Variables
ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict_name, ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict_value
var (
ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict_name = map[int32]string{
0: "POLICY_CONFORMANCE_VERDICT_UNSPECIFIED",
1: "VIOLATES_POLICY",
}
ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict_value = map[string]int32{
"POLICY_CONFORMANCE_VERDICT_UNSPECIFIED": 0,
"VIOLATES_POLICY": 1,
}
)
Enum value maps for ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict.
ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult_name, ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult_value
var (
ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult_name = map[int32]string{
0: "AUDIT_RESULT_UNSPECIFIED",
1: "ALLOW",
2: "DENY",
}
ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult_value = map[string]int32{
"AUDIT_RESULT_UNSPECIFIED": 0,
"ALLOW": 1,
"DENY": 2,
}
)
Enum value maps for ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult.
Policy_GlobalPolicyEvaluationMode_name, Policy_GlobalPolicyEvaluationMode_value
var (
Policy_GlobalPolicyEvaluationMode_name = map[int32]string{
0: "GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED",
1: "ENABLE",
2: "DISABLE",
}
Policy_GlobalPolicyEvaluationMode_value = map[string]int32{
"GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED": 0,
"ENABLE": 1,
"DISABLE": 2,
}
)
Enum value maps for Policy_GlobalPolicyEvaluationMode.
AdmissionRule_EvaluationMode_name, AdmissionRule_EvaluationMode_value
var (
AdmissionRule_EvaluationMode_name = map[int32]string{
0: "EVALUATION_MODE_UNSPECIFIED",
1: "ALWAYS_ALLOW",
2: "REQUIRE_ATTESTATION",
3: "ALWAYS_DENY",
}
AdmissionRule_EvaluationMode_value = map[string]int32{
"EVALUATION_MODE_UNSPECIFIED": 0,
"ALWAYS_ALLOW": 1,
"REQUIRE_ATTESTATION": 2,
"ALWAYS_DENY": 3,
}
)
Enum value maps for AdmissionRule_EvaluationMode.
AdmissionRule_EnforcementMode_name, AdmissionRule_EnforcementMode_value
var (
AdmissionRule_EnforcementMode_name = map[int32]string{
0: "ENFORCEMENT_MODE_UNSPECIFIED",
1: "ENFORCED_BLOCK_AND_AUDIT_LOG",
2: "DRYRUN_AUDIT_LOG_ONLY",
}
AdmissionRule_EnforcementMode_value = map[string]int32{
"ENFORCEMENT_MODE_UNSPECIFIED": 0,
"ENFORCED_BLOCK_AND_AUDIT_LOG": 1,
"DRYRUN_AUDIT_LOG_ONLY": 2,
}
)
Enum value maps for AdmissionRule_EnforcementMode.
PkixPublicKey_SignatureAlgorithm_name, PkixPublicKey_SignatureAlgorithm_value
var (
PkixPublicKey_SignatureAlgorithm_name = map[int32]string{
0: "SIGNATURE_ALGORITHM_UNSPECIFIED",
1: "RSA_PSS_2048_SHA256",
2: "RSA_PSS_3072_SHA256",
3: "RSA_PSS_4096_SHA256",
4: "RSA_PSS_4096_SHA512",
5: "RSA_SIGN_PKCS1_2048_SHA256",
6: "RSA_SIGN_PKCS1_3072_SHA256",
7: "RSA_SIGN_PKCS1_4096_SHA256",
8: "RSA_SIGN_PKCS1_4096_SHA512",
9: "ECDSA_P256_SHA256",
10: "ECDSA_P384_SHA384",
11: "ECDSA_P521_SHA512",
}
PkixPublicKey_SignatureAlgorithm_value = map[string]int32{
"SIGNATURE_ALGORITHM_UNSPECIFIED": 0,
"RSA_PSS_2048_SHA256": 1,
"RSA_PSS_3072_SHA256": 2,
"RSA_PSS_4096_SHA256": 3,
"RSA_PSS_4096_SHA512": 4,
"RSA_SIGN_PKCS1_2048_SHA256": 5,
"RSA_SIGN_PKCS1_3072_SHA256": 6,
"RSA_SIGN_PKCS1_4096_SHA256": 7,
"RSA_SIGN_PKCS1_4096_SHA512": 8,
"ECDSA_P256_SHA256": 9,
"EC_SIGN_P256_SHA256": 9,
"ECDSA_P384_SHA384": 10,
"EC_SIGN_P384_SHA384": 10,
"ECDSA_P521_SHA512": 11,
"EC_SIGN_P521_SHA512": 11,
}
)
Enum value maps for PkixPublicKey_SignatureAlgorithm.
File_google_cloud_binaryauthorization_v1beta1_continuous_validation_logging_proto
var File_google_cloud_binaryauthorization_v1beta1_continuous_validation_logging_proto protoreflect.FileDescriptor
File_google_cloud_binaryauthorization_v1beta1_resources_proto
var File_google_cloud_binaryauthorization_v1beta1_resources_proto protoreflect.FileDescriptor
File_google_cloud_binaryauthorization_v1beta1_service_proto
var File_google_cloud_binaryauthorization_v1beta1_service_proto protoreflect.FileDescriptor
Functions
func RegisterBinauthzManagementServiceV1Beta1Server
func RegisterBinauthzManagementServiceV1Beta1Server(s *grpc.Server, srv BinauthzManagementServiceV1Beta1Server)
func RegisterSystemPolicyV1Beta1Server
func RegisterSystemPolicyV1Beta1Server(s *grpc.Server, srv SystemPolicyV1Beta1Server)
AdmissionRule
type AdmissionRule struct {
EvaluationMode AdmissionRule_EvaluationMode "" /* 179 byte string literal not displayed */
RequireAttestationsBy []string `protobuf:"bytes,2,rep,name=require_attestations_by,json=requireAttestationsBy,proto3" json:"require_attestations_by,omitempty"`
EnforcementMode AdmissionRule_EnforcementMode "" /* 183 byte string literal not displayed */
}
An [admission rule][google.cloud.binaryauthorization.v1beta1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied.
Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.
func (*AdmissionRule) Descriptor
func (*AdmissionRule) Descriptor() ([]byte, []int)
Deprecated: Use AdmissionRule.ProtoReflect.Descriptor instead.
func (*AdmissionRule) GetEnforcementMode
func (x *AdmissionRule) GetEnforcementMode() AdmissionRule_EnforcementMode
func (*AdmissionRule) GetEvaluationMode
func (x *AdmissionRule) GetEvaluationMode() AdmissionRule_EvaluationMode
func (*AdmissionRule) GetRequireAttestationsBy
func (x *AdmissionRule) GetRequireAttestationsBy() []string
func (*AdmissionRule) ProtoMessage
func (*AdmissionRule) ProtoMessage()
func (*AdmissionRule) ProtoReflect
func (x *AdmissionRule) ProtoReflect() protoreflect.Message
func (*AdmissionRule) Reset
func (x *AdmissionRule) Reset()
func (*AdmissionRule) String
func (x *AdmissionRule) String() string
AdmissionRule_EnforcementMode
type AdmissionRule_EnforcementMode int32
Defines the possible actions when a pod creation is denied by an admission rule.
AdmissionRule_ENFORCEMENT_MODE_UNSPECIFIED, AdmissionRule_ENFORCED_BLOCK_AND_AUDIT_LOG, AdmissionRule_DRYRUN_AUDIT_LOG_ONLY
const (
// Do not use.
AdmissionRule_ENFORCEMENT_MODE_UNSPECIFIED AdmissionRule_EnforcementMode = 0
// Enforce the admission rule by blocking the pod creation.
AdmissionRule_ENFORCED_BLOCK_AND_AUDIT_LOG AdmissionRule_EnforcementMode = 1
// Dryrun mode: Audit logging only. This will allow the pod creation as if
// the admission request had specified break-glass.
AdmissionRule_DRYRUN_AUDIT_LOG_ONLY AdmissionRule_EnforcementMode = 2
)
func (AdmissionRule_EnforcementMode) Descriptor
func (AdmissionRule_EnforcementMode) Descriptor() protoreflect.EnumDescriptor
func (AdmissionRule_EnforcementMode) Enum
func (x AdmissionRule_EnforcementMode) Enum() *AdmissionRule_EnforcementMode
func (AdmissionRule_EnforcementMode) EnumDescriptor
func (AdmissionRule_EnforcementMode) EnumDescriptor() ([]byte, []int)
Deprecated: Use AdmissionRule_EnforcementMode.Descriptor instead.
func (AdmissionRule_EnforcementMode) Number
func (x AdmissionRule_EnforcementMode) Number() protoreflect.EnumNumber
func (AdmissionRule_EnforcementMode) String
func (x AdmissionRule_EnforcementMode) String() string
func (AdmissionRule_EnforcementMode) Type
func (AdmissionRule_EnforcementMode) Type() protoreflect.EnumType
AdmissionRule_EvaluationMode
type AdmissionRule_EvaluationMode int32
AdmissionRule_EVALUATION_MODE_UNSPECIFIED, AdmissionRule_ALWAYS_ALLOW, AdmissionRule_REQUIRE_ATTESTATION, AdmissionRule_ALWAYS_DENY
const (
// Do not use.
AdmissionRule_EVALUATION_MODE_UNSPECIFIED AdmissionRule_EvaluationMode = 0
// This rule allows all all pod creations.
AdmissionRule_ALWAYS_ALLOW AdmissionRule_EvaluationMode = 1
// This rule allows a pod creation if all the attestors listed in
// `require_attestations_by` have valid attestations for all of the
// images in the pod spec.
AdmissionRule_REQUIRE_ATTESTATION AdmissionRule_EvaluationMode = 2
// This rule denies all pod creations.
AdmissionRule_ALWAYS_DENY AdmissionRule_EvaluationMode = 3
)
func (AdmissionRule_EvaluationMode) Descriptor
func (AdmissionRule_EvaluationMode) Descriptor() protoreflect.EnumDescriptor
func (AdmissionRule_EvaluationMode) Enum
func (x AdmissionRule_EvaluationMode) Enum() *AdmissionRule_EvaluationMode
func (AdmissionRule_EvaluationMode) EnumDescriptor
func (AdmissionRule_EvaluationMode) EnumDescriptor() ([]byte, []int)
Deprecated: Use AdmissionRule_EvaluationMode.Descriptor instead.
func (AdmissionRule_EvaluationMode) Number
func (x AdmissionRule_EvaluationMode) Number() protoreflect.EnumNumber
func (AdmissionRule_EvaluationMode) String
func (x AdmissionRule_EvaluationMode) String() string
func (AdmissionRule_EvaluationMode) Type
func (AdmissionRule_EvaluationMode) Type() protoreflect.EnumType
AdmissionWhitelistPattern
type AdmissionWhitelistPattern struct {
// An image name pattern to allowlist, in the form `registry/path/to/image`.
// This supports a trailing `*` as a wildcard, but this is allowed only in
// text after the `registry/` part. `*` wildcard does not match `/`, i.e.,
// `gcr.io/nginx*` matches `gcr.io/nginx@latest`, but it does not match
// `gcr.io/nginx/image`. This also supports a trailing `**` wildcard which
// matches subdirectories, i.e., `gcr.io/nginx**` matches
// `gcr.io/nginx/image`.
NamePattern string `protobuf:"bytes,1,opt,name=name_pattern,json=namePattern,proto3" json:"name_pattern,omitempty"`
// contains filtered or unexported fields
}
An [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1beta1.AdmissionRule].
func (*AdmissionWhitelistPattern) Descriptor
func (*AdmissionWhitelistPattern) Descriptor() ([]byte, []int)
Deprecated: Use AdmissionWhitelistPattern.ProtoReflect.Descriptor instead.
func (*AdmissionWhitelistPattern) GetNamePattern
func (x *AdmissionWhitelistPattern) GetNamePattern() string
func (*AdmissionWhitelistPattern) ProtoMessage
func (*AdmissionWhitelistPattern) ProtoMessage()
func (*AdmissionWhitelistPattern) ProtoReflect
func (x *AdmissionWhitelistPattern) ProtoReflect() protoreflect.Message
func (*AdmissionWhitelistPattern) Reset
func (x *AdmissionWhitelistPattern) Reset()
func (*AdmissionWhitelistPattern) String
func (x *AdmissionWhitelistPattern) String() string
Attestor
type Attestor struct {
// Required. The resource name, in the format:
// `projects/*/attestors/*`. This field may not be updated.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. A descriptive comment. This field may be updated.
// The field may be displayed in chooser dialogs.
Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
// Required. Identifies an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] that attests to a
// container image artifact. This determines how an attestation will
// be stored, and how it will be used during policy
// enforcement. Updates may not change the attestor type, but individual
// attestor fields may be updated.
