UNPKG

@google-cloud/confidentialcomputing

Version:

Confidential Computing API client for Node.js

github.com/googleapis/google-cloud-node/tree/main/packages/google-cloud-confidentialcomputing

googleapis/google-cloud-node

377 lines (376 loc) 23.1 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
import type * as gax from 'google-gax'; import type { Callback, CallOptions, Descriptors, ClientOptions, LocationsClient, LocationProtos } from 'google-gax'; import * as protos from '../../protos/protos'; /** * Service describing handlers for resources * @class * @memberof v1 */ export declare class ConfidentialComputingClient { private _terminated; private _opts; private _providedCustomServicePath; private _gaxModule; private _gaxGrpc; private _protos; private _defaults; private _universeDomain; private _servicePath; private _log; auth: gax.GoogleAuth; descriptors: Descriptors; warn: (code: string, message: string, warnType?: string) => void; innerApiCalls: { [name: string]: Function; }; locationsClient: LocationsClient; pathTemplates: { [name: string]: gax.PathTemplate; }; confidentialComputingStub?: Promise<{ [name: string]: Function; }>; /** * Construct an instance of ConfidentialComputingClient. * * @param {object} [options] - The configuration object. * The options accepted by the constructor are described in detail * in [this document](https://github.com/googleapis/gax-nodejs/blob/main/client-libraries.md#creating-the-client-instance). * The common options are: * @param {object} [options.credentials] - Credentials object. * @param {string} [options.credentials.client_email] * @param {string} [options.credentials.private_key] * @param {string} [options.email] - Account email address. Required when * using a .pem or .p12 keyFilename. * @param {string} [options.keyFilename] - Full path to the a .json, .pem, or * .p12 key downloaded from the Google Developers Console. If you provide * a path to a JSON file, the projectId option below is not necessary. * NOTE: .pem and .p12 require you to specify options.email as well. * @param {number} [options.port] - The port on which to connect to * the remote host. * @param {string} [options.projectId] - The project ID from the Google * Developer's Console, e.g. 'grape-spaceship-123'. We will also check * the environment variable GCLOUD_PROJECT for your project ID. If your * app is running in an environment which supports * {@link https://cloud.google.com/docs/authentication/application-default-credentials Application Default Credentials}, * your project ID will be detected automatically. * @param {string} [options.apiEndpoint] - The domain name of the * API remote host. * @param {gax.ClientConfig} [options.clientConfig] - Client configuration override. * Follows the structure of {@link gapicConfig}. * @param {boolean} [options.fallback] - Use HTTP/1.1 REST mode. * For more information, please check the * {@link https://github.com/googleapis/gax-nodejs/blob/main/client-libraries.md#http11-rest-api-mode documentation}. * @param {gax} [gaxInstance]: loaded instance of `google-gax`. Useful if you * need to avoid loading the default gRPC version and want to use the fallback * HTTP implementation. Load only fallback version and pass it to the constructor: * ``` * const gax = require('google-gax/build/src/fallback'); // avoids loading google-gax with gRPC * const client = new ConfidentialComputingClient({fallback: true}, gax); * ``` */ constructor(opts?: ClientOptions, gaxInstance?: typeof gax | typeof gax.fallback); /** * Initialize the client. * Performs asynchronous operations (such as authentication) and prepares the client. * This function will be called automatically when any class method is called for the * first time, but if you need to initialize it before calling an actual method, * feel free to call initialize() directly. * * You can await on this method if you want to make sure the client is initialized. * * @returns {Promise} A promise that resolves to an authenticated service stub. */ initialize(): Promise<{ [name: string]: Function; }>; /** * The DNS address for this API service. * @deprecated Use the apiEndpoint method of the client instance. * @returns {string} The DNS address for this service. */ static get servicePath(): string; /** * The DNS address for this API service - same as servicePath. * @deprecated Use the apiEndpoint method of the client instance. * @returns {string} The DNS address for this service. */ static get apiEndpoint(): string; /** * The DNS address for this API service. * @returns {string} The DNS address for this service. */ get apiEndpoint(): string; get universeDomain(): string; /** * The port for this API service. * @returns {number} The default port for this service. */ static get port(): number; /** * The scopes needed to make gRPC calls for every method defined * in this service. * @returns {string[]} List of default scopes. */ static get scopes(): string[]; getProjectId(): Promise<string>; getProjectId(callback: Callback<string, undefined, undefined>): void; /** * Creates a new Challenge in a given project and location. * * @param {Object} request * The request object that will be sent. * @param {string} request.parent * Required. The resource name of the location where the Challenge will be * used, in the format `projects/* /locations/*`. * @param {google.cloud.confidentialcomputing.v1.Challenge} request.challenge * Required. The Challenge to be created. Currently this field can be empty as * all the Challenge fields are set by the server. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.confidentialcomputing.v1.Challenge|Challenge}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/confidential_computing.create_challenge.js</caption> * region_tag:confidentialcomputing_v1_generated_ConfidentialComputing_CreateChallenge_async */ createChallenge(request?: protos.google.cloud.confidentialcomputing.v1.ICreateChallengeRequest, options?: CallOptions): Promise<[ protos.google.cloud.confidentialcomputing.v1.IChallenge, protos.google.cloud.confidentialcomputing.v1.ICreateChallengeRequest | undefined, {} | undefined ]>; createChallenge(request: protos.google.cloud.confidentialcomputing.v1.ICreateChallengeRequest, options: CallOptions, callback: Callback<protos.google.cloud.confidentialcomputing.v1.IChallenge, protos.google.cloud.confidentialcomputing.v1.ICreateChallengeRequest | null | undefined, {} | null | undefined>): void; createChallenge(request: protos.google.cloud.confidentialcomputing.v1.ICreateChallengeRequest, callback: Callback<protos.google.cloud.confidentialcomputing.v1.IChallenge, protos.google.cloud.confidentialcomputing.v1.ICreateChallengeRequest | null | undefined, {} | null | undefined>): void; /** * Verifies the provided attestation info, returning a signed attestation * token. * * @param {Object} request * The request object that will be sent. * @param {google.cloud.confidentialcomputing.v1.TdxCcelAttestation} [request.tdCcel] * Optional. A TDX with CCEL and RTMR Attestation Quote. * @param {google.cloud.confidentialcomputing.v1.SevSnpAttestation} [request.sevSnpAttestation] * Optional. An SEV-SNP Attestation Report. * @param {string} request.challenge * Required. The name of the Challenge whose nonce was used to generate the * attestation, in the format `projects/* /locations/* /challenges/*`. The * provided Challenge will be consumed, and cannot be used again. * @param {google.cloud.confidentialcomputing.v1.GcpCredentials} [request.gcpCredentials] * Optional. Credentials used to populate the "emails" claim in the * claims_token. * @param {google.cloud.confidentialcomputing.v1.TpmAttestation} request.tpmAttestation * Required. The TPM-specific data provided by the attesting platform, used to * populate any of the claims regarding platform state. * @param {google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfo} [request.confidentialSpaceInfo] * Optional. Optional information related to the Confidential Space TEE. * @param {google.cloud.confidentialcomputing.v1.TokenOptions} [request.tokenOptions] * Optional. A collection of optional, workload-specified claims that modify * the token output. * @param {string} [request.attester] * Optional. An optional indicator of the attester, only applies to certain * products. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.confidentialcomputing.v1.VerifyAttestationResponse|VerifyAttestationResponse}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/confidential_computing.verify_attestation.js</caption> * region_tag:confidentialcomputing_v1_generated_ConfidentialComputing_VerifyAttestation_async */ verifyAttestation(request?: protos.google.cloud.confidentialcomputing.v1.IVerifyAttestationRequest, options?: CallOptions): Promise<[ protos.google.cloud.confidentialcomputing.v1.IVerifyAttestationResponse, protos.google.cloud.confidentialcomputing.v1.IVerifyAttestationRequest | undefined, {} | undefined ]>; verifyAttestation(request: protos.google.cloud.confidentialcomputing.v1.IVerifyAttestationRequest, options: CallOptions, callback: Callback<protos.google.cloud.confidentialcomputing.v1.IVerifyAttestationResponse, protos.google.cloud.confidentialcomputing.v1.IVerifyAttestationRequest | null | undefined, {} | null | undefined>): void; verifyAttestation(request: protos.google.cloud.confidentialcomputing.v1.IVerifyAttestationRequest, callback: Callback<protos.google.cloud.confidentialcomputing.v1.IVerifyAttestationResponse, protos.google.cloud.confidentialcomputing.v1.IVerifyAttestationRequest | null | undefined, {} | null | undefined>): void; /** * Verifies whether the provided attestation info is valid, returning a signed * attestation token if so. * * @param {Object} request * The