feat: [grafeas] Support for Secrets (#13869)

gcf-owl-bot[bot] · web-flow · commit f7fc9c4b7432 · 2025-05-04T08:12:29.000-04:00
- [ ] Regenerate this pull request now. BEGIN_COMMIT_OVERRIDE feat: Add support for Secrets feat: Add support for Layer Details END_COMMIT_OVERRIDE PiperOrigin-RevId: 754105940 Source-Link: googleapis/googleapis@079e530 Source-Link: googleapis/googleapis-gen@7b5fe85 Copy-Tag: eyJwIjoicGFja2FnZXMvZ3JhZmVhcy8uT3dsQm90LnlhbWwiLCJoIjoiN2I1ZmU4NWM4MmVlZDA0ZGYxMTFlNWE2MWU4MjVmMDQ0ODNjZTVhMiJ9 --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
diff --git a/packages/grafeas/grafeas/grafeas/__init__.py b/packages/grafeas/grafeas/grafeas/__init__.py
@@ -27,10 +27,12 @@
 )
 from grafeas.grafeas_v1.types.build import BuildNote, BuildOccurrence
 from grafeas.grafeas_v1.types.common import (
+    BaseImage,
     Digest,
     Envelope,
     EnvelopeSignature,
     FileLocation,
+    LayerDetails,
     License,
     NoteKind,
     RelatedUrl,
@@ -119,6 +121,13 @@
     SBOMReferenceNote,
     SBOMReferenceOccurrence,
 )
+from grafeas.grafeas_v1.types.secret import (
+    SecretKind,
+    SecretLocation,
+    SecretNote,
+    SecretOccurrence,
+    SecretStatus,
+)
 from grafeas.grafeas_v1.types.severity import Severity
 from grafeas.grafeas_v1.types.slsa_provenance import SlsaProvenance
 from grafeas.grafeas_v1.types.slsa_provenance_zero_two import SlsaProvenanceZeroTwo
@@ -142,10 +151,12 @@
     "Jwt",
     "BuildNote",
     "BuildOccurrence",
+    "BaseImage",
     "Digest",
     "Envelope",
     "EnvelopeSignature",
     "FileLocation",
+    "LayerDetails",
     "License",
     "RelatedUrl",
     "Signature",
@@ -219,6 +230,11 @@
     "SbomReferenceIntotoPredicate",
     "SBOMReferenceNote",
     "SBOMReferenceOccurrence",
+    "SecretLocation",
+    "SecretNote",
+    "SecretOccurrence",
+    "SecretStatus",
+    "SecretKind",
     "Severity",
     "SlsaProvenance",
     "SlsaProvenanceZeroTwo",
diff --git a/packages/grafeas/grafeas/grafeas_v1/__init__.py b/packages/grafeas/grafeas/grafeas_v1/__init__.py
@@ -22,10 +22,12 @@
 from .types.attestation import AttestationNote, AttestationOccurrence, Jwt
 from .types.build import BuildNote, BuildOccurrence
 from .types.common import (
+    BaseImage,
     Digest,
     Envelope,
     EnvelopeSignature,
     FileLocation,
+    LayerDetails,
     License,
     NoteKind,
     RelatedUrl,
@@ -102,6 +104,13 @@
     SBOMReferenceNote,
     SBOMReferenceOccurrence,
 )
+from .types.secret import (
+    SecretKind,
+    SecretLocation,
+    SecretNote,
+    SecretOccurrence,
+    SecretStatus,
+)
 from .types.severity import Severity
 from .types.slsa_provenance import SlsaProvenance
 from .types.slsa_provenance_zero_two import SlsaProvenanceZeroTwo
@@ -121,6 +130,7 @@
     "Artifact",
     "AttestationNote",
     "AttestationOccurrence",
+    "BaseImage",
     "BatchCreateNotesRequest",
     "BatchCreateNotesResponse",
     "BatchCreateOccurrencesRequest",
@@ -169,6 +179,7 @@
     "InTotoStatement",
