Variables
Policy_GlobalPolicyEvaluationMode_name, Policy_GlobalPolicyEvaluationMode_value
var (
Policy_GlobalPolicyEvaluationMode_name = map[int32]string{
0: "GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED",
1: "ENABLE",
2: "DISABLE",
}
Policy_GlobalPolicyEvaluationMode_value = map[string]int32{
"GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED": 0,
"ENABLE": 1,
"DISABLE": 2,
}
)Enum value maps for Policy_GlobalPolicyEvaluationMode.
AdmissionRule_EvaluationMode_name, AdmissionRule_EvaluationMode_value
var (
AdmissionRule_EvaluationMode_name = map[int32]string{
0: "EVALUATION_MODE_UNSPECIFIED",
1: "ALWAYS_ALLOW",
2: "REQUIRE_ATTESTATION",
3: "ALWAYS_DENY",
}
AdmissionRule_EvaluationMode_value = map[string]int32{
"EVALUATION_MODE_UNSPECIFIED": 0,
"ALWAYS_ALLOW": 1,
"REQUIRE_ATTESTATION": 2,
"ALWAYS_DENY": 3,
}
)Enum value maps for AdmissionRule_EvaluationMode.
AdmissionRule_EnforcementMode_name, AdmissionRule_EnforcementMode_value
var (
AdmissionRule_EnforcementMode_name = map[int32]string{
0: "ENFORCEMENT_MODE_UNSPECIFIED",
1: "ENFORCED_BLOCK_AND_AUDIT_LOG",
2: "DRYRUN_AUDIT_LOG_ONLY",
}
AdmissionRule_EnforcementMode_value = map[string]int32{
"ENFORCEMENT_MODE_UNSPECIFIED": 0,
"ENFORCED_BLOCK_AND_AUDIT_LOG": 1,
"DRYRUN_AUDIT_LOG_ONLY": 2,
}
)Enum value maps for AdmissionRule_EnforcementMode.
PkixPublicKey_SignatureAlgorithm_name, PkixPublicKey_SignatureAlgorithm_value
var (
PkixPublicKey_SignatureAlgorithm_name = map[int32]string{
0: "SIGNATURE_ALGORITHM_UNSPECIFIED",
1: "RSA_PSS_2048_SHA256",
2: "RSA_PSS_3072_SHA256",
3: "RSA_PSS_4096_SHA256",
4: "RSA_PSS_4096_SHA512",
5: "RSA_SIGN_PKCS1_2048_SHA256",
6: "RSA_SIGN_PKCS1_3072_SHA256",
7: "RSA_SIGN_PKCS1_4096_SHA256",
8: "RSA_SIGN_PKCS1_4096_SHA512",
9: "ECDSA_P256_SHA256",
10: "ECDSA_P384_SHA384",
11: "ECDSA_P521_SHA512",
}
PkixPublicKey_SignatureAlgorithm_value = map[string]int32{
"SIGNATURE_ALGORITHM_UNSPECIFIED": 0,
"RSA_PSS_2048_SHA256": 1,
"RSA_PSS_3072_SHA256": 2,
"RSA_PSS_4096_SHA256": 3,
"RSA_PSS_4096_SHA512": 4,
"RSA_SIGN_PKCS1_2048_SHA256": 5,
"RSA_SIGN_PKCS1_3072_SHA256": 6,
"RSA_SIGN_PKCS1_4096_SHA256": 7,
"RSA_SIGN_PKCS1_4096_SHA512": 8,
"ECDSA_P256_SHA256": 9,
"EC_SIGN_P256_SHA256": 9,
"ECDSA_P384_SHA384": 10,
"EC_SIGN_P384_SHA384": 10,
"ECDSA_P521_SHA512": 11,
"EC_SIGN_P521_SHA512": 11,
}
)Enum value maps for PkixPublicKey_SignatureAlgorithm.
