Package cloud.google.com/go/binaryauthorization/apiv1beta1/binaryauthorizationpb (v1.2.0)

Variables

ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict_name, ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict_value

var (
	ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict_name = map[int32]string{
		0: "POLICY_CONFORMANCE_VERDICT_UNSPECIFIED",
		1: "VIOLATES_POLICY",
	}
	ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict_value = map[string]int32{
		"POLICY_CONFORMANCE_VERDICT_UNSPECIFIED": 0,
		"VIOLATES_POLICY":                        1,
	}
)

Enum value maps for ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict.

ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult_name, ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult_value

var (
	ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult_name = map[int32]string{
		0: "AUDIT_RESULT_UNSPECIFIED",
		1: "ALLOW",
		2: "DENY",
	}
	ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult_value = map[string]int32{
		"AUDIT_RESULT_UNSPECIFIED": 0,
		"ALLOW":                    1,
		"DENY":                     2,
	}
)

Enum value maps for ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult.

Policy_GlobalPolicyEvaluationMode_name, Policy_GlobalPolicyEvaluationMode_value

var (
	Policy_GlobalPolicyEvaluationMode_name = map[int32]string{
		0: "GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED",
		1: "ENABLE",
		2: "DISABLE",
	}
	Policy_GlobalPolicyEvaluationMode_value = map[string]int32{
		"GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED": 0,
		"ENABLE":  1,
		"DISABLE": 2,
	}
)

Enum value maps for Policy_GlobalPolicyEvaluationMode.

AdmissionRule_EvaluationMode_name, AdmissionRule_EvaluationMode_value

var (
	AdmissionRule_EvaluationMode_name = map[int32]string{
		0: "EVALUATION_MODE_UNSPECIFIED",
		1: "ALWAYS_ALLOW",
		2: "REQUIRE_ATTESTATION",
		3: "ALWAYS_DENY",
	}
	AdmissionRule_EvaluationMode_value = map[string]int32{
		"EVALUATION_MODE_UNSPECIFIED": 0,
		"ALWAYS_ALLOW":                1,
		"REQUIRE_ATTESTATION":         2,
		"ALWAYS_DENY":                 3,
	}
)

Enum value maps for AdmissionRule_EvaluationMode.

AdmissionRule_EnforcementMode_name, AdmissionRule_EnforcementMode_value

var (
	AdmissionRule_EnforcementMode_name = map[int32]string{
		0: "ENFORCEMENT_MODE_UNSPECIFIED",
		1: "ENFORCED_BLOCK_AND_AUDIT_LOG",
		2: "DRYRUN_AUDIT_LOG_ONLY",
	}
	AdmissionRule_EnforcementMode_value = map[string]int32{
		"ENFORCEMENT_MODE_UNSPECIFIED": 0,
		"ENFORCED_BLOCK_AND_AUDIT_LOG": 1,
		"DRYRUN_AUDIT_LOG_ONLY":        2,
	}
)

Enum value maps for AdmissionRule_EnforcementMode.

PkixPublicKey_SignatureAlgorithm_name, PkixPublicKey_SignatureAlgorithm_value

var (
	PkixPublicKey_SignatureAlgorithm_name = map[int32]string{
		0: "SIGNATURE_ALGORITHM_UNSPECIFIED",
		1: "RSA_PSS_2048_SHA256",
		2: "RSA_PSS_3072_SHA256",
		3: "RSA_PSS_4096_SHA256",
		4: "RSA_PSS_4096_SHA512",
		5: "RSA_SIGN_PKCS1_2048_SHA256",
		6: "RSA_SIGN_PKCS1_3072_SHA256",
		7: "RSA_SIGN_PKCS1_4096_SHA256",
		8: "RSA_SIGN_PKCS1_4096_SHA512",
		9: "ECDSA_P256_SHA256",

		10: "ECDSA_P384_SHA384",

		11: "ECDSA_P521_SHA512",
	}
	PkixPublicKey_SignatureAlgorithm_value = map[string]int32{
		"SIGNATURE_ALGORITHM_UNSPECIFIED": 0,
		"RSA_PSS_2048_SHA256":             1,
		"RSA_PSS_3072_SHA256":             2,
		"RSA_PSS_4096_SHA256":             3,
		"RSA_PSS_4096_SHA512":             4,
		"RSA_SIGN_PKCS1_2048_SHA256":      5,
		"RSA_SIGN_PKCS1_3072_SHA256":      6,
		"RSA_SIGN_PKCS1_4096_SHA256":      7,
		"RSA_SIGN_PKCS1_4096_SHA512":      8,
		"ECDSA_P256_SHA256":               9,
		"EC_SIGN_P256_SHA256":             9,
		"ECDSA_P384_SHA384":               10,
		"EC_SIGN_P384_SHA384":             10,
		"ECDSA_P521_SHA512":               11,
		"EC_SIGN_P521_SHA512":             11,
	}
)

Enum value maps for PkixPublicKey_SignatureAlgorithm.

File_google_cloud_binaryauthorization_v1beta1_continuous_validation_logging_proto

var File_google_cloud_binaryauthorization_v1beta1_continuous_validation_logging_proto protoreflect.FileDescriptor

File_google_cloud_binaryauthorization_v1beta1_resources_proto

var File_google_cloud_binaryauthorization_v1beta1_resources_proto protoreflect.FileDescriptor

File_google_cloud_binaryauthorization_v1beta1_service_proto

var File_google_cloud_binaryauthorization_v1beta1_service_proto protoreflect.FileDescriptor

Functions

func RegisterBinauthzManagementServiceV1Beta1Server

func RegisterBinauthzManagementServiceV1Beta1Server(s *grpc.Server, srv BinauthzManagementServiceV1Beta1Server)

func RegisterSystemPolicyV1Beta1Server

func RegisterSystemPolicyV1Beta1Server(s *grpc.Server, srv SystemPolicyV1Beta1Server)

AdmissionRule

type AdmissionRule struct {
	EvaluationMode AdmissionRule_EvaluationMode "" /* 179 byte string literal not displayed */

	RequireAttestationsBy []string `protobuf:"bytes,2,rep,name=require_attestations_by,json=requireAttestationsBy,proto3" json:"require_attestations_by,omitempty"`

	EnforcementMode AdmissionRule_EnforcementMode "" /* 183 byte string literal not displayed */

}

An [admission rule][google.cloud.binaryauthorization.v1beta1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied.

Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.

func (*AdmissionRule) Descriptor

func (*AdmissionRule) Descriptor() ([]byte, []int)

Deprecated: Use AdmissionRule.ProtoReflect.Descriptor instead.

func (*AdmissionRule) GetEnforcementMode

func (x *AdmissionRule) GetEnforcementMode() AdmissionRule_EnforcementMode

func (*AdmissionRule) GetEvaluationMode

func (x *AdmissionRule) GetEvaluationMode() AdmissionRule_EvaluationMode

func (*AdmissionRule) GetRequireAttestationsBy

func (x *AdmissionRule) GetRequireAttestationsBy() []string

func (*AdmissionRule) ProtoMessage

func (*AdmissionRule) ProtoMessage()

func (*AdmissionRule) ProtoReflect

func (x *AdmissionRule) ProtoReflect() protoreflect.Message

func (*AdmissionRule) Reset

func (x *AdmissionRule) Reset()

func (*AdmissionRule) String

func (x *AdmissionRule) String() string

AdmissionRule_EnforcementMode

type AdmissionRule_EnforcementMode int32

Defines the possible actions when a pod creation is denied by an admission rule.

AdmissionRule_ENFORCEMENT_MODE_UNSPECIFIED, AdmissionRule_ENFORCED_BLOCK_AND_AUDIT_LOG, AdmissionRule_DRYRUN_AUDIT_LOG_ONLY

const (
	// Do not use.
	AdmissionRule_ENFORCEMENT_MODE_UNSPECIFIED AdmissionRule_EnforcementMode = 0
	// Enforce the admission rule by blocking the pod creation.
	AdmissionRule_ENFORCED_BLOCK_AND_AUDIT_LOG AdmissionRule_EnforcementMode = 1
	// Dryrun mode: Audit logging only.  This will allow the pod creation as if
	// the admission request had specified break-glass.
	AdmissionRule_DRYRUN_AUDIT_LOG_ONLY AdmissionRule_EnforcementMode = 2
)

func (AdmissionRule_EnforcementMode) Descriptor

func (AdmissionRule_EnforcementMode) Enum

func (AdmissionRule_EnforcementMode) EnumDescriptor

func (AdmissionRule_EnforcementMode) EnumDescriptor() ([]byte, []int)

Deprecated: Use AdmissionRule_EnforcementMode.Descriptor instead.

func (AdmissionRule_EnforcementMode) Number

func (AdmissionRule_EnforcementMode) String

func (AdmissionRule_EnforcementMode) Type

AdmissionRule_EvaluationMode

type AdmissionRule_EvaluationMode int32

AdmissionRule_EVALUATION_MODE_UNSPECIFIED, AdmissionRule_ALWAYS_ALLOW, AdmissionRule_REQUIRE_ATTESTATION, AdmissionRule_ALWAYS_DENY

const (
	// Do not use.
	AdmissionRule_EVALUATION_MODE_UNSPECIFIED AdmissionRule_EvaluationMode = 0
	// This rule allows all all pod creations.
	AdmissionRule_ALWAYS_ALLOW AdmissionRule_EvaluationMode = 1
	// This rule allows a pod creation if all the attestors listed in
	// `require_attestations_by` have valid attestations for all of the
	// images in the pod spec.
	AdmissionRule_REQUIRE_ATTESTATION AdmissionRule_EvaluationMode = 2
	// This rule denies all pod creations.
	AdmissionRule_ALWAYS_DENY AdmissionRule_EvaluationMode = 3
)

func (AdmissionRule_EvaluationMode) Descriptor

func (AdmissionRule_EvaluationMode) Enum

func (AdmissionRule_EvaluationMode) EnumDescriptor

func (AdmissionRule_EvaluationMode) EnumDescriptor() ([]byte, []int)

Deprecated: Use AdmissionRule_EvaluationMode.Descriptor instead.

func (AdmissionRule_EvaluationMode) Number

func (AdmissionRule_EvaluationMode) String

func (AdmissionRule_EvaluationMode) Type

AdmissionWhitelistPattern

type AdmissionWhitelistPattern struct {

	// An image name pattern to allowlist, in the form `registry/path/to/image`.
	// This supports a trailing `*` as a wildcard, but this is allowed only in
	// text after the `registry/` part. `*` wildcard does not match `/`, i.e.,
	// `gcr.io/nginx*` matches `gcr.io/nginx@latest`, but it does not match
	// `gcr.io/nginx/image`. This also supports a trailing `**` wildcard which
	// matches subdirectories, i.e., `gcr.io/nginx**` matches
	// `gcr.io/nginx/image`.
	NamePattern string `protobuf:"bytes,1,opt,name=name_pattern,json=namePattern,proto3" json:"name_pattern,omitempty"`
	// contains filtered or unexported fields
}

An [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1beta1.AdmissionRule].

func (*AdmissionWhitelistPattern) Descriptor

func (*AdmissionWhitelistPattern) Descriptor() ([]byte, []int)

Deprecated: Use AdmissionWhitelistPattern.ProtoReflect.Descriptor instead.

func (*AdmissionWhitelistPattern) GetNamePattern

func (x *AdmissionWhitelistPattern) GetNamePattern() string

func (*AdmissionWhitelistPattern) ProtoMessage

func (*AdmissionWhitelistPattern) ProtoMessage()

func (*AdmissionWhitelistPattern) ProtoReflect

func (*AdmissionWhitelistPattern) Reset

func (x *AdmissionWhitelistPattern) Reset()

func (*AdmissionWhitelistPattern) String

func (x *AdmissionWhitelistPattern) String() string

Attestor

type Attestor struct {

	// Required. The resource name, in the format:
	// `projects/*/attestors/*`. This field may not be updated.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. A descriptive comment.  This field may be updated.
	// The field may be displayed in chooser dialogs.
	Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
	// Required. Identifies an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] that attests to a
	// container image artifact. This determines how an attestation will
	// be stored, and how it will be used during policy
	// enforcement. Updates may not change the attestor type, but individual
	// attestor fields may be updated.
	//
	// Types that are assignable to AttestorType:
	//
	//	*Attestor_UserOwnedDrydockNote
	AttestorType isAttestor_AttestorType `protobuf_oneof:"attestor_type"`
	// Output only. Time when the attestor was last updated.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// contains filtered or unexported fields
}