     "Jwt",
     "Layer",
+    "LayerDetails",
     "License",
     "ListNoteOccurrencesRequest",
     "ListNoteOccurrencesResponse",
@@ -192,6 +203,11 @@
     "SBOMReferenceOccurrence",
     "SbomReferenceIntotoPayload",
     "SbomReferenceIntotoPredicate",
+    "SecretKind",
+    "SecretLocation",
+    "SecretNote",
+    "SecretOccurrence",
+    "SecretStatus",
     "Severity",
     "Signature",
     "SlsaProvenance",
diff --git a/packages/grafeas/grafeas/grafeas_v1/services/grafeas/async_client.py b/packages/grafeas/grafeas/grafeas_v1/services/grafeas/async_client.py
@@ -59,6 +59,7 @@
     image,
     package,
     sbom,
+    secret,
     upgrade,
     vex,
     vulnerability,
diff --git a/packages/grafeas/grafeas/grafeas_v1/services/grafeas/client.py b/packages/grafeas/grafeas/grafeas_v1/services/grafeas/client.py
@@ -76,6 +76,7 @@
     image,
     package,
     sbom,
+    secret,
     upgrade,
     vex,
     vulnerability,
diff --git a/packages/grafeas/grafeas/grafeas_v1/types/__init__.py b/packages/grafeas/grafeas/grafeas_v1/types/__init__.py
@@ -16,10 +16,12 @@
 from .attestation import AttestationNote, AttestationOccurrence, Jwt
 from .build import BuildNote, BuildOccurrence
 from .common import (
+    BaseImage,
     Digest,
     Envelope,
     EnvelopeSignature,
     FileLocation,
+    LayerDetails,
     License,
     NoteKind,
     RelatedUrl,
@@ -96,6 +98,13 @@
     SBOMReferenceNote,
     SBOMReferenceOccurrence,
 )
+from .secret import (
+    SecretKind,
+    SecretLocation,
+    SecretNote,
+    SecretOccurrence,
+    SecretStatus,
+)
 from .severity import Severity
 from .slsa_provenance import SlsaProvenance
 from .slsa_provenance_zero_two import SlsaProvenanceZeroTwo
@@ -109,10 +118,12 @@
     "Jwt",
     "BuildNote",
     "BuildOccurrence",
+    "BaseImage",
     "Digest",
     "Envelope",
     "EnvelopeSignature",
     "FileLocation",
+    "LayerDetails",
     "License",
     "RelatedUrl",
     "Signature",
@@ -186,6 +197,11 @@
     "SbomReferenceIntotoPredicate",
     "SBOMReferenceNote",
     "SBOMReferenceOccurrence",
+    "SecretLocation",
+    "SecretNote",
+    "SecretOccurrence",
+    "SecretStatus",
+    "SecretKind",
     "Severity",
     "SlsaProvenance",
     "SlsaProvenanceZeroTwo",
diff --git a/packages/grafeas/grafeas/grafeas_v1/types/common.py b/packages/grafeas/grafeas/grafeas_v1/types/common.py
@@ -28,6 +28,8 @@
         "Envelope",
         "EnvelopeSignature",
         "FileLocation",
+        "BaseImage",
+        "LayerDetails",
         "License",
         "Digest",
     },
@@ -70,6 +72,8 @@ class NoteKind(proto.Enum):
             This represents a Vulnerability Assessment.
         SBOM_REFERENCE (12):
             This represents an SBOM Reference.
+        SECRET (13):
+            This represents a secret.
     """
     NOTE_KIND_UNSPECIFIED = 0
     VULNERABILITY = 1
@@ -84,6 +88,7 @@ class NoteKind(proto.Enum):
     DSSE_ATTESTATION = 10
     VULNERABILITY_ASSESSMENT = 11
     SBOM_REFERENCE = 12
+    SECRET = 13
 
