// Copyright 2022 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
//     http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.

syntax = "proto3";

package google.cloud.binaryauthorization.v1beta1;

import "google/protobuf/timestamp.proto";

option cc_enable_arenas = true;
option csharp_namespace = "Google.Cloud.BinaryAuthorization.V1Beta1";
option go_package = "cloud.google.com/go/binaryauthorization/apiv1beta1/binaryauthorizationpb;binaryauthorizationpb";
option java_multiple_files = true;
option java_outer_classname = "ContinuousValidationLoggingProto";
option java_package = "com.google.cloud.binaryauthorization.v1beta1";
option php_namespace = "Google\\Cloud\\BinaryAuthorization\\V1beta1";
option ruby_package = "Google::Cloud::BinaryAuthorization::V1beta1";

// Represents an auditing event from Continuous Validation.
message ContinuousValidationEvent {
  // An auditing event for one Pod.
  message ContinuousValidationPodEvent {
    // Audit time policy conformance verdict.
    enum PolicyConformanceVerdict {
      // We should always have a verdict. This is an error.
      POLICY_CONFORMANCE_VERDICT_UNSPECIFIED = 0;

      // The pod violates the policy.
      VIOLATES_POLICY = 1;
    }

    // Container image with auditing details.
    message ImageDetails {
      // Result of the audit.
      enum AuditResult {
        // Unspecified result. This is an error.
        AUDIT_RESULT_UNSPECIFIED = 0;

        // Image is allowed.
        ALLOW = 1;

        // Image is denied.
        DENY = 2;
      }

      // The name of the image.
      string image = 1;

      // The result of the audit for this image.
      AuditResult result = 2;

      // Description of the above result.
      string description = 3;
    }

    // The k8s namespace of the Pod.
    string pod_namespace = 7;

    // The name of the Pod.
    string pod = 1;

    // Deploy time of the Pod from k8s.
    google.protobuf.Timestamp deploy_time = 2;

    // Termination time of the Pod from k8s, or nothing if still running.
    google.protobuf.Timestamp end_time = 3;

    // Auditing verdict for this Pod.
    PolicyConformanceVerdict verdict = 4;

    // List of images with auditing details.
    repeated ImageDetails images = 5;
  }

  // An event describing that the project policy is unsupported by CV.
  message UnsupportedPolicyEvent {
    // A description of the unsupported policy.
    string description = 1;
  }

  // Type of CV event.
  oneof event_type {
    // Pod event.
    ContinuousValidationPodEvent pod_event = 1;

    // Unsupported policy event.
    UnsupportedPolicyEvent unsupported_policy_event = 2;
  }
}