An [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

func (*Attestor) Descriptor

func (*Attestor) Descriptor() ([]byte, []int)

Deprecated: Use Attestor.ProtoReflect.Descriptor instead.

func (*Attestor) GetAttestorType

func (m *Attestor) GetAttestorType() isAttestor_AttestorType

func (*Attestor) GetDescription

func (x *Attestor) GetDescription() string

func (*Attestor) GetName

func (x *Attestor) GetName() string

func (*Attestor) GetUpdateTime

func (x *Attestor) GetUpdateTime() *timestamppb.Timestamp

func (*Attestor) GetUserOwnedDrydockNote

func (x *Attestor) GetUserOwnedDrydockNote() *UserOwnedDrydockNote

func (*Attestor) ProtoMessage

func (*Attestor) ProtoMessage()

func (*Attestor) ProtoReflect

func (x *Attestor) ProtoReflect() protoreflect.Message

func (*Attestor) Reset

func (x *Attestor) Reset()

func (*Attestor) String

func (x *Attestor) String() string

AttestorPublicKey

type AttestorPublicKey struct {

	// Optional. A descriptive comment. This field may be updated.
	Comment string `protobuf:"bytes,1,opt,name=comment,proto3" json:"comment,omitempty"`
	// The ID of this public key.
	// Signatures verified by BinAuthz must include the ID of the public key that
	// can be used to verify them, and that ID must match the contents of this
	// field exactly.
	// Additional restrictions on this field can be imposed based on which public
	// key type is encapsulated. See the documentation on `public_key` cases below
	// for details.
	Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	// Required. A public key reference or serialized instance. This field may be
	// updated.
	//
	// Types that are assignable to PublicKey:
	//
	//	*AttestorPublicKey_AsciiArmoredPgpPublicKey
	//	*AttestorPublicKey_PkixPublicKey
	PublicKey isAttestorPublicKey_PublicKey `protobuf_oneof:"public_key"`
	// contains filtered or unexported fields
}

An [attestor public key][google.cloud.binaryauthorization.v1beta1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.

func (*AttestorPublicKey) Descriptor

func (*AttestorPublicKey) Descriptor() ([]byte, []int)

Deprecated: Use AttestorPublicKey.ProtoReflect.Descriptor instead.

func (*AttestorPublicKey) GetAsciiArmoredPgpPublicKey

func (x *AttestorPublicKey) GetAsciiArmoredPgpPublicKey() string

func (*AttestorPublicKey) GetComment

func (x *AttestorPublicKey) GetComment() string

func (*AttestorPublicKey) GetId

func (x *AttestorPublicKey) GetId() string

func (*AttestorPublicKey) GetPkixPublicKey

func (x *AttestorPublicKey) GetPkixPublicKey() *PkixPublicKey

func (*AttestorPublicKey) GetPublicKey

func (m *AttestorPublicKey) GetPublicKey() isAttestorPublicKey_PublicKey

func (*AttestorPublicKey) ProtoMessage

func (*AttestorPublicKey) ProtoMessage()

func (*AttestorPublicKey) ProtoReflect

func (x *AttestorPublicKey) ProtoReflect() protoreflect.Message

func (*AttestorPublicKey) Reset

func (x *AttestorPublicKey) Reset()

func (*AttestorPublicKey) String

func (x *AttestorPublicKey) String() string

AttestorPublicKey_AsciiArmoredPgpPublicKey

type AttestorPublicKey_AsciiArmoredPgpPublicKey struct {
	// ASCII-armored representation of a PGP public key, as the entire output by
	// the command `gpg --export --armor foo@example.com` (either LF or CRLF
	// line endings).
	// When using this field, `id` should be left blank.  The BinAuthz API
	// handlers will calculate the ID and fill it in automatically.  BinAuthz
	// computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
	// upper-case hex.  If `id` is provided by the caller, it will be
	// overwritten by the API-calculated ID.
	AsciiArmoredPgpPublicKey string `protobuf:"bytes,3,opt,name=ascii_armored_pgp_public_key,json=asciiArmoredPgpPublicKey,proto3,oneof"`
}

AttestorPublicKey_PkixPublicKey

type AttestorPublicKey_PkixPublicKey struct {
	// A raw PKIX SubjectPublicKeyInfo format public key.
	//
	// NOTE: `id` may be explicitly provided by the caller when using this
	// type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
	// blank, a default one will be computed based on the digest of the DER
	// encoding of the public key.
	PkixPublicKey *PkixPublicKey `protobuf:"bytes,5,opt,name=pkix_public_key,json=pkixPublicKey,proto3,oneof"`
}

Attestor_UserOwnedDrydockNote

type Attestor_UserOwnedDrydockNote struct {
	// A Drydock ATTESTATION_AUTHORITY Note, created by the user.
	UserOwnedDrydockNote *UserOwnedDrydockNote `protobuf:"bytes,3,opt,name=user_owned_drydock_note,json=userOwnedDrydockNote,proto3,oneof"`
}

BinauthzManagementServiceV1Beta1Client

type BinauthzManagementServiceV1Beta1Client interface {
	// A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to
	// a container image, before the project is allowed to deploy that
	// image. There is at most one policy per project. All image admission
	// requests are permitted if a project has no policy.
	//
	// Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this project. Returns a default
	// [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project does not have one.
	GetPolicy(ctx context.Context, in *GetPolicyRequest, opts ...grpc.CallOption) (*Policy, error)
	// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a copy of the
	// new [policy][google.cloud.binaryauthorization.v1beta1.Policy]. A policy is always updated as a whole, to avoid race
	// conditions with concurrent policy enforcement (or management!)
	// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
	// if the request is malformed.
	UpdatePolicy(ctx context.Context, in *UpdatePolicyRequest, opts ...grpc.CallOption) (*Policy, error)
	// Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], and returns a copy of the new
	// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the project does not exist,
	// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
	// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already exists.
	CreateAttestor(ctx context.Context, in *CreateAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
	// Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
	// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
	GetAttestor(ctx context.Context, in *GetAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
	// Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
	// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
	UpdateAttestor(ctx context.Context, in *UpdateAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
	// Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
	// Returns INVALID_ARGUMENT if the project does not exist.
	ListAttestors(ctx context.Context, in *ListAttestorsRequest, opts ...grpc.CallOption) (*ListAttestorsResponse, error)
	// Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the
	// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
	DeleteAttestor(ctx context.Context, in *DeleteAttestorRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
}

