Package com.google.cloud.confidentialcomputing.v1 (0.13.0)

A client to Confidential Computing API

The interfaces provided are listed below, along with usage samples.

ConfidentialComputingClient

Service Description: Service describing handlers for resources

Sample for ConfidentialComputingClient:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 try (ConfidentialComputingClient confidentialComputingClient =
     ConfidentialComputingClient.create()) {
   LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
   Challenge challenge = Challenge.newBuilder().build();
   Challenge response = confidentialComputingClient.createChallenge(parent, challenge);
 }
 

Classes

Challenge

A Challenge from the server used to guarantee freshness of attestations

Protobuf type google.cloud.confidentialcomputing.v1.Challenge

Challenge.Builder

A Challenge from the server used to guarantee freshness of attestations

Protobuf type google.cloud.confidentialcomputing.v1.Challenge

ChallengeName

ChallengeName.Builder

Builder for projects/{project}/locations/{location}/challenges/{uuid}.

ConfidentialComputingClient

Service Description: Service describing handlers for resources

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 try (ConfidentialComputingClient confidentialComputingClient =
     ConfidentialComputingClient.create()) {
   LocationName parent = LocationName.of("[PROJECT]", "[LOCATION]");
   Challenge challenge = Challenge.newBuilder().build();
   Challenge response = confidentialComputingClient.createChallenge(parent, challenge);
 }
 

Note: close() needs to be called on the ConfidentialComputingClient object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().

The surface of this class includes several types of Java methods for each of the API's methods:

  1. A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
  2. A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
  3. A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.

See the individual methods for example code.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.

This class can be customized by passing in a custom instance of ConfidentialComputingSettings to create(). For example:

To customize credentials:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 ConfidentialComputingSettings confidentialComputingSettings =
     ConfidentialComputingSettings.newBuilder()
         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
         .build();
 ConfidentialComputingClient confidentialComputingClient =
     ConfidentialComputingClient.create(confidentialComputingSettings);
 

To customize the endpoint:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 ConfidentialComputingSettings confidentialComputingSettings =
     ConfidentialComputingSettings.newBuilder().setEndpoint(myEndpoint).build();
 ConfidentialComputingClient confidentialComputingClient =
     ConfidentialComputingClient.create(confidentialComputingSettings);
 

To use REST (HTTP1.1/JSON) transport (instead of gRPC) for sending and receiving requests over the wire:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 ConfidentialComputingSettings confidentialComputingSettings =
     ConfidentialComputingSettings.newHttpJsonBuilder().build();
 ConfidentialComputingClient confidentialComputingClient =
     ConfidentialComputingClient.create(confidentialComputingSettings);
 

Please refer to the GitHub repository's samples for more quickstart code snippets.

ConfidentialComputingClient.ListLocationsFixedSizeCollection

ConfidentialComputingClient.ListLocationsPage

ConfidentialComputingClient.ListLocationsPagedResponse

ConfidentialComputingGrpc

Service describing handlers for resources

ConfidentialComputingGrpc.ConfidentialComputingBlockingStub

A stub to allow clients to do synchronous rpc calls to service ConfidentialComputing.

Service describing handlers for resources

ConfidentialComputingGrpc.ConfidentialComputingFutureStub

A stub to allow clients to do ListenableFuture-style rpc calls to service ConfidentialComputing.

Service describing handlers for resources

ConfidentialComputingGrpc.ConfidentialComputingImplBase

Base class for the server implementation of the service ConfidentialComputing.

Service describing handlers for resources

ConfidentialComputingGrpc.ConfidentialComputingStub

A stub to allow clients to do asynchronous rpc calls to service ConfidentialComputing.

Service describing handlers for resources

ConfidentialComputingSettings

Settings class to configure an instance of ConfidentialComputingClient.

The default instance has everything set to sensible defaults:

  • The default service address (confidentialcomputing.googleapis.com) and default port (443) are used.
  • Credentials are acquired automatically through Application Default Credentials.
  • Retries are configured for idempotent methods but not for non-idempotent methods.

The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.

For example, to set the total timeout of createChallenge to 30 seconds:


 // This snippet has been automatically generated and should be regarded as a code template only.
 // It will require modifications to work:
 // - It may require correct/in-range values for request initialization.
 // - It may require specifying regional endpoints when creating the service client as shown in
 // https://cloud.google.com/java/docs/setup#configure_endpoints_for_the_client_library
 ConfidentialComputingSettings.Builder confidentialComputingSettingsBuilder =
     ConfidentialComputingSettings.newBuilder();
 confidentialComputingSettingsBuilder
     .createChallengeSettings()
     .setRetrySettings(
         confidentialComputingSettingsBuilder
             .createChallengeSettings()
             .getRetrySettings()
             .toBuilder()
             .setTotalTimeout(Duration.ofSeconds(30))
             .build());
 ConfidentialComputingSettings confidentialComputingSettings =
     confidentialComputingSettingsBuilder.build();
 

ConfidentialComputingSettings.Builder

Builder for ConfidentialComputingSettings.

