Binary Authorization v1beta1 API - Class Policy (2.0.0-beta07)

public sealed class Policy : IMessage<Policy>, IEquatable<Policy>, IDeepCloneable<Policy>, IBufferMessage, IMessage

Reference documentation and code samples for the Binary Authorization v1beta1 API class Policy.

A [policy][google.cloud.binaryauthorization.v1beta1.Policy] for Binary Authorization.

Inheritance

object > Policy

Namespace

Google.Cloud.BinaryAuthorization.V1Beta1

Assembly

Google.Cloud.BinaryAuthorization.V1Beta1.dll

Constructors

Policy()

public Policy()

Policy(Policy)

public Policy(Policy other)
Parameter
Name Description
other Policy

Properties

AdmissionWhitelistPatterns

public RepeatedField<AdmissionWhitelistPattern> AdmissionWhitelistPatterns { get; }

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

Property Value
Type Description
RepeatedFieldAdmissionWhitelistPattern

ClusterAdmissionRules

public MapField<string, AdmissionRule> ClusterAdmissionRules { get; }

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

Property Value
Type Description
MapFieldstringAdmissionRule

DefaultAdmissionRule

public AdmissionRule DefaultAdmissionRule { get; set; }

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

Property Value
Type Description
AdmissionRule

Description

public string Description { get; set; }

Optional. A descriptive comment.

Property Value
Type Description
string

GlobalPolicyEvaluationMode

public Policy.Types.GlobalPolicyEvaluationMode GlobalPolicyEvaluationMode { get; set; }

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

Property Value
Type Description
PolicyTypesGlobalPolicyEvaluationMode

IstioServiceIdentityAdmissionRules

public MapField<string, AdmissionRule> IstioServiceIdentityAdmissionRules { get; }

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

Property Value
Type Description
MapFieldstringAdmissionRule

KubernetesNamespaceAdmissionRules

public MapField<string, AdmissionRule> KubernetesNamespaceAdmissionRules { get; }

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

Property Value
Type Description
MapFieldstringAdmissionRule

KubernetesServiceAccountAdmissionRules

public MapField<string, AdmissionRule> KubernetesServiceAccountAdmissionRules { get; }

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

Property Value
Type Description
MapFieldstringAdmissionRule

Name

public string Name { get; set; }

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

Property Value
Type Description
string

PolicyName

public PolicyName PolicyName { get; set; }

PolicyName-typed view over the Name resource name property.

Property Value
Type Description
PolicyName

UpdateTime

public Timestamp UpdateTime { get; set; }

Output only. Time when the policy was last updated.

Property Value
Type Description
Timestamp