BinauthzManagementServiceV1Beta1Client is the client API for BinauthzManagementServiceV1Beta1 service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewBinauthzManagementServiceV1Beta1Client

func NewBinauthzManagementServiceV1Beta1Client(cc grpc.ClientConnInterface) BinauthzManagementServiceV1Beta1Client

BinauthzManagementServiceV1Beta1Server

type BinauthzManagementServiceV1Beta1Server interface {
	// A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to
	// a container image, before the project is allowed to deploy that
	// image. There is at most one policy per project. All image admission
	// requests are permitted if a project has no policy.
	//
	// Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this project. Returns a default
	// [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project does not have one.
	GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
	// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a copy of the
	// new [policy][google.cloud.binaryauthorization.v1beta1.Policy]. A policy is always updated as a whole, to avoid race
	// conditions with concurrent policy enforcement (or management!)
	// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
	// if the request is malformed.
	UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)
	// Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], and returns a copy of the new
	// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the project does not exist,
	// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
	// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already exists.
	CreateAttestor(context.Context, *CreateAttestorRequest) (*Attestor, error)
	// Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
	// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
	GetAttestor(context.Context, *GetAttestorRequest) (*Attestor, error)
	// Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
	// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
	UpdateAttestor(context.Context, *UpdateAttestorRequest) (*Attestor, error)
	// Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
	// Returns INVALID_ARGUMENT if the project does not exist.
	ListAttestors(context.Context, *ListAttestorsRequest) (*ListAttestorsResponse, error)
	// Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the
	// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
	DeleteAttestor(context.Context, *DeleteAttestorRequest) (*emptypb.Empty, error)
}

BinauthzManagementServiceV1Beta1Server is the server API for BinauthzManagementServiceV1Beta1 service.

ContinuousValidationEvent

type ContinuousValidationEvent struct {

	// Type of CV event.
	//
	// Types that are assignable to EventType:
	//
	//	*ContinuousValidationEvent_PodEvent
	//	*ContinuousValidationEvent_UnsupportedPolicyEvent_
	EventType isContinuousValidationEvent_EventType `protobuf_oneof:"event_type"`
	// contains filtered or unexported fields
}

Represents an auditing event from Continuous Validation.

func (*ContinuousValidationEvent) Descriptor

func (*ContinuousValidationEvent) Descriptor() ([]byte, []int)

Deprecated: Use ContinuousValidationEvent.ProtoReflect.Descriptor instead.

func (*ContinuousValidationEvent) GetEventType

func (m *ContinuousValidationEvent) GetEventType() isContinuousValidationEvent_EventType

func (*ContinuousValidationEvent) GetPodEvent

func (*ContinuousValidationEvent) GetUnsupportedPolicyEvent

func (*ContinuousValidationEvent) ProtoMessage

func (*ContinuousValidationEvent) ProtoMessage()

func (*ContinuousValidationEvent) ProtoReflect

func (*ContinuousValidationEvent) Reset

func (x *ContinuousValidationEvent) Reset()

func (*ContinuousValidationEvent) String

func (x *ContinuousValidationEvent) String() string

ContinuousValidationEvent_ContinuousValidationPodEvent

type ContinuousValidationEvent_ContinuousValidationPodEvent struct {
	PodNamespace string `protobuf:"bytes,7,opt,name=pod_namespace,json=podNamespace,proto3" json:"pod_namespace,omitempty"`

	Pod string `protobuf:"bytes,1,opt,name=pod,proto3" json:"pod,omitempty"`

	DeployTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=deploy_time,json=deployTime,proto3" json:"deploy_time,omitempty"`

	EndTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=end_time,json=endTime,proto3" json:"end_time,omitempty"`

	Verdict ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict "" /* 194 byte string literal not displayed */

	Images []*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails `protobuf:"bytes,5,rep,name=images,proto3" json:"images,omitempty"`

}

An auditing event for one Pod.

func (*ContinuousValidationEvent_ContinuousValidationPodEvent) Descriptor

Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent.ProtoReflect.Descriptor instead.

func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetDeployTime

func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetEndTime

func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetImages

func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetPod

func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetPodNamespace

func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetVerdict

func (*ContinuousValidationEvent_ContinuousValidationPodEvent) ProtoMessage

func (*ContinuousValidationEvent_ContinuousValidationPodEvent) ProtoReflect

func (*ContinuousValidationEvent_ContinuousValidationPodEvent) Reset

func (*ContinuousValidationEvent_ContinuousValidationPodEvent) String

ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails

type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails struct {
	Image string `protobuf:"bytes,1,opt,name=image,proto3" json:"image,omitempty"`

	Result ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult "" /* 192 byte string literal not displayed */

	Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`

}

Container image with auditing details.

func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) Descriptor

Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails.ProtoReflect.Descriptor instead.

func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetDescription

func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetImage

func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetResult

func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) ProtoMessage

func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) ProtoReflect

func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) Reset

func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) String

ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult

type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult int32

Result of the audit.

ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AUDIT_RESULT_UNSPECIFIED, ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ALLOW, ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_DENY

const (
	// Unspecified result. This is an error.
	ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AUDIT_RESULT_UNSPECIFIED ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult = 0
	// Image is allowed.
	ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ALLOW ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult = 1
	// Image is denied.
	ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_DENY ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult = 2
)

func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Descriptor

func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Enum

func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) EnumDescriptor

Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult.Descriptor instead.

func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Number

func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) String

func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Type

ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict

type ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict int32

Audit time policy conformance verdict.

