Class: Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceRequest

Inherits:

Object

• Object
• Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceRequest

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/confidentialcomputing/v1/service.rb

Overview

A request for an attestation token, providing all the necessary information needed for this service to verify the platform state of the requestor.

Defined Under Namespace

Classes: ConfidentialSpaceOptions

Instance Attribute Summary

• #challenge ⇒ ::String

  Required.

• #gce_shielded_identity ⇒ ::Google::Cloud::ConfidentialComputing::V1::GceShieldedIdentity

  Optional.

• #gcp_credentials ⇒ ::Google::Cloud::ConfidentialComputing::V1::GcpCredentials

  Optional.

• #nvidia_attestation ⇒ ::Google::Cloud::ConfidentialComputing::V1::NvidiaAttestation

  Optional.

• #options ⇒ ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceRequest::ConfidentialSpaceOptions

  Optional.

• #signed_entities ⇒ ::Array<::Google::Cloud::ConfidentialComputing::V1::SignedEntity>

  Optional.

• #td_ccel ⇒ ::Google::Cloud::ConfidentialComputing::V1::TdxCcelAttestation

  Input only.

• #tpm_attestation ⇒ ::Google::Cloud::ConfidentialComputing::V1::TpmAttestation

  Input only.

Instance Attribute Details

#challenge ⇒ ::String

Returns Required. The name of the Challenge whose nonce was used to generate the attestation, in the format projects/*/locations/*/challenges/*. The provided Challenge will be consumed, and cannot be used again.

Returns:

• (::String) —

  Required. The name of the Challenge whose nonce was used to generate the attestation, in the format projects/*/locations/*/challenges/*. The provided Challenge will be consumed, and cannot be used again.

# File 'proto_docs/google/cloud/confidentialcomputing/v1/service.rb', line 480

class VerifyConfidentialSpaceRequest
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Token options for Confidential Space attestation.
  # @!attribute [rw] aws_principal_tags_options
  #   @return [::Google::Cloud::ConfidentialComputing::V1::AwsPrincipalTagsOptions]
  #     Optional. Options for the AWS token type.
  # @!attribute [rw] audience
  #   @return [::String]
  #     Optional. Optional string to issue the token with a custom audience
  #     claim. Required if custom nonces are specified.
  # @!attribute [rw] token_profile
  #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenProfile]
  #     Optional. Optional specification for token claims profile.
  # @!attribute [rw] nonce
  #   @return [::Array<::String>]
  #     Optional. Optional parameter to place one or more nonces in the eat_nonce
  #     claim in the output token. The minimum size for JSON-encoded EATs is 10
  #     bytes and the maximum size is 74 bytes.
  # @!attribute [rw] signature_type
  #   @return [::Google::Cloud::ConfidentialComputing::V1::SignatureType]
  #     Optional. Optional specification for how to sign the attestation token.
  #     Defaults to SIGNATURE_TYPE_OIDC if unspecified.
  class ConfidentialSpaceOptions
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#gce_shielded_identity ⇒ ::Google::Cloud::ConfidentialComputing::V1::GceShieldedIdentity

Returns Optional. Information about the associated Compute Engine instance. Required for td_ccel requests only - tpm_attestation requests will provide this information in the attestation.

Returns:

• (::Google::Cloud::ConfidentialComputing::V1::GceShieldedIdentity) —

  Optional. Information about the associated Compute Engine instance. Required for td_ccel requests only - tpm_attestation requests will provide this information in the attestation.

# File 'proto_docs/google/cloud/confidentialcomputing/v1/service.rb', line 480

class VerifyConfidentialSpaceRequest
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Token options for Confidential Space attestation.
  # @!attribute [rw] aws_principal_tags_options
  #   @return [::Google::Cloud::ConfidentialComputing::V1::AwsPrincipalTagsOptions]
  #     Optional. Options for the AWS token type.
  # @!attribute [rw] audience
  #   @return [::String]
  #     Optional. Optional string to issue the token with a custom audience
  #     claim. Required if custom nonces are specified.
  # @!attribute [rw] token_profile
  #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenProfile]
  #     Optional. Optional specification for token claims profile.
  # @!attribute [rw] nonce
  #   @return [::Array<::String>]
  #     Optional. Optional parameter to place one or more nonces in the eat_nonce
  #     claim in the output token. The minimum size for JSON-encoded EATs is 10
  #     bytes and the maximum size is 74 bytes.
  # @!attribute [rw] signature_type
  #   @return [::Google::Cloud::ConfidentialComputing::V1::SignatureType]
  #     Optional. Optional specification for how to sign the attestation token.
  #     Defaults to SIGNATURE_TYPE_OIDC if unspecified.
  class ConfidentialSpaceOptions
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#gcp_credentials ⇒ ::Google::Cloud::ConfidentialComputing::V1::GcpCredentials

Returns Optional. Credentials used to populate the "emails" claim in the claims_token. If not present, token will not contain the "emails" claim.

Returns:

• (::Google::Cloud::ConfidentialComputing::V1::GcpCredentials) —

  Optional. Credentials used to populate the "emails" claim in the claims_token. If not present, token will not contain the "emails" claim.