ValidateAttestationOccurrenceResponse_Result_name, ValidateAttestationOccurrenceResponse_Result_value
var (
ValidateAttestationOccurrenceResponse_Result_name = map[int32]string{
0: "RESULT_UNSPECIFIED",
1: "VERIFIED",
2: "ATTESTATION_NOT_VERIFIABLE",
}
ValidateAttestationOccurrenceResponse_Result_value = map[string]int32{
"RESULT_UNSPECIFIED": 0,
"VERIFIED": 1,
"ATTESTATION_NOT_VERIFIABLE": 2,
}
)Enum value maps for ValidateAttestationOccurrenceResponse_Result.
File_google_cloud_binaryauthorization_v1_resources_proto
var File_google_cloud_binaryauthorization_v1_resources_proto protoreflect.FileDescriptorFile_google_cloud_binaryauthorization_v1_service_proto
var File_google_cloud_binaryauthorization_v1_service_proto protoreflect.FileDescriptorFunctions
func RegisterBinauthzManagementServiceV1Server
func RegisterBinauthzManagementServiceV1Server(s *grpc.Server, srv BinauthzManagementServiceV1Server)func RegisterSystemPolicyV1Server
func RegisterSystemPolicyV1Server(s *grpc.Server, srv SystemPolicyV1Server)func RegisterValidationHelperV1Server
func RegisterValidationHelperV1Server(s *grpc.Server, srv ValidationHelperV1Server)AdmissionRule
type AdmissionRule struct {
EvaluationMode AdmissionRule_EvaluationMode "" /* 174 byte string literal not displayed */
RequireAttestationsBy []string `protobuf:"bytes,2,rep,name=require_attestations_by,json=requireAttestationsBy,proto3" json:"require_attestations_by,omitempty"`
EnforcementMode AdmissionRule_EnforcementMode "" /* 178 byte string literal not displayed */
}An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied.
Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.
func (*AdmissionRule) Descriptor
func (*AdmissionRule) Descriptor() ([]byte, []int)Deprecated: Use AdmissionRule.ProtoReflect.Descriptor instead.
func (*AdmissionRule) GetEnforcementMode
func (x *AdmissionRule) GetEnforcementMode() AdmissionRule_EnforcementModefunc (*AdmissionRule) GetEvaluationMode
func (x *AdmissionRule) GetEvaluationMode() AdmissionRule_EvaluationModefunc (*AdmissionRule) GetRequireAttestationsBy
func (x *AdmissionRule) GetRequireAttestationsBy() []stringfunc (*AdmissionRule) ProtoMessage
func (*AdmissionRule) ProtoMessage()func (*AdmissionRule) ProtoReflect
func (x *AdmissionRule) ProtoReflect() protoreflect.Messagefunc (*AdmissionRule) Reset
func (x *AdmissionRule) Reset()func (*AdmissionRule) String
func (x *AdmissionRule) String() stringAdmissionRule_EnforcementMode
type AdmissionRule_EnforcementMode int32Defines the possible actions when a pod creation is denied by an admission rule.
AdmissionRule_ENFORCEMENT_MODE_UNSPECIFIED, AdmissionRule_ENFORCED_BLOCK_AND_AUDIT_LOG, AdmissionRule_DRYRUN_AUDIT_LOG_ONLY
const (
// Do not use.
AdmissionRule_ENFORCEMENT_MODE_UNSPECIFIED AdmissionRule_EnforcementMode = 0
// Enforce the admission rule by blocking the pod creation.
AdmissionRule_ENFORCED_BLOCK_AND_AUDIT_LOG AdmissionRule_EnforcementMode = 1
// Dryrun mode: Audit logging only. This will allow the pod creation as if
// the admission request had specified break-glass.