ContinuousValidationEvent_ContinuousValidationPodEvent_POLICY_CONFORMANCE_VERDICT_UNSPECIFIED, ContinuousValidationEvent_ContinuousValidationPodEvent_VIOLATES_POLICY

const (
	// We should always have a verdict. This is an error.
	ContinuousValidationEvent_ContinuousValidationPodEvent_POLICY_CONFORMANCE_VERDICT_UNSPECIFIED ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict = 0
	// The pod violates the policy.
	ContinuousValidationEvent_ContinuousValidationPodEvent_VIOLATES_POLICY ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict = 1
)

func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Descriptor

func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Enum

func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) EnumDescriptor

Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict.Descriptor instead.

func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Number

func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) String

func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Type

ContinuousValidationEvent_PodEvent

type ContinuousValidationEvent_PodEvent struct {
	// Pod event.
	PodEvent *ContinuousValidationEvent_ContinuousValidationPodEvent `protobuf:"bytes,1,opt,name=pod_event,json=podEvent,proto3,oneof"`
}

ContinuousValidationEvent_UnsupportedPolicyEvent

type ContinuousValidationEvent_UnsupportedPolicyEvent struct {

	// A description of the unsupported policy.
	Description string `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"`
	// contains filtered or unexported fields
}

An event describing that the project policy is unsupported by CV.

func (*ContinuousValidationEvent_UnsupportedPolicyEvent) Descriptor

Deprecated: Use ContinuousValidationEvent_UnsupportedPolicyEvent.ProtoReflect.Descriptor instead.

func (*ContinuousValidationEvent_UnsupportedPolicyEvent) GetDescription

func (*ContinuousValidationEvent_UnsupportedPolicyEvent) ProtoMessage

func (*ContinuousValidationEvent_UnsupportedPolicyEvent) ProtoReflect

func (*ContinuousValidationEvent_UnsupportedPolicyEvent) Reset

func (*ContinuousValidationEvent_UnsupportedPolicyEvent) String

ContinuousValidationEvent_UnsupportedPolicyEvent_

type ContinuousValidationEvent_UnsupportedPolicyEvent_ struct {
	// Unsupported policy event.
	UnsupportedPolicyEvent *ContinuousValidationEvent_UnsupportedPolicyEvent `protobuf:"bytes,2,opt,name=unsupported_policy_event,json=unsupportedPolicyEvent,proto3,oneof"`
}

CreateAttestorRequest

type CreateAttestorRequest struct {

	// Required. The parent of this [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. The [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] ID.
	AttestorId string `protobuf:"bytes,2,opt,name=attestor_id,json=attestorId,proto3" json:"attestor_id,omitempty"`
	// Required. The initial [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] value. The service will
	// overwrite the [attestor name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with the resource name,
	// in the format `projects/*/attestors/*`.
	Attestor *Attestor `protobuf:"bytes,3,opt,name=attestor,proto3" json:"attestor,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.CreateAttestor][].

func (*CreateAttestorRequest) Descriptor

func (*CreateAttestorRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateAttestorRequest.ProtoReflect.Descriptor instead.

func (*CreateAttestorRequest) GetAttestor

func (x *CreateAttestorRequest) GetAttestor() *Attestor

func (*CreateAttestorRequest) GetAttestorId

func (x *CreateAttestorRequest) GetAttestorId() string

func (*CreateAttestorRequest) GetParent

func (x *CreateAttestorRequest) GetParent() string

func (*CreateAttestorRequest) ProtoMessage

func (*CreateAttestorRequest) ProtoMessage()

func (*CreateAttestorRequest) ProtoReflect

func (x *CreateAttestorRequest) ProtoReflect() protoreflect.Message

func (*CreateAttestorRequest) Reset

func (x *CreateAttestorRequest) Reset()

func (*CreateAttestorRequest) String

func (x *CreateAttestorRequest) String() string

DeleteAttestorRequest

type DeleteAttestorRequest struct {

	// Required. The name of the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] to delete, in the format
	// `projects/*/attestors/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.DeleteAttestor][].

func (*DeleteAttestorRequest) Descriptor

func (*DeleteAttestorRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteAttestorRequest.ProtoReflect.Descriptor instead.

func (*DeleteAttestorRequest) GetName

func (x *DeleteAttestorRequest) GetName() string

func (*DeleteAttestorRequest) ProtoMessage

func (*DeleteAttestorRequest) ProtoMessage()

func (*DeleteAttestorRequest) ProtoReflect

func (x *DeleteAttestorRequest) ProtoReflect() protoreflect.Message

func (*DeleteAttestorRequest) Reset

func (x *DeleteAttestorRequest) Reset()

func (*DeleteAttestorRequest) String

func (x *DeleteAttestorRequest) String() string

GetAttestorRequest

type GetAttestorRequest struct {

	// Required. The name of the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] to retrieve, in the format
	// `projects/*/attestors/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.GetAttestor][].

func (*GetAttestorRequest) Descriptor

func (*GetAttestorRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetAttestorRequest.ProtoReflect.Descriptor instead.

func (*GetAttestorRequest) GetName

func (x *GetAttestorRequest) GetName() string

func (*GetAttestorRequest) ProtoMessage

func (*GetAttestorRequest) ProtoMessage()

func (*GetAttestorRequest) ProtoReflect

func (x *GetAttestorRequest) ProtoReflect() protoreflect.Message

func (*GetAttestorRequest) Reset

func (x *GetAttestorRequest) Reset()

func (*GetAttestorRequest) String

func (x *GetAttestorRequest) String() string

GetPolicyRequest

type GetPolicyRequest struct {

	// Required. The resource name of the [policy][google.cloud.binaryauthorization.v1beta1.Policy] to retrieve,
	// in the format `projects/*/policy`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.GetPolicy][].

func (*GetPolicyRequest) Descriptor

func (*GetPolicyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPolicyRequest.ProtoReflect.Descriptor instead.

func (*GetPolicyRequest) GetName

func (x *GetPolicyRequest) GetName() string

func (*GetPolicyRequest) ProtoMessage

func (*GetPolicyRequest) ProtoMessage()

func (*GetPolicyRequest) ProtoReflect

func (x *GetPolicyRequest) ProtoReflect() protoreflect.Message

func (*GetPolicyRequest) Reset

func (x *GetPolicyRequest) Reset()

func (*GetPolicyRequest) String

func (x *GetPolicyRequest) String() string

GetSystemPolicyRequest

type GetSystemPolicyRequest struct {

	// Required. The resource name, in the format `locations/*/policy`.
	// Note that the system policy is not associated with a project.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request to read the current system policy.