//
// Types that are assignable to AttestorType:
//
// *Attestor_UserOwnedDrydockNote
AttestorType isAttestor_AttestorType `protobuf_oneof:"attestor_type"`
// Output only. Time when the attestor was last updated.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// contains filtered or unexported fields
}
An [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] that attests to container image artifacts. An existing attestor cannot be modified except where indicated.
func (*Attestor) Descriptor
Deprecated: Use Attestor.ProtoReflect.Descriptor instead.
func (*Attestor) GetAttestorType
func (m *Attestor) GetAttestorType() isAttestor_AttestorType
func (*Attestor) GetDescription
func (*Attestor) GetName
func (*Attestor) GetUpdateTime
func (x *Attestor) GetUpdateTime() *timestamppb.Timestamp
func (*Attestor) GetUserOwnedDrydockNote
func (x *Attestor) GetUserOwnedDrydockNote() *UserOwnedDrydockNote
func (*Attestor) ProtoMessage
func (*Attestor) ProtoMessage()
func (*Attestor) ProtoReflect
func (x *Attestor) ProtoReflect() protoreflect.Message
func (*Attestor) Reset
func (x *Attestor) Reset()
func (*Attestor) String
AttestorPublicKey
type AttestorPublicKey struct {
// Optional. A descriptive comment. This field may be updated.
Comment string `protobuf:"bytes,1,opt,name=comment,proto3" json:"comment,omitempty"`
// The ID of this public key.
// Signatures verified by BinAuthz must include the ID of the public key that
// can be used to verify them, and that ID must match the contents of this
// field exactly.
// Additional restrictions on this field can be imposed based on which public
// key type is encapsulated. See the documentation on `public_key` cases below
// for details.
Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
// Required. A public key reference or serialized instance. This field may be
// updated.
//
// Types that are assignable to PublicKey:
//
// *AttestorPublicKey_AsciiArmoredPgpPublicKey
// *AttestorPublicKey_PkixPublicKey
PublicKey isAttestorPublicKey_PublicKey `protobuf_oneof:"public_key"`
// contains filtered or unexported fields
}
An [attestor public key][google.cloud.binaryauthorization.v1beta1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.
func (*AttestorPublicKey) Descriptor
func (*AttestorPublicKey) Descriptor() ([]byte, []int)
Deprecated: Use AttestorPublicKey.ProtoReflect.Descriptor instead.
func (*AttestorPublicKey) GetAsciiArmoredPgpPublicKey
func (x *AttestorPublicKey) GetAsciiArmoredPgpPublicKey() string
func (*AttestorPublicKey) GetComment
func (x *AttestorPublicKey) GetComment() string
func (*AttestorPublicKey) GetId
func (x *AttestorPublicKey) GetId() string
func (*AttestorPublicKey) GetPkixPublicKey
func (x *AttestorPublicKey) GetPkixPublicKey() *PkixPublicKey
func (*AttestorPublicKey) GetPublicKey
func (m *AttestorPublicKey) GetPublicKey() isAttestorPublicKey_PublicKey
func (*AttestorPublicKey) ProtoMessage
func (*AttestorPublicKey) ProtoMessage()
func (*AttestorPublicKey) ProtoReflect
func (x *AttestorPublicKey) ProtoReflect() protoreflect.Message
func (*AttestorPublicKey) Reset
func (x *AttestorPublicKey) Reset()
func (*AttestorPublicKey) String
func (x *AttestorPublicKey) String() string
AttestorPublicKey_AsciiArmoredPgpPublicKey
type AttestorPublicKey_AsciiArmoredPgpPublicKey struct {
// ASCII-armored representation of a PGP public key, as the entire output by
// the command `gpg --export --armor foo@example.com` (either LF or CRLF
// line endings).
// When using this field, `id` should be left blank. The BinAuthz API
// handlers will calculate the ID and fill it in automatically. BinAuthz
// computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
// upper-case hex. If `id` is provided by the caller, it will be
// overwritten by the API-calculated ID.
AsciiArmoredPgpPublicKey string `protobuf:"bytes,3,opt,name=ascii_armored_pgp_public_key,json=asciiArmoredPgpPublicKey,proto3,oneof"`
}
AttestorPublicKey_PkixPublicKey
type AttestorPublicKey_PkixPublicKey struct {
// A raw PKIX SubjectPublicKeyInfo format public key.
//
// NOTE: `id` may be explicitly provided by the caller when using this
// type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
// blank, a default one will be computed based on the digest of the DER
// encoding of the public key.
PkixPublicKey *PkixPublicKey `protobuf:"bytes,5,opt,name=pkix_public_key,json=pkixPublicKey,proto3,oneof"`
}
Attestor_UserOwnedDrydockNote
type Attestor_UserOwnedDrydockNote struct {
// A Drydock ATTESTATION_AUTHORITY Note, created by the user.
UserOwnedDrydockNote *UserOwnedDrydockNote `protobuf:"bytes,3,opt,name=user_owned_drydock_note,json=userOwnedDrydockNote,proto3,oneof"`
}
BinauthzManagementServiceV1Beta1Client
type BinauthzManagementServiceV1Beta1Client interface {
// A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to
// a container image, before the project is allowed to deploy that
// image. There is at most one policy per project. All image admission
// requests are permitted if a project has no policy.
//
// Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this project. Returns a default
// [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project does not have one.
GetPolicy(ctx context.Context, in *GetPolicyRequest, opts ...grpc.CallOption) (*Policy, error)
// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a copy of the
// new [policy][google.cloud.binaryauthorization.v1beta1.Policy]. A policy is always updated as a whole, to avoid race
// conditions with concurrent policy enforcement (or management!)
// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
// if the request is malformed.
UpdatePolicy(ctx context.Context, in *UpdatePolicyRequest, opts ...grpc.CallOption) (*Policy, error)
// Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], and returns a copy of the new
// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the project does not exist,
// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already exists.
CreateAttestor(ctx context.Context, in *CreateAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
// Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
GetAttestor(ctx context.Context, in *GetAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
// Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
UpdateAttestor(ctx context.Context, in *UpdateAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
// Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
// Returns INVALID_ARGUMENT if the project does not exist.
ListAttestors(ctx context.Context, in *ListAttestorsRequest, opts ...grpc.CallOption) (*ListAttestorsResponse, error)
// Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the
// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
DeleteAttestor(ctx context.Context, in *DeleteAttestorRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
}
BinauthzManagementServiceV1Beta1Client is the client API for BinauthzManagementServiceV1Beta1 service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewBinauthzManagementServiceV1Beta1Client
func NewBinauthzManagementServiceV1Beta1Client(cc grpc.ClientConnInterface) BinauthzManagementServiceV1Beta1Client
BinauthzManagementServiceV1Beta1Server
type BinauthzManagementServiceV1Beta1Server interface {
// A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to
// a container image, before the project is allowed to deploy that
// image. There is at most one policy per project. All image admission
// requests are permitted if a project has no policy.
