Shape the future of software security and make your voice heard by taking the 2021 State of DevOps survey.

Binary Authorization API

The management interface for Binary Authorization, a system providing policy control for images deployed to Kubernetes Engine clusters.

Service: binaryauthorization.googleapis.com

To call this service, we recommend that you use the Google-provided client libraries. If your application needs to use your own libraries to call this service, use the following information when you make the API requests.

Discovery document

A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery documents:

Service endpoint

A service endpoint is a base URL that specifies the network address of an API service. One service might have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:

  • https://binaryauthorization.googleapis.com

REST Resource: v1beta1.projects

Methods
getPolicy GET /v1beta1/{name=projects/*/policy}
A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image.
updatePolicy PUT /v1beta1/{policy.name=projects/*/policy}
Creates or updates a project's policy, and returns a copy of the new policy.

REST Resource: v1beta1.projects.attestors

Methods
create POST /v1beta1/{parent=projects/*}/attestors
Creates an attestor, and returns a copy of the new attestor.
delete DELETE /v1beta1/{name=projects/*/attestors/*}
Deletes an attestor.
get GET /v1beta1/{name=projects/*/attestors/*}
Gets an attestor.
getIamPolicy GET /v1beta1/{resource=projects/*/attestors/*}:getIamPolicy
Gets the access control policy for a resource.
list GET /v1beta1/{parent=projects/*}/attestors
Lists attestors.
setIamPolicy POST /v1beta1/{resource=projects/*/attestors/*}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1beta1/{resource=projects/*/attestors/*}:testIamPermissions
Returns permissions that a caller has on the specified resource.
update PUT /v1beta1/{attestor.name=projects/*/attestors/*}
Updates an attestor.
validateAttestationOccurrence POST /v1beta1/{attestor=projects/*/attestors/*}:validateAttestationOccurrence
Returns whether the given Attestation for the given image URI was signed by the given Attestor

REST Resource: v1beta1.projects.policy

Methods
getIamPolicy GET /v1beta1/{resource=projects/*/policy}:getIamPolicy
Gets the access control policy for a resource.
setIamPolicy POST /v1beta1/{resource=projects/*/policy}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1beta1/{resource=projects/*/policy}:testIamPermissions
Returns permissions that a caller has on the specified resource.

REST Resource: v1beta1.systempolicy

Methods
getPolicy GET /v1beta1/{name=locations/*/policy}
Gets the current system policy in the specified location.

Service: binaryauthorization.googleapis.com

To call this service, we recommend that you use the Google-provided client libraries. If your application needs to use your own libraries to call this service, use the following information when you make the API requests.

Discovery document

A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery documents:

Service endpoint

A service endpoint is a base URL that specifies the network address of an API service. One service might have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:

  • https://binaryauthorization.googleapis.com

REST Resource: v1alpha2.projects

Methods
getContinuousValidationConfig GET /v1alpha2/{name=projects/*/continuousValidationConfig}
Gets the continuous validation config for the project.
getPolicy GET /v1alpha2/{name=projects/*/policy}
A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image.
updateContinuousValidationConfig PUT /v1alpha2/{config.name=projects/*/continuousValidationConfig}
Updates a project's [continuous validation config][ContinuousValidationConfig], and returns a copy of the new config.
updatePolicy PUT /v1alpha2/{policy.name=projects/*/policy}
Creates or updates a project's policy, and returns a copy of the new policy.

REST Resource: v1alpha2.projects.attestors

Methods
create POST /v1alpha2/{parent=projects/*}/attestors
Creates an attestor, and returns a copy of the new attestor.
delete DELETE /v1alpha2/{name=projects/*/attestors/*}
Deletes an attestor.
get GET /v1alpha2/{name=projects/*/attestors/*}
Gets an attestor.
getIamPolicy GET /v1alpha2/{resource=projects/*/attestors/*}:getIamPolicy
Gets the access control policy for a resource.
list GET /v1alpha2/{parent=projects/*}/attestors
Lists attestors.
setIamPolicy POST /v1alpha2/{resource=projects/*/attestors/*}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1alpha2/{resource=projects/*/attestors/*}:testIamPermissions
Returns permissions that a caller has on the specified resource.
update PUT /v1alpha2/{attestor.name=projects/*/attestors/*}
Updates an attestor.
validateAttestationOccurrence POST /v1alpha2/{attestor=projects/*/attestors/*}:validateAttestationOccurrence
Returns whether the given Attestation for the given image URI was signed by the given Attestor

REST Resource: v1alpha2.projects.attestors.attestations

Methods
getIamPolicy GET /v1alpha2/{resource=projects/*/attestors/*/attestations/*}:getIamPolicy
Gets the access control policy for a resource.
setIamPolicy POST /v1alpha2/{resource=projects/*/attestors/*/attestations/*}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1alpha2/{resource=projects/*/attestors/*/attestations/*}:testIamPermissions
Returns permissions that a caller has on the specified resource.

REST Resource: v1alpha2.projects.policy

Methods
getIamPolicy GET /v1alpha2/{resource=projects/*/policy}:getIamPolicy
Gets the access control policy for a resource.
setIamPolicy POST /v1alpha2/{resource=projects/*/policy}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1alpha2/{resource=projects/*/policy}:testIamPermissions
Returns permissions that a caller has on the specified resource.

REST Resource: v1alpha2.systempolicy

Methods
getPolicy GET /v1alpha2/{name=locations/*/policy}
Gets the current system policy in the specified location.

Service: binaryauthorization.googleapis.com

To call this service, we recommend that you use the Google-provided client libraries. If your application needs to use your own libraries to call this service, use the following information when you make the API requests.

Discovery document

A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery documents:

Service endpoint

A service endpoint is a base URL that specifies the network address of an API service. One service might have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:

  • https://binaryauthorization.googleapis.com

REST Resource: v1.projects

Methods
getPolicy GET /v1/{name=projects/*/policy}
A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image.
updatePolicy PUT /v1/{policy.name=projects/*/policy}
Creates or updates a project's policy, and returns a copy of the new policy.

REST Resource: v1.projects.attestors

Methods
create POST /v1/{parent=projects/*}/attestors
Creates an attestor, and returns a copy of the new attestor.
delete DELETE /v1/{name=projects/*/attestors/*}
Deletes an attestor.
get GET /v1/{name=projects/*/attestors/*}
Gets an attestor.
getIamPolicy GET /v1/{resource=projects/*/attestors/*}:getIamPolicy
Gets the access control policy for a resource.
list GET /v1/{parent=projects/*}/attestors
Lists attestors.
setIamPolicy POST /v1/{resource=projects/*/attestors/*}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1/{resource=projects/*/attestors/*}:testIamPermissions
Returns permissions that a caller has on the specified resource.
update PUT /v1/{attestor.name=projects/*/attestors/*}
Updates an attestor.
validateAttestationOccurrence POST /v1/{attestor=projects/*/attestors/*}:validateAttestationOccurrence
Returns whether the given Attestation for the given image URI was signed by the given Attestor

REST Resource: v1.projects.policy

Methods
getIamPolicy GET /v1/{resource=projects/*/policy}:getIamPolicy
Gets the access control policy for a resource.
setIamPolicy POST /v1/{resource=projects/*/policy}:setIamPolicy
Sets the access control policy on the specified resource.
testIamPermissions POST /v1/{resource=projects/*/policy}:testIamPermissions
Returns permissions that a caller has on the specified resource.

REST Resource: v1.systempolicy

Methods
getPolicy GET /v1/{name=locations/*/policy}
Gets the current system policy in the specified location.