The management interface for Binary Authorization, a system providing policy control for images deployed to Kubernetes Engine clusters.
- REST Resource: v1beta1.projects
- REST Resource: v1beta1.projects.attestors
- REST Resource: v1beta1.projects.policy
- REST Resource: internal.projects.policy.locations.clusters
- REST Resource: v1.projects
- REST Resource: v1.projects.attestors
- REST Resource: v1.projects.policy
Service: binaryauthorization.googleapis.com
To call this service, we recommend that you use the Google-provided client libraries. If your application needs to use your own libraries to call this service, use the following information when you make the API requests.
Discovery document
A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery documents:
Service endpoint
A service endpoint is a base URL that specifies the network address of an API service. One service might have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:
https://binaryauthorization.googleapis.com
REST Resource: v1beta1.projects
| Methods | |
|---|---|
getPolicy |
GET /v1beta1/{name=projects/*/policy} A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image. |
updatePolicy |
PUT /v1beta1/{policy.name=projects/*/policy} Creates or updates a project's policy, and returns a copy of the new policy. |
REST Resource: v1beta1.projects.attestors
| Methods | |
|---|---|
create |
POST /v1beta1/{parent=projects/*}/attestors Creates an attestor, and returns a copy of the new attestor. |
delete |
DELETE /v1beta1/{name=projects/*/attestors/*} Deletes an attestor. |
get |
GET /v1beta1/{name=projects/*/attestors/*} Gets an attestor. |
getIamPolicy |
GET /v1beta1/{resource=projects/*/attestors/*}:getIamPolicy Gets the access control policy for a resource. |
list |
GET /v1beta1/{parent=projects/*}/attestors Lists attestors. |
setIamPolicy |
POST /v1beta1/{resource=projects/*/attestors/*}:setIamPolicy Sets the access control policy on the specified resource. |
testIamPermissions |
POST /v1beta1/{resource=projects/*/attestors/*}:testIamPermissions Returns permissions that a caller has on the specified resource. |
update |
PUT /v1beta1/{attestor.name=projects/*/attestors/*} Updates an attestor. |
validateAttestationOccurrence |
POST /v1beta1/{attestor=projects/*/attestors/*}:validateAttestationOccurrence Returns whether the given Attestation for the given image URI was signed by the given Attestor |
REST Resource: v1beta1.projects.policy
| Methods | |
|---|---|
getIamPolicy |
GET /v1beta1/{resource=projects/*/policy}:getIamPolicy Gets the access control policy for a resource. |
setIamPolicy |
POST /v1beta1/{resource=projects/*/policy}:setIamPolicy Sets the access control policy on the specified resource. |
testIamPermissions |
POST /v1beta1/{resource=projects/*/policy}:testIamPermissions Returns permissions that a caller has on the specified resource. |
Service: binaryauthorization.googleapis.com
To call this service, we recommend that you use the Google-provided client libraries. If your application needs to use your own libraries to call this service, use the following information when you make the API requests.
Discovery document
A Discovery Document is a machine-readable specification for describing and consuming REST APIs. It is used to build client libraries, IDE plugins, and other tools that interact with Google APIs. One service may provide multiple discovery documents. This service provides the following discovery documents:
Service endpoint
A service endpoint is a base URL that specifies the network address of an API service. One service might have multiple service endpoints. This service has the following service endpoint and all URIs below are relative to this service endpoint:
https://binaryauthorization.googleapis.com
REST Resource: internal.projects.policy.locations.clusters
| Methods | |
|---|---|
admissionReview |
POST /internal/{name=projects/*/policy}/locations/{location}/clusters/{cluster}:admissionReview AdmissionReview handler that checks against the policy name specified by projects/*/policy |
REST Resource: v1.projects
| Methods | |
|---|---|
getPolicy |
GET /v1/{name=projects/*/policy} A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image. |
updatePolicy |
PUT /v1/{policy.name=projects/*/policy} Creates or updates a project's policy, and returns a copy of the new policy. |
REST Resource: v1.projects.attestors
| Methods | |
|---|---|
create |
POST /v1/{parent=projects/*}/attestors Creates an attestor, and returns a copy of the new attestor. |
delete |
DELETE /v1/{name=projects/*/attestors/*} Deletes an attestor. |
get |
GET /v1/{name=projects/*/attestors/*} Gets an attestor. |
getIamPolicy |
GET /v1/{resource=projects/*/attestors/*}:getIamPolicy Gets the access control policy for a resource. |
list |
GET /v1/{parent=projects/*}/attestors Lists attestors. |
setIamPolicy |
POST /v1/{resource=projects/*/attestors/*}:setIamPolicy Sets the access control policy on the specified resource. |
testIamPermissions |
POST /v1/{resource=projects/*/attestors/*}:testIamPermissions Returns permissions that a caller has on the specified resource. |
update |
PUT /v1/{attestor.name=projects/*/attestors/*} Updates an attestor. |
validateAttestationOccurrence |
POST /v1/{attestor=projects/*/attestors/*}:validateAttestationOccurrence Returns whether the given Attestation for the given image URI was signed by the given Attestor |
REST Resource: v1.projects.policy
| Methods | |
|---|---|
getIamPolicy |
GET /v1/{resource=projects/*/policy}:getIamPolicy Gets the access control policy for a resource. |
setIamPolicy |
POST /v1/{resource=projects/*/policy}:setIamPolicy Sets the access control policy on the specified resource. |
testIamPermissions |
POST /v1/{resource=projects/*/policy}:testIamPermissions Returns permissions that a caller has on the specified resource. |