//
// Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this project. Returns a default
// [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project does not have one.
GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a copy of the
// new [policy][google.cloud.binaryauthorization.v1beta1.Policy]. A policy is always updated as a whole, to avoid race
// conditions with concurrent policy enforcement (or management!)
// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
// if the request is malformed.
UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)
// Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], and returns a copy of the new
// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the project does not exist,
// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already exists.
CreateAttestor(context.Context, *CreateAttestorRequest) (*Attestor, error)
// Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
GetAttestor(context.Context, *GetAttestorRequest) (*Attestor, error)
// Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
UpdateAttestor(context.Context, *UpdateAttestorRequest) (*Attestor, error)
// Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
// Returns INVALID_ARGUMENT if the project does not exist.
ListAttestors(context.Context, *ListAttestorsRequest) (*ListAttestorsResponse, error)
// Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the
// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
DeleteAttestor(context.Context, *DeleteAttestorRequest) (*emptypb.Empty, error)
}
BinauthzManagementServiceV1Beta1Server is the server API for BinauthzManagementServiceV1Beta1 service.
ContinuousValidationEvent
type ContinuousValidationEvent struct {
// Type of CV event.
//
// Types that are assignable to EventType:
//
// *ContinuousValidationEvent_PodEvent
// *ContinuousValidationEvent_UnsupportedPolicyEvent_
EventType isContinuousValidationEvent_EventType `protobuf_oneof:"event_type"`
// contains filtered or unexported fields
}
Represents an auditing event from Continuous Validation.
func (*ContinuousValidationEvent) Descriptor
func (*ContinuousValidationEvent) Descriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent.ProtoReflect.Descriptor instead.
func (*ContinuousValidationEvent) GetEventType
func (m *ContinuousValidationEvent) GetEventType() isContinuousValidationEvent_EventType
func (*ContinuousValidationEvent) GetPodEvent
func (x *ContinuousValidationEvent) GetPodEvent() *ContinuousValidationEvent_ContinuousValidationPodEvent
func (*ContinuousValidationEvent) GetUnsupportedPolicyEvent
func (x *ContinuousValidationEvent) GetUnsupportedPolicyEvent() *ContinuousValidationEvent_UnsupportedPolicyEvent
func (*ContinuousValidationEvent) ProtoMessage
func (*ContinuousValidationEvent) ProtoMessage()
func (*ContinuousValidationEvent) ProtoReflect
func (x *ContinuousValidationEvent) ProtoReflect() protoreflect.Message
func (*ContinuousValidationEvent) Reset
func (x *ContinuousValidationEvent) Reset()
func (*ContinuousValidationEvent) String
func (x *ContinuousValidationEvent) String() string
ContinuousValidationEvent_ContinuousValidationPodEvent
type ContinuousValidationEvent_ContinuousValidationPodEvent struct {
PodNamespace string `protobuf:"bytes,7,opt,name=pod_namespace,json=podNamespace,proto3" json:"pod_namespace,omitempty"`
Pod string `protobuf:"bytes,1,opt,name=pod,proto3" json:"pod,omitempty"`
DeployTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=deploy_time,json=deployTime,proto3" json:"deploy_time,omitempty"`
EndTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=end_time,json=endTime,proto3" json:"end_time,omitempty"`
Verdict ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict "" /* 194 byte string literal not displayed */
Images []*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails `protobuf:"bytes,5,rep,name=images,proto3" json:"images,omitempty"`
}
An auditing event for one Pod.
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) Descriptor
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) Descriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent.ProtoReflect.Descriptor instead.
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetDeployTime
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetDeployTime() *timestamppb.Timestamp
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetEndTime
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetEndTime() *timestamppb.Timestamp
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetImages
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetImages() []*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetPod
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetPod() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetPodNamespace
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetPodNamespace() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetVerdict
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetVerdict() ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) ProtoMessage
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) ProtoMessage()
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) ProtoReflect
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) ProtoReflect() protoreflect.Message
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) Reset
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) Reset()
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) String
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) String() string
ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails struct {
Image string `protobuf:"bytes,1,opt,name=image,proto3" json:"image,omitempty"`
Result ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult "" /* 192 byte string literal not displayed */
Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
}
Container image with auditing details.
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) Descriptor
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) Descriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails.ProtoReflect.Descriptor instead.
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetDescription
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetDescription() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetImage
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetImage() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetResult
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetResult() ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) ProtoMessage
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) ProtoMessage()
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) ProtoReflect
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) ProtoReflect() protoreflect.Message
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) Reset
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) Reset()
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) String
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) String() string
ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult int32
Result of the audit.
ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AUDIT_RESULT_UNSPECIFIED, ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ALLOW, ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_DENY
const (
// Unspecified result. This is an error.
ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AUDIT_RESULT_UNSPECIFIED ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult = 0
// Image is allowed.
ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ALLOW ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult = 1
// Image is denied.
ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_DENY ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult = 2
)
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Descriptor
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Descriptor() protoreflect.EnumDescriptor
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Enum
func (x ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Enum() *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) EnumDescriptor
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) EnumDescriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult.Descriptor instead.
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Number
func (x ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Number() protoreflect.EnumNumber
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) String
func (x ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) String() string
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Type
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Type() protoreflect.EnumType
ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict
type ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict int32
Audit time policy conformance verdict.
ContinuousValidationEvent_ContinuousValidationPodEvent_POLICY_CONFORMANCE_VERDICT_UNSPECIFIED, ContinuousValidationEvent_ContinuousValidationPodEvent_VIOLATES_POLICY
const (
// We should always have a verdict. This is an error.
ContinuousValidationEvent_ContinuousValidationPodEvent_POLICY_CONFORMANCE_VERDICT_UNSPECIFIED ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict = 0
// The pod violates the policy.
ContinuousValidationEvent_ContinuousValidationPodEvent_VIOLATES_POLICY ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict = 1
)
func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Descriptor
func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Descriptor() protoreflect.EnumDescriptor
func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Enum
func (x ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Enum() *ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict
func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) EnumDescriptor
func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) EnumDescriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict.Descriptor instead.
func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Number
func (x ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Number() protoreflect.EnumNumber
func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) String
func (x ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) String() string
func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Type
func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Type() protoreflect.EnumType
ContinuousValidationEvent_PodEvent
type ContinuousValidationEvent_PodEvent struct {
// Pod event.