request object that will be sent. * @param {google.cloud.confidentialcomputing.v1.TdxCcelAttestation} request.tdCcel * Input only. A TDX with CCEL and RTMR Attestation Quote. * @param {google.cloud.confidentialcomputing.v1.TpmAttestation} request.tpmAttestation * Input only. The TPM-specific data provided by the attesting platform, * used to populate any of the claims regarding platform state. * @param {string} request.challenge * Required. The name of the Challenge whose nonce was used to generate the * attestation, in the format `projects/* /locations/* /challenges/*`. The * provided Challenge will be consumed, and cannot be used again. * @param {google.cloud.confidentialcomputing.v1.GcpCredentials} [request.gcpCredentials] * Optional. Credentials used to populate the "emails" claim in the * claims_token. If not present, token will not contain the "emails" claim. * @param {number[]} [request.signedEntities] * Optional. A list of signed entities containing container image signatures * that can be used for server-side signature verification. * @param {google.cloud.confidentialcomputing.v1.GceShieldedIdentity} [request.gceShieldedIdentity] * Optional. Information about the associated Compute Engine instance. * Required for td_ccel requests only - tpm_attestation requests will provide * this information in the attestation. * @param {google.cloud.confidentialcomputing.v1.VerifyConfidentialSpaceRequest.ConfidentialSpaceOptions} [request.options] * Optional. A collection of fields that modify the token output. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.confidentialcomputing.v1.VerifyConfidentialSpaceResponse|VerifyConfidentialSpaceResponse}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/confidential_computing.verify_confidential_space.js</caption> * region_tag:confidentialcomputing_v1_generated_ConfidentialComputing_VerifyConfidentialSpace_async */ verifyConfidentialSpace(request?: protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialSpaceRequest, options?: CallOptions): Promise<[ protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialSpaceResponse, protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialSpaceRequest | undefined, {} | undefined ]>; verifyConfidentialSpace(request: protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialSpaceRequest, options: CallOptions, callback: Callback<protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialSpaceResponse, protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialSpaceRequest | null | undefined, {} | null | undefined>): void; verifyConfidentialSpace(request: protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialSpaceRequest, callback: Callback<protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialSpaceResponse, protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialSpaceRequest | null | undefined, {} | null | undefined>): void; /** * Verifies the provided Confidential GKE attestation info, returning a signed * OIDC token. * * @param {Object} request * The request object that will be sent. * @param {google.cloud.confidentialcomputing.v1.TpmAttestation} request.tpmAttestation * The TPM-specific data provided by the attesting platform, used to * populate any of the claims regarding platform state. * @param {string} request.challenge * Required. The name of the Challenge whose nonce was used to generate the * attestation, in the format projects/* /locations/* /challenges/*. The * provided Challenge will be consumed, and cannot be used again. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link protos.google.cloud.confidentialcomputing.v1.VerifyConfidentialGkeResponse|VerifyConfidentialGkeResponse}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example <caption>include:samples/generated/v1/confidential_computing.verify_confidential_gke.js</caption> * region_tag:confidentialcomputing_v1_generated_ConfidentialComputing_VerifyConfidentialGke_async */ verifyConfidentialGke(request?: protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialGkeRequest, options?: CallOptions): Promise<[ protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialGkeResponse, protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialGkeRequest | undefined, {} | undefined ]>; verifyConfidentialGke(request: protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialGkeRequest, options: CallOptions, callback: Callback<protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialGkeResponse, protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialGkeRequest | null | undefined, {} | null | undefined>): void; verifyConfidentialGke(request: protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialGkeRequest, callback: Callback<protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialGkeResponse, protos.google.cloud.confidentialcomputing.v1.IVerifyConfidentialGkeRequest | null | undefined, {} | null | undefined>): void; /** * Gets information about a location. * * @param {Object} request * The request object that will be sent. * @param {string} request.name * Resource name for the location. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html | CallOptions} for more details. * @returns {Promise} - The promise which resolves to an array. * The first element of the array is an object representing {@link google.cloud.location.Location | Location}. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#regular-methods | documentation } * for more details and examples. * @example * ``` * const [response] = await client.getLocation(request); * ``` */ getLocation(request: LocationProtos.google.cloud.location.IGetLocationRequest, options?: gax.CallOptions | Callback<LocationProtos.google.cloud.location.ILocation, LocationProtos.google.cloud.location.IGetLocationRequest | null | undefined, {} | null | undefined>, callback?: Callback<LocationProtos.google.cloud.location.ILocation, LocationProtos.google.cloud.location.IGetLocationRequest | null | undefined, {} | null | undefined>): Promise<LocationProtos.google.cloud.location.ILocation>; /** * Lists information about the supported locations for this service. Returns an iterable object. * * `for`-`await`-`of` syntax is used with the iterable to get response elements on-demand. * @param {Object} request * The request object that will be sent. * @param {string} request.name * The resource that owns the locations collection, if applicable. * @param {string} request.filter * The standard list filter. * @param {number} request.pageSize * The standard list page size. * @param {string} request.pageToken * The standard list page token. * @param {object} [options] * Call options. See {@link https://googleapis.dev/nodejs/google-gax/latest/interfaces/CallOptions.html|CallOptions} for more details. * @returns {Object} * An iterable Object that allows {@link https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Iteration_protocols | async iteration }. * When you iterate the returned iterable, each element will be an object representing * {@link google.cloud.location.Location | Location}. The API will be called under the hood as needed, once per the page, * so you can stop the iteration when you don't need more results. * Please see the {@link https://github.com/googleapis/gax-nodejs/blob/master/client-libraries.md#auto-pagination | documentation } * for more details and examples. * @example * ``` * const iterable = client.listLocationsAsync(request); * for await (const response of iterable) { * // process response * } * ``` */ listLocationsAsync(request: LocationProtos.google.cloud.location.IListLocationsRequest, options?: CallOptions): AsyncIterable<LocationProtos.google.cloud.location.ILocation>; /** * Return a fully-qualified challenge resource name string. * * @param {string} project * @param {string} location * @param {string} uuid * @returns {string} Resource name string. */ challengePath(project: string, location: string, uuid: string): string; /** * Parse the project from Challenge resource. * * @param {string} challengeName * A fully-qualified path representing Challenge resource. * @returns {string} A string representing the project. */ matchProjectFromChallengeName(challengeName: string): string | number; /** * Parse the location from Challenge resource. * * @param {string} challengeName * A fully-qualified path representing Challenge resource. * @returns {string} A string representing the location. */ matchLocationFromChallengeName(challengeName: string): string | number; /** * Parse the uuid from Challenge resource. * * @param {string} challengeName * A fully-qualified path representing Challenge resource. * @returns {string} A string representing the uuid. */ matchUuidFromChallengeName(challengeName: string): string | number; /** * Return a fully-qualified location resource name string. * * @param {string} project * @param {string} location * @returns {string} Resource name string. */ locationPath(project: string, location: string): string; /** * Parse the project from Location resource. * * @param {string} locationName * A fully-qualified path representing Location resource. * @returns {string} A string representing the project. */ matchProjectFromLocationName(locationName: string): string | number; /** * Parse the location from Location resource. * * @param {string} locationName * A fully-qualified path representing Location resource. * @returns {string} A string representing the location. */ matchLocationFromLocationName(locationName: string): string | number; /** * Terminate the gRPC channel and close the client. * * The client will no longer be usable and all future behavior is undefined. * @returns {Promise} A promise that resolves when the client is closed. */ close(): Promise<void>; }