feat: [google-cloud-confidentialcomputing] Add a token_type options p…

…roto to allow for customization of specific token types (#13299)

BEGIN_COMMIT_OVERRIDE
feat: Add a token_type options proto to allow for customization of
specific token types
feat: Added the first token type option to hold principal tag token
options
END_COMMIT_OVERRIDE

- [ ] Regenerate this pull request now.

PiperOrigin-RevId: 700050491

Source-Link:
googleapis/googleapis@5afbbeb

Source-Link:
googleapis/googleapis-gen@856d7ae
Copy-Tag:
eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNsb3VkLWNvbmZpZGVudGlhbGNvbXB1dGluZy8uT3dsQm90LnlhbWwiLCJoIjoiODU2ZDdhZWQzZmMyOTA0NTdkYTE1NzQ3M2U5MTk0NmU2ODJjZWQ3YSJ9

---------

Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>

packages/google-cloud-confidentialcomputing/google/cloud/confidentialcomputing/gapic_version.py

@@ -13,4 +13,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-__version__ = "0.4.13"  # {x-release-please-version}
+__version__ = "0.0.0"  # {x-release-please-version}

packages/google-cloud-confidentialcomputing/google/cloud/confidentialcomputing_v1/gapic_version.py

@@ -13,4 +13,4 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
 #
-__version__ = "0.4.13"  # {x-release-please-version}
+__version__ = "0.0.0"  # {x-release-please-version}

packages/google-cloud-confidentialcomputing/google/cloud/confidentialcomputing_v1/types/service.py

@@ -76,11 +76,14 @@ class TokenType(proto.Enum):
             Public Key Infrastructure (PKI) token type
         TOKEN_TYPE_LIMITED_AWS (3):
             Limited claim token type for AWS integration
+        TOKEN_TYPE_AWS_PRINCIPALTAGS (4):
+            Principal-tag-based token for AWS integration
     """
     TOKEN_TYPE_UNSPECIFIED = 0
     TOKEN_TYPE_OIDC = 1
     TOKEN_TYPE_PKI = 2
     TOKEN_TYPE_LIMITED_AWS = 3
+    TOKEN_TYPE_AWS_PRINCIPALTAGS = 4
 
 
 class Challenge(proto.Message):
@@ -347,7 +350,15 @@ class TokenOptions(proto.Message):
     r"""Options to modify claims in the token to generate
     custom-purpose tokens.
 
+
+    .. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields
+
     Attributes:
+        aws_principal_tags_options (google.cloud.confidentialcomputing_v1.types.TokenOptions.AwsPrincipalTagsOptions):
+            Optional. Options for the Limited AWS token
+            type.
+
+            This field is a member of `oneof`_ ``token_type_options``.
         audience (str):
             Optional. Optional string to issue the token
             with a custom audience claim. Required if one or
@@ -362,6 +373,62 @@ class TokenOptions(proto.Message):
             type of token to return.
     """
 
+    class AwsPrincipalTagsOptions(proto.Message):
+        r"""Token options that only apply to the AWS Principal Tags token
+        type.
+
+        Attributes:
+            allowed_principal_tags (google.cloud.confidentialcomputing_v1.types.TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTags):
+                Optional. Principal tags to allow in the
+                token.
+        """
+
+        class AllowedPrincipalTags(proto.Message):
+            r"""Allowed principal tags is used to define what principal tags
+            will be placed in the token.
+
+            Attributes:
+                container_image_signatures (google.cloud.confidentialcomputing_v1.types.TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTags.ContainerImageSignatures):
+                    Optional. Container image signatures allowed
+                    in the token.
+            """
+
+            class ContainerImageSignatures(proto.Message):
+                r"""Allowed Container Image Signatures. Key IDs are required to
+                allow this claim to fit within the narrow AWS IAM restrictions.
+
+                Attributes:
+                    key_ids (MutableSequence[str]):
+                        Optional. List of key ids to filter into the
+                        Principal tags. Only keys that have been
+                        validated and added to the token will be
+                        filtered into principal tags. Unrecognized key
+                        ids will be ignored.
+                """
+
+                key_ids: MutableSequence[str] = proto.RepeatedField(
+                    proto.STRING,
+                    number=1,
+                )
+
+            container_image_signatures: "TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTags.ContainerImageSignatures" = proto.Field(
+                proto.MESSAGE,
+                number=1,
+                message="TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTags.ContainerImageSignatures",
+            )
+
+        allowed_principal_tags: "TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTags" = proto.Field(
+            proto.MESSAGE,
+            number=1,
+            message="TokenOptions.AwsPrincipalTagsOptions.AllowedPrincipalTags",
+        )
+
+    aws_principal_tags_options: AwsPrincipalTagsOptions = proto.Field(
+        proto.MESSAGE,
+        number=4,
+        oneof="token_type_options",
+        message=AwsPrincipalTagsOptions,
+    )
     audience: str = proto.Field(
         proto.STRING,
         number=1,

packages/google-cloud-confidentialcomputing/samples/generated_samples/snippet_metadata_google.cloud.confidentialcomputing.v1.json

@@ -8,7 +8,7 @@
     ],
     "language": "PYTHON",
     "name": "google-cloud-confidentialcomputing",
-    "version": "0.4.13"
+    "version": "0.1.0"
   },
   "snippets": [
     {