PodEvent *ContinuousValidationEvent_ContinuousValidationPodEvent `protobuf:"bytes,1,opt,name=pod_event,json=podEvent,proto3,oneof"`
}
ContinuousValidationEvent_UnsupportedPolicyEvent
type ContinuousValidationEvent_UnsupportedPolicyEvent struct {
// A description of the unsupported policy.
Description string `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"`
// contains filtered or unexported fields
}
An event describing that the project policy is unsupported by CV.
func (*ContinuousValidationEvent_UnsupportedPolicyEvent) Descriptor
func (*ContinuousValidationEvent_UnsupportedPolicyEvent) Descriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_UnsupportedPolicyEvent.ProtoReflect.Descriptor instead.
func (*ContinuousValidationEvent_UnsupportedPolicyEvent) GetDescription
func (x *ContinuousValidationEvent_UnsupportedPolicyEvent) GetDescription() string
func (*ContinuousValidationEvent_UnsupportedPolicyEvent) ProtoMessage
func (*ContinuousValidationEvent_UnsupportedPolicyEvent) ProtoMessage()
func (*ContinuousValidationEvent_UnsupportedPolicyEvent) ProtoReflect
func (x *ContinuousValidationEvent_UnsupportedPolicyEvent) ProtoReflect() protoreflect.Message
func (*ContinuousValidationEvent_UnsupportedPolicyEvent) Reset
func (x *ContinuousValidationEvent_UnsupportedPolicyEvent) Reset()
func (*ContinuousValidationEvent_UnsupportedPolicyEvent) String
func (x *ContinuousValidationEvent_UnsupportedPolicyEvent) String() string
ContinuousValidationEvent_UnsupportedPolicyEvent_
type ContinuousValidationEvent_UnsupportedPolicyEvent_ struct {
// Unsupported policy event.
UnsupportedPolicyEvent *ContinuousValidationEvent_UnsupportedPolicyEvent `protobuf:"bytes,2,opt,name=unsupported_policy_event,json=unsupportedPolicyEvent,proto3,oneof"`
}
CreateAttestorRequest
type CreateAttestorRequest struct {
// Required. The parent of this [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] ID.
AttestorId string `protobuf:"bytes,2,opt,name=attestor_id,json=attestorId,proto3" json:"attestor_id,omitempty"`
// Required. The initial [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] value. The service will
// overwrite the [attestor name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with the resource name,
// in the format `projects/*/attestors/*`.
Attestor *Attestor `protobuf:"bytes,3,opt,name=attestor,proto3" json:"attestor,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.CreateAttestor][].
func (*CreateAttestorRequest) Descriptor
func (*CreateAttestorRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateAttestorRequest.ProtoReflect.Descriptor instead.
func (*CreateAttestorRequest) GetAttestor
func (x *CreateAttestorRequest) GetAttestor() *Attestor
func (*CreateAttestorRequest) GetAttestorId
func (x *CreateAttestorRequest) GetAttestorId() string
func (*CreateAttestorRequest) GetParent
func (x *CreateAttestorRequest) GetParent() string
func (*CreateAttestorRequest) ProtoMessage
func (*CreateAttestorRequest) ProtoMessage()
func (*CreateAttestorRequest) ProtoReflect
func (x *CreateAttestorRequest) ProtoReflect() protoreflect.Message
func (*CreateAttestorRequest) Reset
func (x *CreateAttestorRequest) Reset()
func (*CreateAttestorRequest) String
func (x *CreateAttestorRequest) String() string
DeleteAttestorRequest
type DeleteAttestorRequest struct {
// Required. The name of the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] to delete, in the format
// `projects/*/attestors/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.DeleteAttestor][].
func (*DeleteAttestorRequest) Descriptor
func (*DeleteAttestorRequest) Descriptor() ([]byte, []int)
Deprecated: Use DeleteAttestorRequest.ProtoReflect.Descriptor instead.
func (*DeleteAttestorRequest) GetName
func (x *DeleteAttestorRequest) GetName() string
func (*DeleteAttestorRequest) ProtoMessage
func (*DeleteAttestorRequest) ProtoMessage()
func (*DeleteAttestorRequest) ProtoReflect
func (x *DeleteAttestorRequest) ProtoReflect() protoreflect.Message
func (*DeleteAttestorRequest) Reset
func (x *DeleteAttestorRequest) Reset()
func (*DeleteAttestorRequest) String
func (x *DeleteAttestorRequest) String() string
GetAttestorRequest
type GetAttestorRequest struct {
// Required. The name of the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] to retrieve, in the format
// `projects/*/attestors/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.GetAttestor][].
func (*GetAttestorRequest) Descriptor
func (*GetAttestorRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetAttestorRequest.ProtoReflect.Descriptor instead.
func (*GetAttestorRequest) GetName
func (x *GetAttestorRequest) GetName() string
func (*GetAttestorRequest) ProtoMessage
func (*GetAttestorRequest) ProtoMessage()
func (*GetAttestorRequest) ProtoReflect
func (x *GetAttestorRequest) ProtoReflect() protoreflect.Message
func (*GetAttestorRequest) Reset
func (x *GetAttestorRequest) Reset()
func (*GetAttestorRequest) String
func (x *GetAttestorRequest) String() string
GetPolicyRequest
type GetPolicyRequest struct {
// Required. The resource name of the [policy][google.cloud.binaryauthorization.v1beta1.Policy] to retrieve,
// in the format `projects/*/policy`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.GetPolicy][].
func (*GetPolicyRequest) Descriptor
func (*GetPolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetPolicyRequest.ProtoReflect.Descriptor instead.
func (*GetPolicyRequest) GetName
func (x *GetPolicyRequest) GetName() string
func (*GetPolicyRequest) ProtoMessage
func (*GetPolicyRequest) ProtoMessage()
func (*GetPolicyRequest) ProtoReflect
func (x *GetPolicyRequest) ProtoReflect() protoreflect.Message
func (*GetPolicyRequest) Reset
func (x *GetPolicyRequest) Reset()
func (*GetPolicyRequest) String
func (x *GetPolicyRequest) String() string
GetSystemPolicyRequest
type GetSystemPolicyRequest struct {
// Required. The resource name, in the format `locations/*/policy`.