AdmissionRule_DRYRUN_AUDIT_LOG_ONLY AdmissionRule_EnforcementMode = 2
)func (AdmissionRule_EnforcementMode) Descriptor
func (AdmissionRule_EnforcementMode) Descriptor() protoreflect.EnumDescriptorfunc (AdmissionRule_EnforcementMode) Enum
func (x AdmissionRule_EnforcementMode) Enum() *AdmissionRule_EnforcementModefunc (AdmissionRule_EnforcementMode) EnumDescriptor
func (AdmissionRule_EnforcementMode) EnumDescriptor() ([]byte, []int)Deprecated: Use AdmissionRule_EnforcementMode.Descriptor instead.
func (AdmissionRule_EnforcementMode) Number
func (x AdmissionRule_EnforcementMode) Number() protoreflect.EnumNumberfunc (AdmissionRule_EnforcementMode) String
func (x AdmissionRule_EnforcementMode) String() stringfunc (AdmissionRule_EnforcementMode) Type
func (AdmissionRule_EnforcementMode) Type() protoreflect.EnumTypeAdmissionRule_EvaluationMode
type AdmissionRule_EvaluationMode int32AdmissionRule_EVALUATION_MODE_UNSPECIFIED, AdmissionRule_ALWAYS_ALLOW, AdmissionRule_REQUIRE_ATTESTATION, AdmissionRule_ALWAYS_DENY
const (
// Do not use.
AdmissionRule_EVALUATION_MODE_UNSPECIFIED AdmissionRule_EvaluationMode = 0
// This rule allows all all pod creations.
AdmissionRule_ALWAYS_ALLOW AdmissionRule_EvaluationMode = 1
// This rule allows a pod creation if all the attestors listed in
// 'require_attestations_by' have valid attestations for all of the
// images in the pod spec.
AdmissionRule_REQUIRE_ATTESTATION AdmissionRule_EvaluationMode = 2
// This rule denies all pod creations.
AdmissionRule_ALWAYS_DENY AdmissionRule_EvaluationMode = 3
)func (AdmissionRule_EvaluationMode) Descriptor
func (AdmissionRule_EvaluationMode) Descriptor() protoreflect.EnumDescriptorfunc (AdmissionRule_EvaluationMode) Enum
func (x AdmissionRule_EvaluationMode) Enum() *AdmissionRule_EvaluationModefunc (AdmissionRule_EvaluationMode) EnumDescriptor
func (AdmissionRule_EvaluationMode) EnumDescriptor() ([]byte, []int)Deprecated: Use AdmissionRule_EvaluationMode.Descriptor instead.
func (AdmissionRule_EvaluationMode) Number
func (x AdmissionRule_EvaluationMode) Number() protoreflect.EnumNumberfunc (AdmissionRule_EvaluationMode) String
func (x AdmissionRule_EvaluationMode) String() stringfunc (AdmissionRule_EvaluationMode) Type
func (AdmissionRule_EvaluationMode) Type() protoreflect.EnumTypeAdmissionWhitelistPattern
type AdmissionWhitelistPattern struct {
// An image name pattern to allowlist, in the form `registry/path/to/image`.
// This supports a trailing `*` wildcard, but this is allowed only in
// text after the `registry/` part. This also supports a trailing `**`
// wildcard which matches subdirectories of a given entry.
NamePattern string `protobuf:"bytes,1,opt,name=name_pattern,json=namePattern,proto3" json:"name_pattern,omitempty"`
// contains filtered or unexported fields
}An [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1.AdmissionRule].
func (*AdmissionWhitelistPattern) Descriptor
func (*AdmissionWhitelistPattern) Descriptor() ([]byte, []int)Deprecated: Use AdmissionWhitelistPattern.ProtoReflect.Descriptor instead.
func (*AdmissionWhitelistPattern) GetNamePattern
func (x *AdmissionWhitelistPattern) GetNamePattern() stringfunc (*AdmissionWhitelistPattern) ProtoMessage
func (*AdmissionWhitelistPattern) ProtoMessage()func (*AdmissionWhitelistPattern) ProtoReflect
func (x *AdmissionWhitelistPattern) ProtoReflect() protoreflect.Messagefunc (*AdmissionWhitelistPattern) Reset
func (x *AdmissionWhitelistPattern) Reset()func (*AdmissionWhitelistPattern) String
func (x *AdmissionWhitelistPattern) String() stringAttestor
type Attestor struct {
// Required. The resource name, in the format:
// `projects/*/attestors/*`. This field may not be updated.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. A descriptive comment. This field may be updated.
