Class AdmissionRule (1.0.0-beta05)

public sealed class AdmissionRule : IMessage<AdmissionRule>, IEquatable<AdmissionRule>, IDeepCloneable<AdmissionRule>, IBufferMessage, IMessage

An [admission rule][google.cloud.binaryauthorization.v1beta1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied.

Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.

Inheritance

Object > AdmissionRule

Namespace

Google.Cloud.BinaryAuthorization.V1Beta1

Assembly

Google.Cloud.BinaryAuthorization.V1Beta1.dll

Constructors

AdmissionRule()

public AdmissionRule()

AdmissionRule(AdmissionRule)

public AdmissionRule(AdmissionRule other)
Parameter
NameDescription
otherAdmissionRule

Properties

EnforcementMode

public AdmissionRule.Types.EnforcementMode EnforcementMode { get; set; }

Required. The action when a pod creation is denied by the admission rule.

Property Value
TypeDescription
AdmissionRule.Types.EnforcementMode

EvaluationMode

public AdmissionRule.Types.EvaluationMode EvaluationMode { get; set; }

Required. How this admission rule will be evaluated.

Property Value
TypeDescription
AdmissionRule.Types.EvaluationMode

RequireAttestationsBy

public RepeatedField<string> RequireAttestationsBy { get; }

Optional. The resource names of the attestors that must attest to a container image, in the format projects/*/attestors/*. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource.

Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.

Property Value
TypeDescription
RepeatedField<String>