Class: Google::Cloud::BinaryAuthorization::V1beta1::Policy

Inherits:

Object

• Object
• Google::Cloud::BinaryAuthorization::V1beta1::Policy

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb

Overview

A policy for container image binary authorization.

Defined Under Namespace

Modules: GlobalPolicyEvaluationMode Classes: ClusterAdmissionRulesEntry

Instance Attribute Summary

• #admission_whitelist_patterns ⇒ ::Array<::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern>

  Optional.

• #cluster_admission_rules ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}

  Optional.

• #default_admission_rule ⇒ ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule

  Required.

• #description ⇒ ::String

  Optional.

• #global_policy_evaluation_mode ⇒ ::Google::Cloud::BinaryAuthorization::V1beta1::Policy::GlobalPolicyEvaluationMode

  Optional.

• #name ⇒ ::String readonly

  Output only.

• #update_time ⇒ ::Google::Protobuf::Timestamp readonly

  Output only.

Instance Attribute Details

#admission_whitelist_patterns ⇒ ::Array<::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern>

Returns Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

Returns:

• (::Array<::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern>) —

  Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#cluster_admission_rules ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}

Returns Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

Returns:

• (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}) —

  Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#default_admission_rule ⇒ ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule

Returns Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

Returns:

• (::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule) —

  Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#description ⇒ ::String

Returns Optional. A descriptive comment.

Returns:

• (::String) —

  Optional. A descriptive comment.

# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#global_policy_evaluation_mode ⇒ ::Google::Cloud::BinaryAuthorization::V1beta1::Policy::GlobalPolicyEvaluationMode

Returns Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

Returns:

• (::Google::Cloud::BinaryAuthorization::V1beta1::Policy::GlobalPolicyEvaluationMode) —

  Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#name ⇒ ::String (readonly)

Returns Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

Returns:

• (::String) —

  Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#update_time ⇒ ::Google::Protobuf::Timestamp (readonly)

Returns Output only. Time when the policy was last updated.

Returns:

• (::Google::Protobuf::Timestamp) —

  Output only. Time when the policy was last updated.

# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/resources.rb', line 60

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end