// Note that the system policy is not associated with a project.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request to read the current system policy.
func (*GetSystemPolicyRequest) Descriptor
func (*GetSystemPolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetSystemPolicyRequest.ProtoReflect.Descriptor instead.
func (*GetSystemPolicyRequest) GetName
func (x *GetSystemPolicyRequest) GetName() string
func (*GetSystemPolicyRequest) ProtoMessage
func (*GetSystemPolicyRequest) ProtoMessage()
func (*GetSystemPolicyRequest) ProtoReflect
func (x *GetSystemPolicyRequest) ProtoReflect() protoreflect.Message
func (*GetSystemPolicyRequest) Reset
func (x *GetSystemPolicyRequest) Reset()
func (*GetSystemPolicyRequest) String
func (x *GetSystemPolicyRequest) String() string
ListAttestorsRequest
type ListAttestorsRequest struct {
// Required. The resource name of the project associated with the
// [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], in the format `projects/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Requested page size. The server may return fewer results than requested. If
// unspecified, the server will pick an appropriate default.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// A token identifying a page of results the server should return. Typically,
// this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1beta1.ListAttestorsResponse.next_page_token] returned
// from the previous call to the `ListAttestors` method.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.ListAttestors][].
func (*ListAttestorsRequest) Descriptor
func (*ListAttestorsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListAttestorsRequest.ProtoReflect.Descriptor instead.
func (*ListAttestorsRequest) GetPageSize
func (x *ListAttestorsRequest) GetPageSize() int32
func (*ListAttestorsRequest) GetPageToken
func (x *ListAttestorsRequest) GetPageToken() string
func (*ListAttestorsRequest) GetParent
func (x *ListAttestorsRequest) GetParent() string
func (*ListAttestorsRequest) ProtoMessage
func (*ListAttestorsRequest) ProtoMessage()
func (*ListAttestorsRequest) ProtoReflect
func (x *ListAttestorsRequest) ProtoReflect() protoreflect.Message
func (*ListAttestorsRequest) Reset
func (x *ListAttestorsRequest) Reset()
func (*ListAttestorsRequest) String
func (x *ListAttestorsRequest) String() string
ListAttestorsResponse
type ListAttestorsResponse struct {
// The list of [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
Attestors []*Attestor `protobuf:"bytes,1,rep,name=attestors,proto3" json:"attestors,omitempty"`
// A token to retrieve the next page of results. Pass this value in the
// [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1beta1.ListAttestorsRequest.page_token] field in the subsequent call to the
// `ListAttestors` method to retrieve the next page of results.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
Response message for [BinauthzManagementService.ListAttestors][].
func (*ListAttestorsResponse) Descriptor
func (*ListAttestorsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListAttestorsResponse.ProtoReflect.Descriptor instead.
func (*ListAttestorsResponse) GetAttestors
func (x *ListAttestorsResponse) GetAttestors() []*Attestor
func (*ListAttestorsResponse) GetNextPageToken
func (x *ListAttestorsResponse) GetNextPageToken() string
func (*ListAttestorsResponse) ProtoMessage
func (*ListAttestorsResponse) ProtoMessage()
func (*ListAttestorsResponse) ProtoReflect
func (x *ListAttestorsResponse) ProtoReflect() protoreflect.Message
func (*ListAttestorsResponse) Reset
func (x *ListAttestorsResponse) Reset()
func (*ListAttestorsResponse) String
func (x *ListAttestorsResponse) String() string
PkixPublicKey
type PkixPublicKey struct {
PublicKeyPem string `protobuf:"bytes,1,opt,name=public_key_pem,json=publicKeyPem,proto3" json:"public_key_pem,omitempty"`
SignatureAlgorithm PkixPublicKey_SignatureAlgorithm "" /* 195 byte string literal not displayed */
}
A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.
func (*PkixPublicKey) Descriptor
func (*PkixPublicKey) Descriptor() ([]byte, []int)
Deprecated: Use PkixPublicKey.ProtoReflect.Descriptor instead.
func (*PkixPublicKey) GetPublicKeyPem
func (x *PkixPublicKey) GetPublicKeyPem() string
func (*PkixPublicKey) GetSignatureAlgorithm
func (x *PkixPublicKey) GetSignatureAlgorithm() PkixPublicKey_SignatureAlgorithm
func (*PkixPublicKey) ProtoMessage
func (*PkixPublicKey) ProtoMessage()
func (*PkixPublicKey) ProtoReflect
func (x *PkixPublicKey) ProtoReflect() protoreflect.Message
func (*PkixPublicKey) Reset
func (x *PkixPublicKey) Reset()
func (*PkixPublicKey) String
func (x *PkixPublicKey) String() string
PkixPublicKey_SignatureAlgorithm
type PkixPublicKey_SignatureAlgorithm int32
Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS.
PkixPublicKey_SIGNATURE_ALGORITHM_UNSPECIFIED, PkixPublicKey_RSA_PSS_2048_SHA256, PkixPublicKey_RSA_PSS_3072_SHA256, PkixPublicKey_RSA_PSS_4096_SHA256, PkixPublicKey_RSA_PSS_4096_SHA512, PkixPublicKey_RSA_SIGN_PKCS1_2048_SHA256, PkixPublicKey_RSA_SIGN_PKCS1_3072_SHA256, PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA256, PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA512, PkixPublicKey_ECDSA_P256_SHA256, PkixPublicKey_EC_SIGN_P256_SHA256, PkixPublicKey_ECDSA_P384_SHA384, PkixPublicKey_EC_SIGN_P384_SHA384, PkixPublicKey_ECDSA_P521_SHA512, PkixPublicKey_EC_SIGN_P521_SHA512
const (
// Not specified.
PkixPublicKey_SIGNATURE_ALGORITHM_UNSPECIFIED PkixPublicKey_SignatureAlgorithm = 0
// RSASSA-PSS 2048 bit key with a SHA256 digest.
PkixPublicKey_RSA_PSS_2048_SHA256 PkixPublicKey_SignatureAlgorithm = 1
// RSASSA-PSS 3072 bit key with a SHA256 digest.
PkixPublicKey_RSA_PSS_3072_SHA256 PkixPublicKey_SignatureAlgorithm = 2
// RSASSA-PSS 4096 bit key with a SHA256 digest.
PkixPublicKey_RSA_PSS_4096_SHA256 PkixPublicKey_SignatureAlgorithm = 3
// RSASSA-PSS 4096 bit key with a SHA512 digest.