func (*GetSystemPolicyRequest) Descriptor

func (*GetSystemPolicyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetSystemPolicyRequest.ProtoReflect.Descriptor instead.

func (*GetSystemPolicyRequest) GetName

func (x *GetSystemPolicyRequest) GetName() string

func (*GetSystemPolicyRequest) ProtoMessage

func (*GetSystemPolicyRequest) ProtoMessage()

func (*GetSystemPolicyRequest) ProtoReflect

func (x *GetSystemPolicyRequest) ProtoReflect() protoreflect.Message

func (*GetSystemPolicyRequest) Reset

func (x *GetSystemPolicyRequest) Reset()

func (*GetSystemPolicyRequest) String

func (x *GetSystemPolicyRequest) String() string

ListAttestorsRequest

type ListAttestorsRequest struct {

	// Required. The resource name of the project associated with the
	// [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], in the format `projects/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Requested page size. The server may return fewer results than requested. If
	// unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// A token identifying a page of results the server should return. Typically,
	// this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1beta1.ListAttestorsResponse.next_page_token] returned
	// from the previous call to the `ListAttestors` method.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.ListAttestors][].

func (*ListAttestorsRequest) Descriptor

func (*ListAttestorsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListAttestorsRequest.ProtoReflect.Descriptor instead.

func (*ListAttestorsRequest) GetPageSize

func (x *ListAttestorsRequest) GetPageSize() int32

func (*ListAttestorsRequest) GetPageToken

func (x *ListAttestorsRequest) GetPageToken() string

func (*ListAttestorsRequest) GetParent

func (x *ListAttestorsRequest) GetParent() string

func (*ListAttestorsRequest) ProtoMessage

func (*ListAttestorsRequest) ProtoMessage()

func (*ListAttestorsRequest) ProtoReflect

func (x *ListAttestorsRequest) ProtoReflect() protoreflect.Message

func (*ListAttestorsRequest) Reset

func (x *ListAttestorsRequest) Reset()

func (*ListAttestorsRequest) String

func (x *ListAttestorsRequest) String() string

ListAttestorsResponse

type ListAttestorsResponse struct {

	// The list of [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
	Attestors []*Attestor `protobuf:"bytes,1,rep,name=attestors,proto3" json:"attestors,omitempty"`
	// A token to retrieve the next page of results. Pass this value in the
	// [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1beta1.ListAttestorsRequest.page_token] field in the subsequent call to the
	// `ListAttestors` method to retrieve the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

Response message for [BinauthzManagementService.ListAttestors][].

func (*ListAttestorsResponse) Descriptor

func (*ListAttestorsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListAttestorsResponse.ProtoReflect.Descriptor instead.

func (*ListAttestorsResponse) GetAttestors

func (x *ListAttestorsResponse) GetAttestors() []*Attestor

func (*ListAttestorsResponse) GetNextPageToken

func (x *ListAttestorsResponse) GetNextPageToken() string

func (*ListAttestorsResponse) ProtoMessage

func (*ListAttestorsResponse) ProtoMessage()

func (*ListAttestorsResponse) ProtoReflect

func (x *ListAttestorsResponse) ProtoReflect() protoreflect.Message

func (*ListAttestorsResponse) Reset

func (x *ListAttestorsResponse) Reset()

func (*ListAttestorsResponse) String

func (x *ListAttestorsResponse) String() string

PkixPublicKey

type PkixPublicKey struct {
	PublicKeyPem string `protobuf:"bytes,1,opt,name=public_key_pem,json=publicKeyPem,proto3" json:"public_key_pem,omitempty"`

	SignatureAlgorithm PkixPublicKey_SignatureAlgorithm "" /* 195 byte string literal not displayed */

}

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

func (*PkixPublicKey) Descriptor

func (*PkixPublicKey) Descriptor() ([]byte, []int)

Deprecated: Use PkixPublicKey.ProtoReflect.Descriptor instead.

func (*PkixPublicKey) GetPublicKeyPem

func (x *PkixPublicKey) GetPublicKeyPem() string

func (*PkixPublicKey) GetSignatureAlgorithm

func (x *PkixPublicKey) GetSignatureAlgorithm() PkixPublicKey_SignatureAlgorithm

func (*PkixPublicKey) ProtoMessage

func (*PkixPublicKey) ProtoMessage()

func (*PkixPublicKey) ProtoReflect

func (x *PkixPublicKey) ProtoReflect() protoreflect.Message

func (*PkixPublicKey) Reset

func (x *PkixPublicKey) Reset()

func (*PkixPublicKey) String

func (x *PkixPublicKey) String() string

PkixPublicKey_SignatureAlgorithm

type PkixPublicKey_SignatureAlgorithm int32

Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS.

PkixPublicKey_SIGNATURE_ALGORITHM_UNSPECIFIED, PkixPublicKey_RSA_PSS_2048_SHA256, PkixPublicKey_RSA_PSS_3072_SHA256, PkixPublicKey_RSA_PSS_4096_SHA256, PkixPublicKey_RSA_PSS_4096_SHA512, PkixPublicKey_RSA_SIGN_PKCS1_2048_SHA256, PkixPublicKey_RSA_SIGN_PKCS1_3072_SHA256, PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA256, PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA512, PkixPublicKey_ECDSA_P256_SHA256, PkixPublicKey_EC_SIGN_P256_SHA256, PkixPublicKey_ECDSA_P384_SHA384, PkixPublicKey_EC_SIGN_P384_SHA384, PkixPublicKey_ECDSA_P521_SHA512, PkixPublicKey_EC_SIGN_P521_SHA512

