Class: Google::Apis::BinaryauthorizationV1::Policy

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
generated/google/apis/binaryauthorization_v1/classes.rb,
generated/google/apis/binaryauthorization_v1/representations.rb,
generated/google/apis/binaryauthorization_v1/representations.rb

Overview

A policy for container image binary authorization.

Instance Attribute Summary collapse

Instance Method Summary collapse

Methods included from Core::JsonObjectSupport

#to_json

Methods included from Core::Hashable

process_value, #to_h

Constructor Details

#initialize(**args) ⇒ Policy

Returns a new instance of Policy.


513
514
515
# File 'generated/google/apis/binaryauthorization_v1/classes.rb', line 513

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#admission_whitelist_patternsArray<Google::Apis::BinaryauthorizationV1::AdmissionWhitelistPattern>

Optional. Admission policy whitelisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third- party infrastructure images from Binary Authorization policies. Corresponds to the JSON property admissionWhitelistPatterns


469
470
471
# File 'generated/google/apis/binaryauthorization_v1/classes.rb', line 469

def admission_whitelist_patterns
  @admission_whitelist_patterns
end

#cluster_admission_rulesHash<String,Google::Apis::BinaryauthorizationV1::AdmissionRule>

Optional. Per-cluster admission rules. Cluster spec format: location. clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us- central1). For clusterId syntax restrictions see https://cloud.google.com/ container-engine/reference/rest/v1/projects.zones.clusters. Corresponds to the JSON property clusterAdmissionRules


478
479
480
# File 'generated/google/apis/binaryauthorization_v1/classes.rb', line 478

def cluster_admission_rules
  @cluster_admission_rules
end

#default_admission_ruleGoogle::Apis::BinaryauthorizationV1::AdmissionRule

An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission whitelist pattern are exempted from admission rules and will never block a pod creation. Corresponds to the JSON property defaultAdmissionRule


487
488
489
# File 'generated/google/apis/binaryauthorization_v1/classes.rb', line 487

def default_admission_rule
  @default_admission_rule
end

#descriptionString

Optional. A descriptive comment. Corresponds to the JSON property description

Returns:

  • (String)

492
493
494
# File 'generated/google/apis/binaryauthorization_v1/classes.rb', line 492

def description
  @description
end

#global_policy_evaluation_modeString

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy. Corresponds to the JSON property globalPolicyEvaluationMode

Returns:

  • (String)

500
501
502
# File 'generated/google/apis/binaryauthorization_v1/classes.rb', line 500

def global_policy_evaluation_mode
  @global_policy_evaluation_mode
end

#nameString

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project. Corresponds to the JSON property name

Returns:

  • (String)

506
507
508
# File 'generated/google/apis/binaryauthorization_v1/classes.rb', line 506

def name
  @name
end

#update_timeString

Output only. Time when the policy was last updated. Corresponds to the JSON property updateTime

Returns:

  • (String)

511
512
513
# File 'generated/google/apis/binaryauthorization_v1/classes.rb', line 511

def update_time
  @update_time
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object


518
519
520
521
522
523
524
525
526
# File 'generated/google/apis/binaryauthorization_v1/classes.rb', line 518

def update!(**args)
  @admission_whitelist_patterns = args[:admission_whitelist_patterns] if args.key?(:admission_whitelist_patterns)
  @cluster_admission_rules = args[:cluster_admission_rules] if args.key?(:cluster_admission_rules)
  @default_admission_rule = args[:default_admission_rule] if args.key?(:default_admission_rule)
  @description = args[:description] if args.key?(:description)
  @global_policy_evaluation_mode = args[:global_policy_evaluation_mode] if args.key?(:global_policy_evaluation_mode)
  @name = args[:name] if args.key?(:name)
  @update_time = args[:update_time] if args.key?(:update_time)
end