# File 'proto_docs/google/cloud/confidentialcomputing/v1/service.rb', line 480

class VerifyConfidentialSpaceRequest
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Token options for Confidential Space attestation.
  # @!attribute [rw] aws_principal_tags_options
  #   @return [::Google::Cloud::ConfidentialComputing::V1::AwsPrincipalTagsOptions]
  #     Optional. Options for the AWS token type.
  # @!attribute [rw] audience
  #   @return [::String]
  #     Optional. Optional string to issue the token with a custom audience
  #     claim. Required if custom nonces are specified.
  # @!attribute [rw] token_profile
  #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenProfile]
  #     Optional. Optional specification for token claims profile.
  # @!attribute [rw] nonce
  #   @return [::Array<::String>]
  #     Optional. Optional parameter to place one or more nonces in the eat_nonce
  #     claim in the output token. The minimum size for JSON-encoded EATs is 10
  #     bytes and the maximum size is 74 bytes.
  # @!attribute [rw] signature_type
  #   @return [::Google::Cloud::ConfidentialComputing::V1::SignatureType]
  #     Optional. Optional specification for how to sign the attestation token.
  #     Defaults to SIGNATURE_TYPE_OIDC if unspecified.
  class ConfidentialSpaceOptions
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#nvidia_attestation ⇒ ::Google::Cloud::ConfidentialComputing::V1::NvidiaAttestation

Returns Optional. An optional Nvidia attestation report, used to populate hardware rooted claims for Nvidia devices.

Returns:

• (::Google::Cloud::ConfidentialComputing::V1::NvidiaAttestation) —

  Optional. An optional Nvidia attestation report, used to populate hardware rooted claims for Nvidia devices.

# File 'proto_docs/google/cloud/confidentialcomputing/v1/service.rb', line 480

class VerifyConfidentialSpaceRequest
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Token options for Confidential Space attestation.
  # @!attribute [rw] aws_principal_tags_options
  #   @return [::Google::Cloud::ConfidentialComputing::V1::AwsPrincipalTagsOptions]
  #     Optional. Options for the AWS token type.
  # @!attribute [rw] audience
  #   @return [::String]
  #     Optional. Optional string to issue the token with a custom audience
  #     claim. Required if custom nonces are specified.
  # @!attribute [rw] token_profile
  #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenProfile]
  #     Optional. Optional specification for token claims profile.
  # @!attribute [rw] nonce
  #   @return [::Array<::String>]
  #     Optional. Optional parameter to place one or more nonces in the eat_nonce
  #     claim in the output token. The minimum size for JSON-encoded EATs is 10
  #     bytes and the maximum size is 74 bytes.
  # @!attribute [rw] signature_type
  #   @return [::Google::Cloud::ConfidentialComputing::V1::SignatureType]
  #     Optional. Optional specification for how to sign the attestation token.
  #     Defaults to SIGNATURE_TYPE_OIDC if unspecified.
  class ConfidentialSpaceOptions
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#options ⇒ ::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceRequest::ConfidentialSpaceOptions

Returns Optional. A collection of fields that modify the token output.

Returns:

• (::Google::Cloud::ConfidentialComputing::V1::VerifyConfidentialSpaceRequest::ConfidentialSpaceOptions) —

  Optional. A collection of fields that modify the token output.

# File 'proto_docs/google/cloud/confidentialcomputing/v1/service.rb', line 480

class VerifyConfidentialSpaceRequest
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Token options for Confidential Space attestation.
  # @!attribute [rw] aws_principal_tags_options
  #   @return [::Google::Cloud::ConfidentialComputing::V1::AwsPrincipalTagsOptions]
  #     Optional. Options for the AWS token type.
  # @!attribute [rw] audience
  #   @return [::String]
  #     Optional. Optional string to issue the token with a custom audience
  #     claim. Required if custom nonces are specified.
  # @!attribute [rw] token_profile
  #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenProfile]
  #     Optional. Optional specification for token claims profile.
  # @!attribute [rw] nonce
  #   @return [::Array<::String>]
  #     Optional. Optional parameter to place one or more nonces in the eat_nonce
  #     claim in the output token. The minimum size for JSON-encoded EATs is 10
  #     bytes and the maximum size is 74 bytes.
  # @!attribute [rw] signature_type
  #   @return [::Google::Cloud::ConfidentialComputing::V1::SignatureType]
  #     Optional. Optional specification for how to sign the attestation token.
  #     Defaults to SIGNATURE_TYPE_OIDC if unspecified.
  class ConfidentialSpaceOptions
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#signed_entities ⇒ ::Array<::Google::Cloud::ConfidentialComputing::V1::SignedEntity>

Returns Optional. A list of signed entities containing container image signatures that can be used for server-side signature verification.

Returns:

• (::Array<::Google::Cloud::ConfidentialComputing::V1::SignedEntity>) —

  Optional. A list of signed entities containing container image signatures that can be used for server-side signature verification.