PkixPublicKey_RSA_PSS_4096_SHA512 PkixPublicKey_SignatureAlgorithm = 4
// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
PkixPublicKey_RSA_SIGN_PKCS1_2048_SHA256 PkixPublicKey_SignatureAlgorithm = 5
// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
PkixPublicKey_RSA_SIGN_PKCS1_3072_SHA256 PkixPublicKey_SignatureAlgorithm = 6
// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA256 PkixPublicKey_SignatureAlgorithm = 7
// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA512 PkixPublicKey_SignatureAlgorithm = 8
// ECDSA on the NIST P-256 curve with a SHA256 digest.
PkixPublicKey_ECDSA_P256_SHA256 PkixPublicKey_SignatureAlgorithm = 9
// ECDSA on the NIST P-256 curve with a SHA256 digest.
PkixPublicKey_EC_SIGN_P256_SHA256 PkixPublicKey_SignatureAlgorithm = 9
// ECDSA on the NIST P-384 curve with a SHA384 digest.
PkixPublicKey_ECDSA_P384_SHA384 PkixPublicKey_SignatureAlgorithm = 10
// ECDSA on the NIST P-384 curve with a SHA384 digest.
PkixPublicKey_EC_SIGN_P384_SHA384 PkixPublicKey_SignatureAlgorithm = 10
// ECDSA on the NIST P-521 curve with a SHA512 digest.
PkixPublicKey_ECDSA_P521_SHA512 PkixPublicKey_SignatureAlgorithm = 11
// ECDSA on the NIST P-521 curve with a SHA512 digest.
PkixPublicKey_EC_SIGN_P521_SHA512 PkixPublicKey_SignatureAlgorithm = 11
)
func (PkixPublicKey_SignatureAlgorithm) Descriptor
func (PkixPublicKey_SignatureAlgorithm) Descriptor() protoreflect.EnumDescriptor
func (PkixPublicKey_SignatureAlgorithm) Enum
func (x PkixPublicKey_SignatureAlgorithm) Enum() *PkixPublicKey_SignatureAlgorithm
func (PkixPublicKey_SignatureAlgorithm) EnumDescriptor
func (PkixPublicKey_SignatureAlgorithm) EnumDescriptor() ([]byte, []int)
Deprecated: Use PkixPublicKey_SignatureAlgorithm.Descriptor instead.
func (PkixPublicKey_SignatureAlgorithm) Number
func (x PkixPublicKey_SignatureAlgorithm) Number() protoreflect.EnumNumber
func (PkixPublicKey_SignatureAlgorithm) String
func (x PkixPublicKey_SignatureAlgorithm) String() string
func (PkixPublicKey_SignatureAlgorithm) Type
func (PkixPublicKey_SignatureAlgorithm) Type() protoreflect.EnumType
Policy
type Policy struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
GlobalPolicyEvaluationMode Policy_GlobalPolicyEvaluationMode "" /* 224 byte string literal not displayed */
AdmissionWhitelistPatterns []*AdmissionWhitelistPattern "" /* 141 byte string literal not displayed */
ClusterAdmissionRules map[string]*AdmissionRule "" /* 214 byte string literal not displayed */
KubernetesNamespaceAdmissionRules map[string]*AdmissionRule "" /* 253 byte string literal not displayed */
KubernetesServiceAccountAdmissionRules map[string]*AdmissionRule "" /* 269 byte string literal not displayed */
IstioServiceIdentityAdmissionRules map[string]*AdmissionRule "" /* 257 byte string literal not displayed */
DefaultAdmissionRule *AdmissionRule `protobuf:"bytes,4,opt,name=default_admission_rule,json=defaultAdmissionRule,proto3" json:"default_admission_rule,omitempty"`
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
}
A [policy][google.cloud.binaryauthorization.v1beta1.Policy] for Binary Authorization.
func (*Policy) Descriptor
Deprecated: Use Policy.ProtoReflect.Descriptor instead.
func (*Policy) GetAdmissionWhitelistPatterns
func (x *Policy) GetAdmissionWhitelistPatterns() []*AdmissionWhitelistPattern
func (*Policy) GetClusterAdmissionRules
func (x *Policy) GetClusterAdmissionRules() map[string]*AdmissionRule
func (*Policy) GetDefaultAdmissionRule
func (x *Policy) GetDefaultAdmissionRule() *AdmissionRule
func (*Policy) GetDescription
func (*Policy) GetGlobalPolicyEvaluationMode
func (x *Policy) GetGlobalPolicyEvaluationMode() Policy_GlobalPolicyEvaluationMode
func (*Policy) GetIstioServiceIdentityAdmissionRules
func (x *Policy) GetIstioServiceIdentityAdmissionRules() map[string]*AdmissionRule
func (*Policy) GetKubernetesNamespaceAdmissionRules
func (x *Policy) GetKubernetesNamespaceAdmissionRules() map[string]*AdmissionRule
func (*Policy) GetKubernetesServiceAccountAdmissionRules
func (x *Policy) GetKubernetesServiceAccountAdmissionRules() map[string]*AdmissionRule
func (*Policy) GetName
func (*Policy) GetUpdateTime
func (x *Policy) GetUpdateTime() *timestamppb.Timestamp
func (*Policy) ProtoMessage
func (*Policy) ProtoMessage()
func (*Policy) ProtoReflect
func (x *Policy) ProtoReflect() protoreflect.Message
func (*Policy) Reset
func (x *Policy) Reset()
func (*Policy) String
Policy_GlobalPolicyEvaluationMode
type Policy_GlobalPolicyEvaluationMode int32
Policy_GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, Policy_ENABLE, Policy_DISABLE
const (
// Not specified: DISABLE is assumed.
Policy_GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED Policy_GlobalPolicyEvaluationMode = 0
// Enables system policy evaluation.
Policy_ENABLE Policy_GlobalPolicyEvaluationMode = 1
// Disables system policy evaluation.
Policy_DISABLE Policy_GlobalPolicyEvaluationMode = 2
)
func (Policy_GlobalPolicyEvaluationMode) Descriptor
func (Policy_GlobalPolicyEvaluationMode) Descriptor() protoreflect.EnumDescriptor
func (Policy_GlobalPolicyEvaluationMode) Enum
func (x Policy_GlobalPolicyEvaluationMode) Enum() *Policy_GlobalPolicyEvaluationMode
func (Policy_GlobalPolicyEvaluationMode) EnumDescriptor
func (Policy_GlobalPolicyEvaluationMode) EnumDescriptor() ([]byte, []int)
Deprecated: Use Policy_GlobalPolicyEvaluationMode.Descriptor instead.
func (Policy_GlobalPolicyEvaluationMode) Number
func (x Policy_GlobalPolicyEvaluationMode) Number() protoreflect.EnumNumber
func (Policy_GlobalPolicyEvaluationMode) String
func (x Policy_GlobalPolicyEvaluationMode) String() string
func (Policy_GlobalPolicyEvaluationMode) Type
func (Policy_GlobalPolicyEvaluationMode) Type() protoreflect.EnumType
SystemPolicyV1Beta1Client
type SystemPolicyV1Beta1Client interface {
// Gets the current system policy in the specified location.
