arguments to
verify_attestation via a request object, either of type
VerifyAttestationRequest or an equivalent Hash.
Parameters
- request (::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def verify_attestation(td_ccel: nil, sev_snp_attestation: nil, challenge: nil, gcp_credentials: nil, tpm_attestation: nil, confidential_space_info: nil, token_options: nil, attester: nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse
Pass arguments to
verify_attestation via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
Parameters
-
td_ccel (::Google::Cloud::ConfidentialComputing::V1::TdxCcelAttestation, ::Hash) — Optional. A TDX with CCEL and RTMR Attestation Quote.
Note: The following parameters are mutually exclusive:
td_ccel,sev_snp_attestation. At most one of these parameters can be set. If more than one is set, only one will be used, and it is not defined which one. -
sev_snp_attestation (::Google::Cloud::ConfidentialComputing::V1::SevSnpAttestation, ::Hash) — Optional. An SEV-SNP Attestation Report.
Note: The following parameters are mutually exclusive:
sev_snp_attestation,td_ccel. At most one of these parameters can be set. If more than one is set, only one will be used, and it is not defined which one. -
challenge (::String) — Required. The name of the Challenge whose nonce was used to generate the
attestation, in the format
projects/*/locations/*/challenges/*. The provided Challenge will be consumed, and cannot be used again. - gcp_credentials (::Google::Cloud::ConfidentialComputing::V1::GcpCredentials, ::Hash) — Optional. Credentials used to populate the "emails" claim in the claims_token.
- tpm_attestation (::Google::Cloud::ConfidentialComputing::V1::TpmAttestation, ::Hash) — Required. The TPM-specific data provided by the attesting platform, used to populate any of the claims regarding platform state.
- confidential_space_info (::Google::Cloud::ConfidentialComputing::V1::ConfidentialSpaceInfo, ::Hash) — Optional. Optional information related to the Confidential Space TEE.
- token_options (::Google::Cloud::ConfidentialComputing::V1::TokenOptions, ::Hash) — Optional. A collection of optional, workload-specified claims that modify the token output.
- attester (::String) — Optional. An optional indicator of the attester, only applies to certain products.
Yields
- (response, operation) — Access the result along with the RPC operation
Yield Parameters
- response (::Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse)
- operation (::GRPC::ActiveCall::Operation)
Raises
Example
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/confidential_computing/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::ConfidentialComputing::V1::VerifyAttestationRequest.new # Call the verify_attestation method. result = client.verify_attestation request # The returned object is of type Google::Cloud::ConfidentialComputing::V1::VerifyAttestationResponse. p result
#verify_confidential_gke
def verify_confidential_gke(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeResponse
def verify_confidential_gke(tpm_attestation: nil, challenge: nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeResponseVerifies the provided Confidential GKE attestation info, returning a signed OIDC token.
Overloads
def verify_confidential_gke(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeResponse
Pass arguments to
verify_confidential_gke via a request object, either of type
VerifyConfidentialGkeRequest or an equivalent Hash.
Parameters
- request (::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def verify_confidential_gke(tpm_attestation: nil, challenge: nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeResponse
Pass arguments to
verify_confidential_gke via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
Parameters
- tpm_attestation (::Google::Cloud::ConfidentialComputing::V1::TpmAttestation, ::Hash) — The TPM-specific data provided by the attesting platform, used to populate any of the claims regarding platform state.
- challenge (::String) — Required. The name of the Challenge whose nonce was used to generate the attestation, in the format projects//locations//challenges/*. The provided Challenge will be consumed, and cannot be used again.
Yields
- (response, operation) — Access the result along with the RPC operation
Yield Parameters
- response (::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeResponse)
- operation (::GRPC::ActiveCall::Operation)
Raises
Example
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/confidential_computing/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeRequest.new # Call the verify_confidential_gke method. result = client.verify_confidential_gke request # The returned object is of type Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialGkeResponse. p result
#verify_confidential_space
def verify_confidential_space(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceResponse
def verify_confidential_space(td_ccel: nil, tpm_attestation: nil, challenge: nil, gcp_credentials: nil, signed_entities: nil, gce_shielded_identity: nil, options: nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceResponseVerifies whether the provided attestation info is valid, returning a signed attestation token if so.
Overloads
def verify_confidential_space(request, options = nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceResponse
Pass arguments to
verify_confidential_space via a request object, either of type
VerifyConfidentialSpaceRequest or an equivalent Hash.
Parameters
- request (::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceRequest, ::Hash) — A request object representing the call parameters. Required. To specify no parameters, or to keep all the default parameter values, pass an empty Hash.
- options (::Gapic::CallOptions, ::Hash) — Overrides the default settings for this call, e.g, timeout, retries, etc. Optional.
def verify_confidential_space(td_ccel: nil, tpm_attestation: nil, challenge: nil, gcp_credentials: nil, signed_entities: nil, gce_shielded_identity: nil, options: nil) -> ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceResponse
Pass arguments to
verify_confidential_space via keyword arguments. Note that at
least one keyword argument is required. To specify no parameters, or to keep all
the default parameter values, pass an empty Hash as a request object (see above).
Parameters
-
td_ccel (::Google::Cloud::ConfidentialComputing::V1::TdxCcelAttestation, ::Hash) — Input only. A TDX with CCEL and RTMR Attestation Quote.
Note: The following parameters are mutually exclusive:
td_ccel,tpm_attestation. At most one of these parameters can be set. If more than one is set, only one will be used, and it is not defined which one. -
tpm_attestation (::Google::Cloud::ConfidentialComputing::V1::TpmAttestation, ::Hash) — Input only. The TPM-specific data provided by the attesting platform,
used to populate any of the claims regarding platform state.
Note: The following parameters are mutually exclusive:
tpm_attestation,td_ccel. At most one of these parameters can be set. If more than one is set, only one will be used, and it is not defined which one. -
challenge (::String) — Required. The name of the Challenge whose nonce was used to generate the
attestation, in the format
projects/*/locations/*/challenges/*. The provided Challenge will be consumed, and cannot be used again. - gcp_credentials (::Google::Cloud::ConfidentialComputing::V1::GcpCredentials, ::Hash) — Optional. Credentials used to populate the "emails" claim in the claims_token. If not present, token will not contain the "emails" claim.
- signed_entities (::Array<::Google::Cloud::ConfidentialComputing::V1::SignedEntity, ::Hash>) — Optional. A list of signed entities containing container image signatures that can be used for server-side signature verification.
- gce_shielded_identity (::Google::Cloud::ConfidentialComputing::V1::GceShieldedIdentity, ::Hash) — Optional. Information about the associated Compute Engine instance. Required for td_ccel requests only - tpm_attestation requests will provide this information in the attestation.
- options (::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceRequest::ConfidentialSpaceOptions, ::Hash) — Optional. A collection of fields that modify the token output.
Yields
- (response, operation) — Access the result along with the RPC operation
Yield Parameters
- response (::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceResponse)
- operation (::GRPC::ActiveCall::Operation)
Raises
Example
- (::Google::Cloud::Error) — if the RPC is aborted.
Basic example
require "google/cloud/confidential_computing/v1" # Create a client object. The client can be reused for multiple calls. client = Google::Cloud::ConfidentialComputing::V1::ConfidentialComputing::Client.new # Create a request. To set request fields, pass in keyword arguments. request = Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceRequest.new # Call the verify_confidential_space method. result = client.verify_confidential_space request # The returned object is of type Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceResponse. p result