Binary Authorization API

The management interface for Binary Authorization, a system providing policy control for images deployed to Kubernetes Engine clusters.

Service: binaryauthorization.googleapis.com

We recommend that you call this service using Google-provided client libraries. If your application needs to call this service using your own libraries, you should use the following information when making the API requests.

Discovery document

A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery documents:

Service endpoint

A service endpoint is a base URL that specifies the network address of an API service. One service may have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:

  • https://binaryauthorization.googleapis.com

REST Resource: v1beta1.projects

Methods
getPolicy GET /v1beta1/{name=projects/*/policy}
A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image.
updatePolicy PUT /v1beta1/{policy.name=projects/*/policy}
Creates or updates a project's policy, and returns a copy of the new policy.

REST Resource: v1beta1.projects.attestors

Methods
create POST /v1beta1/{parent=projects/*}/attestors
Creates an attestor, and returns a copy of the new attestor.
delete DELETE /v1beta1/{name=projects/*/attestors/*}
Deletes an attestor.
get GET /v1beta1/{name=projects/*/attestors/*}
Gets an attestor.
getIamPolicy GET /v1beta1/{resource=projects/*/attestors/*}:getIamPolicy
Gets the access control policy for a resource.
list GET /v1beta1/{parent=projects/*}/attestors
Lists attestors.
setIamPolicy POST /v1beta1/{resource=projects/*/attestors/*}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1beta1/{resource=projects/*/attestors/*}:testIamPermissions
Returns permissions that a caller has on the specified resource.
update PUT /v1beta1/{attestor.name=projects/*/attestors/*}
Updates an attestor.

REST Resource: v1beta1.projects.policy

Methods
getIamPolicy GET /v1beta1/{resource=projects/*/policy}:getIamPolicy
Gets the access control policy for a resource.
setIamPolicy POST /v1beta1/{resource=projects/*/policy}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1beta1/{resource=projects/*/policy}:testIamPermissions
Returns permissions that a caller has on the specified resource.

Service: binaryauthorization.googleapis.com

We recommend that you call this service using Google-provided client libraries. If your application needs to call this service using your own libraries, you should use the following information when making the API requests.

Discovery document

A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery documents:

Service endpoint

A service endpoint is a base URL that specifies the network address of an API service. One service may have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:

  • https://binaryauthorization.googleapis.com

REST Resource: v1.projects

Methods
getPolicy GET /v1/{name=projects/*/policy}
A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image.
updatePolicy PUT /v1/{policy.name=projects/*/policy}
Creates or updates a project's policy, and returns a copy of the new policy.

REST Resource: v1.projects.attestors

Methods
create POST /v1/{parent=projects/*}/attestors
Creates an attestor, and returns a copy of the new attestor.
delete DELETE /v1/{name=projects/*/attestors/*}
Deletes an attestor.
get GET /v1/{name=projects/*/attestors/*}
Gets an attestor.
getIamPolicy GET /v1/{resource=projects/*/attestors/*}:getIamPolicy
Gets the access control policy for a resource.
list GET /v1/{parent=projects/*}/attestors
Lists attestors.
setIamPolicy POST /v1/{resource=projects/*/attestors/*}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1/{resource=projects/*/attestors/*}:testIamPermissions
Returns permissions that a caller has on the specified resource.
update PUT /v1/{attestor.name=projects/*/attestors/*}
Updates an attestor.

REST Resource: v1.projects.policy

Methods
getIamPolicy GET /v1/{resource=projects/*/policy}:getIamPolicy
Gets the access control policy for a resource.
setIamPolicy POST /v1/{resource=projects/*/policy}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1/{resource=projects/*/policy}:testIamPermissions
Returns permissions that a caller has on the specified resource.