const (
	// Not specified.
	PkixPublicKey_SIGNATURE_ALGORITHM_UNSPECIFIED PkixPublicKey_SignatureAlgorithm = 0
	// RSASSA-PSS 2048 bit key with a SHA256 digest.
	PkixPublicKey_RSA_PSS_2048_SHA256 PkixPublicKey_SignatureAlgorithm = 1
	// RSASSA-PSS 3072 bit key with a SHA256 digest.
	PkixPublicKey_RSA_PSS_3072_SHA256 PkixPublicKey_SignatureAlgorithm = 2
	// RSASSA-PSS 4096 bit key with a SHA256 digest.
	PkixPublicKey_RSA_PSS_4096_SHA256 PkixPublicKey_SignatureAlgorithm = 3
	// RSASSA-PSS 4096 bit key with a SHA512 digest.
	PkixPublicKey_RSA_PSS_4096_SHA512 PkixPublicKey_SignatureAlgorithm = 4
	// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
	PkixPublicKey_RSA_SIGN_PKCS1_2048_SHA256 PkixPublicKey_SignatureAlgorithm = 5
	// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
	PkixPublicKey_RSA_SIGN_PKCS1_3072_SHA256 PkixPublicKey_SignatureAlgorithm = 6
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
	PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA256 PkixPublicKey_SignatureAlgorithm = 7
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
	PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA512 PkixPublicKey_SignatureAlgorithm = 8
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	PkixPublicKey_ECDSA_P256_SHA256 PkixPublicKey_SignatureAlgorithm = 9
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	PkixPublicKey_EC_SIGN_P256_SHA256 PkixPublicKey_SignatureAlgorithm = 9
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	PkixPublicKey_ECDSA_P384_SHA384 PkixPublicKey_SignatureAlgorithm = 10
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	PkixPublicKey_EC_SIGN_P384_SHA384 PkixPublicKey_SignatureAlgorithm = 10
	// ECDSA on the NIST P-521 curve with a SHA512 digest.
	PkixPublicKey_ECDSA_P521_SHA512 PkixPublicKey_SignatureAlgorithm = 11
	// ECDSA on the NIST P-521 curve with a SHA512 digest.
	PkixPublicKey_EC_SIGN_P521_SHA512 PkixPublicKey_SignatureAlgorithm = 11
)

func (PkixPublicKey_SignatureAlgorithm) Descriptor

func (PkixPublicKey_SignatureAlgorithm) Enum

func (PkixPublicKey_SignatureAlgorithm) EnumDescriptor

func (PkixPublicKey_SignatureAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use PkixPublicKey_SignatureAlgorithm.Descriptor instead.

func (PkixPublicKey_SignatureAlgorithm) Number

func (PkixPublicKey_SignatureAlgorithm) String

func (PkixPublicKey_SignatureAlgorithm) Type

Policy

type Policy struct {
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`

	Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`

	GlobalPolicyEvaluationMode Policy_GlobalPolicyEvaluationMode "" /* 224 byte string literal not displayed */

	AdmissionWhitelistPatterns []*AdmissionWhitelistPattern "" /* 141 byte string literal not displayed */

	ClusterAdmissionRules map[string]*AdmissionRule "" /* 214 byte string literal not displayed */

	KubernetesNamespaceAdmissionRules map[string]*AdmissionRule "" /* 253 byte string literal not displayed */

	KubernetesServiceAccountAdmissionRules map[string]*AdmissionRule "" /* 269 byte string literal not displayed */

	IstioServiceIdentityAdmissionRules map[string]*AdmissionRule "" /* 257 byte string literal not displayed */

	DefaultAdmissionRule *AdmissionRule `protobuf:"bytes,4,opt,name=default_admission_rule,json=defaultAdmissionRule,proto3" json:"default_admission_rule,omitempty"`

	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`

}

A [policy][google.cloud.binaryauthorization.v1beta1.Policy] for Binary Authorization.

func (*Policy) Descriptor

func (*Policy) Descriptor() ([]byte, []int)

Deprecated: Use Policy.ProtoReflect.Descriptor instead.

func (*Policy) GetAdmissionWhitelistPatterns

func (x *Policy) GetAdmissionWhitelistPatterns() []*AdmissionWhitelistPattern

func (*Policy) GetClusterAdmissionRules

func (x *Policy) GetClusterAdmissionRules() map[string]*AdmissionRule

func (*Policy) GetDefaultAdmissionRule

func (x *Policy) GetDefaultAdmissionRule() *AdmissionRule

func (*Policy) GetDescription

func (x *Policy) GetDescription() string

func (*Policy) GetGlobalPolicyEvaluationMode

func (x *Policy) GetGlobalPolicyEvaluationMode() Policy_GlobalPolicyEvaluationMode

func (*Policy) GetIstioServiceIdentityAdmissionRules

func (x *Policy) GetIstioServiceIdentityAdmissionRules() map[string]*AdmissionRule

func (*Policy) GetKubernetesNamespaceAdmissionRules

func (x *Policy) GetKubernetesNamespaceAdmissionRules() map[string]*AdmissionRule

func (*Policy) GetKubernetesServiceAccountAdmissionRules

func (x *Policy) GetKubernetesServiceAccountAdmissionRules() map[string]*AdmissionRule

func (*Policy) GetName

func (x *Policy) GetName() string

func (*Policy) GetUpdateTime

func (x *Policy) GetUpdateTime() *timestamppb.Timestamp

func (*Policy) ProtoMessage

func (*Policy) ProtoMessage()

func (*Policy) ProtoReflect

func (x *Policy) ProtoReflect() protoreflect.Message

func (*Policy) Reset

func (x *Policy) Reset()

func (*Policy) String

func (x *Policy) String() string

Policy_GlobalPolicyEvaluationMode

type Policy_GlobalPolicyEvaluationMode int32

Policy_GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, Policy_ENABLE, Policy_DISABLE

const (
	// Not specified: DISABLE is assumed.
	Policy_GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED Policy_GlobalPolicyEvaluationMode = 0
	// Enables system policy evaluation.
	Policy_ENABLE Policy_GlobalPolicyEvaluationMode = 1
	// Disables system policy evaluation.
	Policy_DISABLE Policy_GlobalPolicyEvaluationMode = 2
)

func (Policy_GlobalPolicyEvaluationMode) Descriptor

func (Policy_GlobalPolicyEvaluationMode) Enum

func (Policy_GlobalPolicyEvaluationMode) EnumDescriptor

func (Policy_GlobalPolicyEvaluationMode) EnumDescriptor() ([]byte, []int)