ConfidentialSpaceInfo

ConfidentialSpaceInfo contains information related to the Confidential Space TEE.

Protobuf type google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfo

ConfidentialSpaceInfo.Builder

ConfidentialSpaceInfo contains information related to the Confidential Space TEE.

Protobuf type google.cloud.confidentialcomputing.v1.ConfidentialSpaceInfo

ContainerImageSignature

ContainerImageSignature holds necessary metadata to verify a container image signature.

Protobuf type google.cloud.confidentialcomputing.v1.ContainerImageSignature

ContainerImageSignature.Builder

ContainerImageSignature holds necessary metadata to verify a container image signature.

Protobuf type google.cloud.confidentialcomputing.v1.ContainerImageSignature

CreateChallengeRequest

Message for creating a Challenge

Protobuf type google.cloud.confidentialcomputing.v1.CreateChallengeRequest

CreateChallengeRequest.Builder

Message for creating a Challenge

Protobuf type google.cloud.confidentialcomputing.v1.CreateChallengeRequest

GcpCredentials

Credentials issued by GCP which are linked to the platform attestation. These will be verified server-side as part of attestaion verification.

Protobuf type google.cloud.confidentialcomputing.v1.GcpCredentials

GcpCredentials.Builder

Credentials issued by GCP which are linked to the platform attestation. These will be verified server-side as part of attestaion verification.

Protobuf type google.cloud.confidentialcomputing.v1.GcpCredentials

LocationName

LocationName.Builder

Builder for projects/{project}/locations/{location}.

ServiceProto

SignedEntity

SignedEntity represents an OCI image object containing everything necessary to verify container image signatures.

Protobuf type google.cloud.confidentialcomputing.v1.SignedEntity

SignedEntity.Builder

SignedEntity represents an OCI image object containing everything necessary to verify container image signatures.

Protobuf type google.cloud.confidentialcomputing.v1.SignedEntity

TokenOptions

Options to modify claims in the token to generate custom-purpose tokens.

Protobuf type google.cloud.confidentialcomputing.v1.TokenOptions

TokenOptions.Builder

Options to modify claims in the token to generate custom-purpose tokens.

Protobuf type google.cloud.confidentialcomputing.v1.TokenOptions

TpmAttestation

TPM2 data containing everything necessary to validate any platform state measured into the TPM.

Protobuf type google.cloud.confidentialcomputing.v1.TpmAttestation

TpmAttestation.Builder

TPM2 data containing everything necessary to validate any platform state measured into the TPM.

Protobuf type google.cloud.confidentialcomputing.v1.TpmAttestation

TpmAttestation.Quote

Information about Platform Control Registers (PCRs) including a signature over their values, which can be used for remote validation.

Protobuf type google.cloud.confidentialcomputing.v1.TpmAttestation.Quote

TpmAttestation.Quote.Builder

Information about Platform Control Registers (PCRs) including a signature over their values, which can be used for remote validation.

Protobuf type google.cloud.confidentialcomputing.v1.TpmAttestation.Quote

VerifyAttestationRequest

A request for an OIDC token, providing all the necessary information needed for this service to verify the plaform state of the requestor.

Protobuf type google.cloud.confidentialcomputing.v1.VerifyAttestationRequest

VerifyAttestationRequest.Builder

A request for an OIDC token, providing all the necessary information needed for this service to verify the plaform state of the requestor.

Protobuf type google.cloud.confidentialcomputing.v1.VerifyAttestationRequest

VerifyAttestationResponse

A response once an attestation has been successfully verified, containing a signed OIDC token.

Protobuf type google.cloud.confidentialcomputing.v1.VerifyAttestationResponse

VerifyAttestationResponse.Builder

A response once an attestation has been successfully verified, containing a signed OIDC token.

Protobuf type google.cloud.confidentialcomputing.v1.VerifyAttestationResponse

Interfaces

ChallengeOrBuilder

ConfidentialComputingGrpc.AsyncService

Service describing handlers for resources

ConfidentialSpaceInfoOrBuilder

ContainerImageSignatureOrBuilder

CreateChallengeRequestOrBuilder

GcpCredentialsOrBuilder

SignedEntityOrBuilder

TokenOptionsOrBuilder

TpmAttestation.QuoteOrBuilder

TpmAttestationOrBuilder

VerifyAttestationRequestOrBuilder

VerifyAttestationResponseOrBuilder

Enums

SigningAlgorithm

SigningAlgorithm enumerates all the supported signing algorithms.

Protobuf enum google.cloud.confidentialcomputing.v1.SigningAlgorithm