// The field may be displayed in chooser dialogs.
Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
// Types that are assignable to AttestorType:
// *Attestor_UserOwnedGrafeasNote
AttestorType isAttestor_AttestorType `protobuf_oneof:"attestor_type"`
// Output only. Time when the attestor was last updated.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// contains filtered or unexported fields
}An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image artifacts. An existing attestor cannot be modified except where indicated.
func (*Attestor) Descriptor
Deprecated: Use Attestor.ProtoReflect.Descriptor instead.
func (*Attestor) GetAttestorType
func (m *Attestor) GetAttestorType() isAttestor_AttestorTypefunc (*Attestor) GetDescription
func (*Attestor) GetName
func (*Attestor) GetUpdateTime
func (x *Attestor) GetUpdateTime() *timestamppb.Timestampfunc (*Attestor) GetUserOwnedGrafeasNote
func (x *Attestor) GetUserOwnedGrafeasNote() *UserOwnedGrafeasNotefunc (*Attestor) ProtoMessage
func (*Attestor) ProtoMessage()func (*Attestor) ProtoReflect
func (x *Attestor) ProtoReflect() protoreflect.Messagefunc (*Attestor) Reset
func (x *Attestor) Reset()func (*Attestor) String
AttestorPublicKey
type AttestorPublicKey struct {
// Optional. A descriptive comment. This field may be updated.
Comment string `protobuf:"bytes,1,opt,name=comment,proto3" json:"comment,omitempty"`
// The ID of this public key.
// Signatures verified by BinAuthz must include the ID of the public key that
// can be used to verify them, and that ID must match the contents of this
// field exactly.
// Additional restrictions on this field can be imposed based on which public
// key type is encapsulated. See the documentation on `public_key` cases below
// for details.
Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
// Types that are assignable to PublicKey:
// *AttestorPublicKey_AsciiArmoredPgpPublicKey
// *AttestorPublicKey_PkixPublicKey
PublicKey isAttestorPublicKey_PublicKey `protobuf_oneof:"public_key"`
// contains filtered or unexported fields
}An [attestor public key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.
func (*AttestorPublicKey) Descriptor
func (*AttestorPublicKey) Descriptor() ([]byte, []int)Deprecated: Use AttestorPublicKey.ProtoReflect.Descriptor instead.
func (*AttestorPublicKey) GetAsciiArmoredPgpPublicKey
func (x *AttestorPublicKey) GetAsciiArmoredPgpPublicKey() stringfunc (*AttestorPublicKey) GetComment
func (x *AttestorPublicKey) GetComment() stringfunc (*AttestorPublicKey) GetId
func (x *AttestorPublicKey) GetId() stringfunc (*AttestorPublicKey) GetPkixPublicKey
func (x *AttestorPublicKey) GetPkixPublicKey() *PkixPublicKeyfunc (*AttestorPublicKey) GetPublicKey
func (m *AttestorPublicKey) GetPublicKey() isAttestorPublicKey_PublicKeyfunc (*AttestorPublicKey) ProtoMessage
func (*AttestorPublicKey) ProtoMessage()func (*AttestorPublicKey) ProtoReflect
func (x *AttestorPublicKey) ProtoReflect() protoreflect.Messagefunc (*AttestorPublicKey) Reset
func (x *AttestorPublicKey) Reset()func (*AttestorPublicKey) String
func (x *AttestorPublicKey) String() stringAttestorPublicKey_AsciiArmoredPgpPublicKey
type AttestorPublicKey_AsciiArmoredPgpPublicKey struct {
// ASCII-armored representation of a PGP public key, as the entire output by
// the command `gpg --export --armor foo@example.com` (either LF or CRLF
// line endings).