Deprecated: Use Policy_GlobalPolicyEvaluationMode.Descriptor instead.

func (Policy_GlobalPolicyEvaluationMode) Number

func (Policy_GlobalPolicyEvaluationMode) String

func (Policy_GlobalPolicyEvaluationMode) Type

SystemPolicyV1Beta1Client

type SystemPolicyV1Beta1Client interface {
	// Gets the current system policy in the specified location.
	GetSystemPolicy(ctx context.Context, in *GetSystemPolicyRequest, opts ...grpc.CallOption) (*Policy, error)
}

SystemPolicyV1Beta1Client is the client API for SystemPolicyV1Beta1 service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewSystemPolicyV1Beta1Client

func NewSystemPolicyV1Beta1Client(cc grpc.ClientConnInterface) SystemPolicyV1Beta1Client

SystemPolicyV1Beta1Server

type SystemPolicyV1Beta1Server interface {
	// Gets the current system policy in the specified location.
	GetSystemPolicy(context.Context, *GetSystemPolicyRequest) (*Policy, error)
}

SystemPolicyV1Beta1Server is the server API for SystemPolicyV1Beta1 service.

UnimplementedBinauthzManagementServiceV1Beta1Server

type UnimplementedBinauthzManagementServiceV1Beta1Server struct {
}

UnimplementedBinauthzManagementServiceV1Beta1Server can be embedded to have forward compatible implementations.

func (*UnimplementedBinauthzManagementServiceV1Beta1Server) CreateAttestor

func (*UnimplementedBinauthzManagementServiceV1Beta1Server) DeleteAttestor

func (*UnimplementedBinauthzManagementServiceV1Beta1Server) GetAttestor

func (*UnimplementedBinauthzManagementServiceV1Beta1Server) GetPolicy

func (*UnimplementedBinauthzManagementServiceV1Beta1Server) ListAttestors

func (*UnimplementedBinauthzManagementServiceV1Beta1Server) UpdateAttestor

func (*UnimplementedBinauthzManagementServiceV1Beta1Server) UpdatePolicy

UnimplementedSystemPolicyV1Beta1Server

type UnimplementedSystemPolicyV1Beta1Server struct {
}

UnimplementedSystemPolicyV1Beta1Server can be embedded to have forward compatible implementations.

func (*UnimplementedSystemPolicyV1Beta1Server) GetSystemPolicy

UpdateAttestorRequest

type UpdateAttestorRequest struct {

	// Required. The updated [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] value. The service will
	// overwrite the [attestor name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with the resource name
	// in the request URL, in the format `projects/*/attestors/*`.
	Attestor *Attestor `protobuf:"bytes,1,opt,name=attestor,proto3" json:"attestor,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.UpdateAttestor][].

func (*UpdateAttestorRequest) Descriptor

func (*UpdateAttestorRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateAttestorRequest.ProtoReflect.Descriptor instead.

func (*UpdateAttestorRequest) GetAttestor

func (x *UpdateAttestorRequest) GetAttestor() *Attestor

func (*UpdateAttestorRequest) ProtoMessage

func (*UpdateAttestorRequest) ProtoMessage()

func (*UpdateAttestorRequest) ProtoReflect

func (x *UpdateAttestorRequest) ProtoReflect() protoreflect.Message

func (*UpdateAttestorRequest) Reset

func (x *UpdateAttestorRequest) Reset()

func (*UpdateAttestorRequest) String

func (x *UpdateAttestorRequest) String() string

UpdatePolicyRequest

type UpdatePolicyRequest struct {

	// Required. A new or updated [policy][google.cloud.binaryauthorization.v1beta1.Policy] value. The service will
	// overwrite the [policy name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the resource name in
	// the request URL, in the format `projects/*/policy`.
	Policy *Policy `protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.UpdatePolicy][].

func (*UpdatePolicyRequest) Descriptor

func (*UpdatePolicyRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdatePolicyRequest.ProtoReflect.Descriptor instead.

func (*UpdatePolicyRequest) GetPolicy

func (x *UpdatePolicyRequest) GetPolicy() *Policy

func (*UpdatePolicyRequest) ProtoMessage

func (*UpdatePolicyRequest) ProtoMessage()

func (*UpdatePolicyRequest) ProtoReflect

func (x *UpdatePolicyRequest) ProtoReflect() protoreflect.Message

func (*UpdatePolicyRequest) Reset

func (x *UpdatePolicyRequest) Reset()

func (*UpdatePolicyRequest) String

func (x *UpdatePolicyRequest) String() string

UserOwnedDrydockNote

type UserOwnedDrydockNote struct {
	NoteReference string `protobuf:"bytes,1,opt,name=note_reference,json=noteReference,proto3" json:"note_reference,omitempty"`

	PublicKeys []*AttestorPublicKey `protobuf:"bytes,2,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"`

	DelegationServiceAccountEmail string "" /* 152 byte string literal not displayed */

}

An [user owned drydock note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote] references a Drydock ATTESTATION_AUTHORITY Note created by the user.

func (*UserOwnedDrydockNote) Descriptor

func (*UserOwnedDrydockNote) Descriptor() ([]byte, []int)

Deprecated: Use UserOwnedDrydockNote.ProtoReflect.Descriptor instead.

func (*UserOwnedDrydockNote) GetDelegationServiceAccountEmail

func (x *UserOwnedDrydockNote) GetDelegationServiceAccountEmail() string

func (*UserOwnedDrydockNote) GetNoteReference

func (x *UserOwnedDrydockNote) GetNoteReference() string

func (*UserOwnedDrydockNote) GetPublicKeys

func (x *UserOwnedDrydockNote) GetPublicKeys() []*AttestorPublicKey

func (*UserOwnedDrydockNote) ProtoMessage

func (*UserOwnedDrydockNote) ProtoMessage()

func (*UserOwnedDrydockNote) ProtoReflect

func (x *UserOwnedDrydockNote) ProtoReflect() protoreflect.Message

func (*UserOwnedDrydockNote) Reset

func (x *UserOwnedDrydockNote) Reset()

func (*UserOwnedDrydockNote) String

func (x *UserOwnedDrydockNote) String() string