GetSystemPolicy(ctx context.Context, in *GetSystemPolicyRequest, opts ...grpc.CallOption) (*Policy, error)
}
SystemPolicyV1Beta1Client is the client API for SystemPolicyV1Beta1 service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewSystemPolicyV1Beta1Client
func NewSystemPolicyV1Beta1Client(cc grpc.ClientConnInterface) SystemPolicyV1Beta1Client
SystemPolicyV1Beta1Server
type SystemPolicyV1Beta1Server interface {
// Gets the current system policy in the specified location.
GetSystemPolicy(context.Context, *GetSystemPolicyRequest) (*Policy, error)
}
SystemPolicyV1Beta1Server is the server API for SystemPolicyV1Beta1 service.
UnimplementedBinauthzManagementServiceV1Beta1Server
type UnimplementedBinauthzManagementServiceV1Beta1Server struct {
}
UnimplementedBinauthzManagementServiceV1Beta1Server can be embedded to have forward compatible implementations.
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) CreateAttestor
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) CreateAttestor(context.Context, *CreateAttestorRequest) (*Attestor, error)
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) DeleteAttestor
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) DeleteAttestor(context.Context, *DeleteAttestorRequest) (*emptypb.Empty, error)
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) GetAttestor
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) GetAttestor(context.Context, *GetAttestorRequest) (*Attestor, error)
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) GetPolicy
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) ListAttestors
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) ListAttestors(context.Context, *ListAttestorsRequest) (*ListAttestorsResponse, error)
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) UpdateAttestor
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) UpdateAttestor(context.Context, *UpdateAttestorRequest) (*Attestor, error)
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) UpdatePolicy
func (*UnimplementedBinauthzManagementServiceV1Beta1Server) UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)
UnimplementedSystemPolicyV1Beta1Server
type UnimplementedSystemPolicyV1Beta1Server struct {
}
UnimplementedSystemPolicyV1Beta1Server can be embedded to have forward compatible implementations.
func (*UnimplementedSystemPolicyV1Beta1Server) GetSystemPolicy
func (*UnimplementedSystemPolicyV1Beta1Server) GetSystemPolicy(context.Context, *GetSystemPolicyRequest) (*Policy, error)
UpdateAttestorRequest
type UpdateAttestorRequest struct {
// Required. The updated [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] value. The service will
// overwrite the [attestor name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with the resource name
// in the request URL, in the format `projects/*/attestors/*`.
Attestor *Attestor `protobuf:"bytes,1,opt,name=attestor,proto3" json:"attestor,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.UpdateAttestor][].
func (*UpdateAttestorRequest) Descriptor
func (*UpdateAttestorRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdateAttestorRequest.ProtoReflect.Descriptor instead.
func (*UpdateAttestorRequest) GetAttestor
func (x *UpdateAttestorRequest) GetAttestor() *Attestor
func (*UpdateAttestorRequest) ProtoMessage
func (*UpdateAttestorRequest) ProtoMessage()
func (*UpdateAttestorRequest) ProtoReflect
func (x *UpdateAttestorRequest) ProtoReflect() protoreflect.Message
func (*UpdateAttestorRequest) Reset
func (x *UpdateAttestorRequest) Reset()
func (*UpdateAttestorRequest) String
func (x *UpdateAttestorRequest) String() string
UpdatePolicyRequest
type UpdatePolicyRequest struct {
// Required. A new or updated [policy][google.cloud.binaryauthorization.v1beta1.Policy] value. The service will
// overwrite the [policy name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the resource name in
// the request URL, in the format `projects/*/policy`.
Policy *Policy `protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.UpdatePolicy][].
func (*UpdatePolicyRequest) Descriptor
func (*UpdatePolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdatePolicyRequest.ProtoReflect.Descriptor instead.
func (*UpdatePolicyRequest) GetPolicy
func (x *UpdatePolicyRequest) GetPolicy() *Policy
func (*UpdatePolicyRequest) ProtoMessage
func (*UpdatePolicyRequest) ProtoMessage()
func (*UpdatePolicyRequest) ProtoReflect
func (x *UpdatePolicyRequest) ProtoReflect() protoreflect.Message
func (*UpdatePolicyRequest) Reset
func (x *UpdatePolicyRequest) Reset()
func (*UpdatePolicyRequest) String
func (x *UpdatePolicyRequest) String() string
UserOwnedDrydockNote
type UserOwnedDrydockNote struct {
NoteReference string `protobuf:"bytes,1,opt,name=note_reference,json=noteReference,proto3" json:"note_reference,omitempty"`
PublicKeys []*AttestorPublicKey `protobuf:"bytes,2,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"`
DelegationServiceAccountEmail string "" /* 152 byte string literal not displayed */
}
An [user owned drydock note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote] references a Drydock ATTESTATION_AUTHORITY Note created by the user.
func (*UserOwnedDrydockNote) Descriptor
func (*UserOwnedDrydockNote) Descriptor() ([]byte, []int)
Deprecated: Use UserOwnedDrydockNote.ProtoReflect.Descriptor instead.
func (*UserOwnedDrydockNote) GetDelegationServiceAccountEmail
func (x *UserOwnedDrydockNote) GetDelegationServiceAccountEmail() string
func (*UserOwnedDrydockNote) GetNoteReference
func (x *UserOwnedDrydockNote) GetNoteReference() string
func (*UserOwnedDrydockNote) GetPublicKeys
func (x *UserOwnedDrydockNote) GetPublicKeys() []*AttestorPublicKey
func (*UserOwnedDrydockNote) ProtoMessage
func (*UserOwnedDrydockNote) ProtoMessage()
func (*UserOwnedDrydockNote) ProtoReflect
func (x *UserOwnedDrydockNote) ProtoReflect() protoreflect.Message
func (*UserOwnedDrydockNote) Reset
func (x *UserOwnedDrydockNote) Reset()
func (*UserOwnedDrydockNote) String
func (x *UserOwnedDrydockNote) String() string