# File 'proto_docs/google/cloud/confidentialcomputing/v1/service.rb', line 480

class VerifyConfidentialSpaceRequest
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Token options for Confidential Space attestation.
  # @!attribute [rw] aws_principal_tags_options
  #   @return [::Google::Cloud::ConfidentialComputing::V1::AwsPrincipalTagsOptions]
  #     Optional. Options for the AWS token type.
  # @!attribute [rw] audience
  #   @return [::String]
  #     Optional. Optional string to issue the token with a custom audience
  #     claim. Required if custom nonces are specified.
  # @!attribute [rw] token_profile
  #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenProfile]
  #     Optional. Optional specification for token claims profile.
  # @!attribute [rw] nonce
  #   @return [::Array<::String>]
  #     Optional. Optional parameter to place one or more nonces in the eat_nonce
  #     claim in the output token. The minimum size for JSON-encoded EATs is 10
  #     bytes and the maximum size is 74 bytes.
  # @!attribute [rw] signature_type
  #   @return [::Google::Cloud::ConfidentialComputing::V1::SignatureType]
  #     Optional. Optional specification for how to sign the attestation token.
  #     Defaults to SIGNATURE_TYPE_OIDC if unspecified.
  class ConfidentialSpaceOptions
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#td_ccel ⇒ ::Google::Cloud::ConfidentialComputing::V1::TdxCcelAttestation

Returns Input only. A TDX with CCEL and RTMR Attestation Quote.

Note: The following fields are mutually exclusive: td_ccel, tpm_attestation. If a field in that set is populated, all other fields in the set will automatically be cleared.

Returns:

• (::Google::Cloud::ConfidentialComputing::V1::TdxCcelAttestation) —

  Input only. A TDX with CCEL and RTMR Attestation Quote.

  Note: The following fields are mutually exclusive: td_ccel, tpm_attestation. If a field in that set is populated, all other fields in the set will automatically be cleared.

# File 'proto_docs/google/cloud/confidentialcomputing/v1/service.rb', line 480

class VerifyConfidentialSpaceRequest
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Token options for Confidential Space attestation.
  # @!attribute [rw] aws_principal_tags_options
  #   @return [::Google::Cloud::ConfidentialComputing::V1::AwsPrincipalTagsOptions]
  #     Optional. Options for the AWS token type.
  # @!attribute [rw] audience
  #   @return [::String]
  #     Optional. Optional string to issue the token with a custom audience
  #     claim. Required if custom nonces are specified.
  # @!attribute [rw] token_profile
  #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenProfile]
  #     Optional. Optional specification for token claims profile.
  # @!attribute [rw] nonce
  #   @return [::Array<::String>]
  #     Optional. Optional parameter to place one or more nonces in the eat_nonce
  #     claim in the output token. The minimum size for JSON-encoded EATs is 10
  #     bytes and the maximum size is 74 bytes.
  # @!attribute [rw] signature_type
  #   @return [::Google::Cloud::ConfidentialComputing::V1::SignatureType]
  #     Optional. Optional specification for how to sign the attestation token.
  #     Defaults to SIGNATURE_TYPE_OIDC if unspecified.
  class ConfidentialSpaceOptions
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#tpm_attestation ⇒ ::Google::Cloud::ConfidentialComputing::V1::TpmAttestation

Returns Input only. The TPM-specific data provided by the attesting platform, used to populate any of the claims regarding platform state.

Note: The following fields are mutually exclusive: tpm_attestation, td_ccel. If a field in that set is populated, all other fields in the set will automatically be cleared.

Returns:

• (::Google::Cloud::ConfidentialComputing::V1::TpmAttestation) —

  Input only. The TPM-specific data provided by the attesting platform, used to populate any of the claims regarding platform state.

  Note: The following fields are mutually exclusive: tpm_attestation, td_ccel. If a field in that set is populated, all other fields in the set will automatically be cleared.

# File 'proto_docs/google/cloud/confidentialcomputing/v1/service.rb', line 480

class VerifyConfidentialSpaceRequest
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # Token options for Confidential Space attestation.
  # @!attribute [rw] aws_principal_tags_options
  #   @return [::Google::Cloud::ConfidentialComputing::V1::AwsPrincipalTagsOptions]
  #     Optional. Options for the AWS token type.
  # @!attribute [rw] audience
  #   @return [::String]
  #     Optional. Optional string to issue the token with a custom audience
  #     claim. Required if custom nonces are specified.
  # @!attribute [rw] token_profile
  #   @return [::Google::Cloud::ConfidentialComputing::V1::TokenProfile]
  #     Optional. Optional specification for token claims profile.
  # @!attribute [rw] nonce
  #   @return [::Array<::String>]
  #     Optional. Optional parameter to place one or more nonces in the eat_nonce
  #     claim in the output token. The minimum size for JSON-encoded EATs is 10
  #     bytes and the maximum size is 74 bytes.
  # @!attribute [rw] signature_type
  #   @return [::Google::Cloud::ConfidentialComputing::V1::SignatureType]
  #     Optional. Optional specification for how to sign the attestation token.
  #     Defaults to SIGNATURE_TYPE_OIDC if unspecified.
  class ConfidentialSpaceOptions
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end