Class: Google::Cloud::BinaryAuthorization::V1beta1::Policy
- Inherits:
-
Object
- Object
- Google::Cloud::BinaryAuthorization::V1beta1::Policy
- Extended by:
- Protobuf::MessageExts::ClassMethods
- Includes:
- Protobuf::MessageExts
- Defined in:
- proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb
Overview
A policy for container image binary authorization.
Defined Under Namespace
Modules: GlobalPolicyEvaluationMode Classes: ClusterAdmissionRulesEntry
Instance Attribute Summary collapse
-
#admission_whitelist_patterns ⇒ ::Array<::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern>
Optional.
-
#cluster_admission_rules ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}
Optional.
-
#default_admission_rule ⇒ ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule
Required.
-
#description ⇒ ::String
Optional.
-
#global_policy_evaluation_mode ⇒ ::Google::Cloud::BinaryAuthorization::V1beta1::Policy::GlobalPolicyEvaluationMode
Optional.
-
#name ⇒ ::String
readonly
Output only.
-
#update_time ⇒ ::Google::Protobuf::Timestamp
readonly
Output only.
Instance Attribute Details
#admission_whitelist_patterns ⇒ ::Array<::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern>
Returns Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60 class Policy include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule] class ClusterAdmissionRulesEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end module GlobalPolicyEvaluationMode # Not specified: DISABLE is assumed. GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0 # Enables system policy evaluation. ENABLE = 1 # Disables system policy evaluation. DISABLE = 2 end end |
#cluster_admission_rules ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}
Returns Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60 class Policy include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule] class ClusterAdmissionRulesEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end module GlobalPolicyEvaluationMode # Not specified: DISABLE is assumed. GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0 # Enables system policy evaluation. ENABLE = 1 # Disables system policy evaluation. DISABLE = 2 end end |
#default_admission_rule ⇒ ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule
Returns Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60 class Policy include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule] class ClusterAdmissionRulesEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end module GlobalPolicyEvaluationMode # Not specified: DISABLE is assumed. GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0 # Enables system policy evaluation. ENABLE = 1 # Disables system policy evaluation. DISABLE = 2 end end |
#description ⇒ ::String
Returns Optional. A descriptive comment.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60 class Policy include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule] class ClusterAdmissionRulesEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end module GlobalPolicyEvaluationMode # Not specified: DISABLE is assumed. GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0 # Enables system policy evaluation. ENABLE = 1 # Disables system policy evaluation. DISABLE = 2 end end |
#global_policy_evaluation_mode ⇒ ::Google::Cloud::BinaryAuthorization::V1beta1::Policy::GlobalPolicyEvaluationMode
Returns Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60 class Policy include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule] class ClusterAdmissionRulesEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end module GlobalPolicyEvaluationMode # Not specified: DISABLE is assumed. GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0 # Enables system policy evaluation. ENABLE = 1 # Disables system policy evaluation. DISABLE = 2 end end |
#name ⇒ ::String (readonly)
Returns Output only. The resource name, in the format projects/*/policy
. There is
at most one policy per project.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60 class Policy include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule] class ClusterAdmissionRulesEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end module GlobalPolicyEvaluationMode # Not specified: DISABLE is assumed. GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0 # Enables system policy evaluation. ENABLE = 1 # Disables system policy evaluation. DISABLE = 2 end end |
#update_time ⇒ ::Google::Protobuf::Timestamp (readonly)
Returns Output only. Time when the policy was last updated.
60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 |
# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60 class Policy include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods # @!attribute [rw] key # @return [::String] # @!attribute [rw] value # @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule] class ClusterAdmissionRulesEntry include ::Google::Protobuf::MessageExts extend ::Google::Protobuf::MessageExts::ClassMethods end module GlobalPolicyEvaluationMode # Not specified: DISABLE is assumed. GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0 # Enables system policy evaluation. ENABLE = 1 # Disables system policy evaluation. DISABLE = 2 end end |