 
 class RelatedUrl(proto.Message):
@@ -236,12 +241,95 @@ class FileLocation(proto.Message):
             For jars that are contained inside .war
             files, this filepath can indicate the path to
             war file combined with the path to jar file.
+        layer_details (grafeas.grafeas_v1.types.LayerDetails):
+            Each package found in a file should have its
+            own layer metadata (that is, information from
+            the origin layer of the package).
     """
 
     file_path: str = proto.Field(
         proto.STRING,
         number=1,
     )
+    layer_details: "LayerDetails" = proto.Field(
+        proto.MESSAGE,
+        number=2,
+        message="LayerDetails",
+    )
+
+
+class BaseImage(proto.Message):
+    r"""BaseImage describes a base image of a container image.
+
+    Attributes:
+        name (str):
+            The name of the base image.
+        repository (str):
+            The repository name in which the base image
+            is from.
+        layer_count (int):
+            The number of layers that the base image is
+            composed of.
+    """
+
+    name: str = proto.Field(
+        proto.STRING,
+        number=1,
+    )
+    repository: str = proto.Field(
+        proto.STRING,
+        number=2,
+    )
+    layer_count: int = proto.Field(
+        proto.INT32,
+        number=3,
+    )
+
+
+class LayerDetails(proto.Message):
+    r"""Details about the layer a package was found in.
+
+    Attributes:
+        index (int):
+            The index of the layer in the container
+            image.
+        diff_id (str):
+            The diff ID (typically a sha256 hash) of the
+            layer in the container image.
+        chain_id (str):
+            The layer chain ID (sha256 hash) of the layer
+            in the container image.
+            https://github.com/opencontainers/image-spec/blob/main/config.md#layer-chainid
+        command (str):
+            The layer build command that was used to
+            build the layer. This may not be found in all
+            layers depending on how the container image is
+            built.
+        base_images (MutableSequence[grafeas.grafeas_v1.types.BaseImage]):
+            The base images the layer is found within.
+    """
+
+    index: int = proto.Field(
+        proto.INT32,
+        number=1,
+    )
+    diff_id: str = proto.Field(
+        proto.STRING,
+        number=2,
+    )
+    chain_id: str = proto.Field(
+        proto.STRING,
+        number=5,
+    )
+    command: str = proto.Field(
+        proto.STRING,
+        number=3,
+    )
+    base_images: MutableSequence["BaseImage"] = proto.RepeatedField(
+        proto.MESSAGE,
+        number=4,
+        message="BaseImage",
+    )
 
 
 class License(proto.Message):
diff --git a/packages/grafeas/grafeas/grafeas_v1/types/grafeas.py b/packages/grafeas/grafeas/grafeas_v1/types/grafeas.py
@@ -31,6 +31,7 @@
 from grafeas.grafeas_v1.types import image as g_image
 from grafeas.grafeas_v1.types import package as g_package
 from grafeas.grafeas_v1.types import sbom
+from grafeas.grafeas_v1.types import secret as g_secret
 from grafeas.grafeas_v1.types import upgrade as g_upgrade
 from grafeas.grafeas_v1.types import vex
 from grafeas.grafeas_v1.types import vulnerability as g_vulnerability
@@ -151,6 +152,10 @@ class Occurrence(proto.Message):
             Describes a specific SBOM reference
             occurrences.
 
+            This field is a member of `oneof`_ ``details``.
+        secret (grafeas.grafeas_v1.types.SecretOccurrence):
+            Describes a secret.
+
             This field is a member of `oneof`_ ``details``.
         envelope (grafeas.grafeas_v1.types.Envelope):
             https://github.com/secure-systems-lab/dsse
@@ -253,6 +258,12 @@ class Occurrence(proto.Message):
         oneof="details",
         message=sbom.SBOMReferenceOccurrence,
     )
+    secret: g_secret.SecretOccurrence = proto.Field(
+        proto.MESSAGE,
+        number=20,
+        oneof="details",
+        message=g_secret.SecretOccurrence,
+    )
     envelope: common.Envelope = proto.Field(
         proto.MESSAGE,
         number=18,
@@ -347,6 +358,10 @@ class Note(proto.Message):
         sbom_reference (grafeas.grafeas_v1.types.SBOMReferenceNote):
             A note describing an SBOM reference.
 
+            This field is a member of `oneof`_ ``type``.
+        secret (grafeas.grafeas_v1.types.SecretNote):
+            A note describing a secret.
+
             This field is a member of `oneof`_ ``type``.
     """
 
@@ -463,6 +478,12 @@ class Note(proto.Message):
         oneof="type",
         message=sbom.SBOMReferenceNote,
     )
+    secret: g_secret.SecretNote = proto.Field(
+        proto.MESSAGE,
+        number=22,
+        oneof="type",
+        message=g_secret.SecretNote,
+    )
 
 
 class GetOccurrenceRequest(proto.Message):
diff --git a/packages/grafeas/grafeas/grafeas_v1/types/secret.py b/packages/grafeas/grafeas/grafeas_v1/types/secret.py
diff --git a/packages/grafeas/tests/unit/gapic/grafeas_v1/test_grafeas.py b/packages/grafeas/tests/unit/gapic/grafeas_v1/test_grafeas.py