// When using this field, `id` should be left blank. The BinAuthz API
// handlers will calculate the ID and fill it in automatically. BinAuthz
// computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
// upper-case hex. If `id` is provided by the caller, it will be
// overwritten by the API-calculated ID.
AsciiArmoredPgpPublicKey string `protobuf:"bytes,3,opt,name=ascii_armored_pgp_public_key,json=asciiArmoredPgpPublicKey,proto3,oneof"`
}AttestorPublicKey_PkixPublicKey
type AttestorPublicKey_PkixPublicKey struct {
// A raw PKIX SubjectPublicKeyInfo format public key.
//
// NOTE: `id` may be explicitly provided by the caller when using this
// type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
// blank, a default one will be computed based on the digest of the DER
// encoding of the public key.
PkixPublicKey *PkixPublicKey `protobuf:"bytes,5,opt,name=pkix_public_key,json=pkixPublicKey,proto3,oneof"`
}Attestor_UserOwnedGrafeasNote
type Attestor_UserOwnedGrafeasNote struct {
// This specifies how an attestation will be read, and how it will be used
// during policy enforcement.
UserOwnedGrafeasNote *UserOwnedGrafeasNote `protobuf:"bytes,3,opt,name=user_owned_grafeas_note,json=userOwnedGrafeasNote,proto3,oneof"`
}BinauthzManagementServiceV1Client
type BinauthzManagementServiceV1Client interface {
// A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
// a container image, before the project is allowed to deploy that
// image. There is at most one policy per project. All image admission
// requests are permitted if a project has no policy.
//
// Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
// [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
GetPolicy(ctx context.Context, in *GetPolicyRequest, opts ...grpc.CallOption) (*Policy, error)
// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
// new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
// conditions with concurrent policy enforcement (or management!)
// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
// if the request is malformed.
UpdatePolicy(ctx context.Context, in *UpdatePolicyRequest, opts ...grpc.CallOption) (*Policy, error)
// Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
// [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
// [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
CreateAttestor(ctx context.Context, in *CreateAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
// Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
GetAttestor(ctx context.Context, in *GetAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
// Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
UpdateAttestor(ctx context.Context, in *UpdateAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
// Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
// Returns INVALID_ARGUMENT if the project does not exist.
ListAttestors(ctx context.Context, in *ListAttestorsRequest, opts ...grpc.CallOption) (*ListAttestorsResponse, error)
// Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
DeleteAttestor(ctx context.Context, in *DeleteAttestorRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
}BinauthzManagementServiceV1Client is the client API for BinauthzManagementServiceV1 service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewBinauthzManagementServiceV1Client
func NewBinauthzManagementServiceV1Client(cc grpc.ClientConnInterface) BinauthzManagementServiceV1ClientBinauthzManagementServiceV1Server
type BinauthzManagementServiceV1Server interface {
// A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
// a container image, before the project is allowed to deploy that
// image. There is at most one policy per project. All image admission
// requests are permitted if a project has no policy.
//
// Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
// [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
// new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
// conditions with concurrent policy enforcement (or management!)
// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
// if the request is malformed.
UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)
// Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
// [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
// [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
CreateAttestor(context.Context, *CreateAttestorRequest) (*Attestor, error)
// Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
GetAttestor(context.Context, *GetAttestorRequest) (*Attestor, error)
// Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
UpdateAttestor(context.Context, *UpdateAttestorRequest) (*Attestor, error)
// Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
// Returns INVALID_ARGUMENT if the project does not exist.
ListAttestors(context.Context, *ListAttestorsRequest) (*ListAttestorsResponse, error)
// Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
DeleteAttestor(context.Context, *DeleteAttestorRequest) (*emptypb.Empty, error)
}BinauthzManagementServiceV1Server is the server API for BinauthzManagementServiceV1 service.
CreateAttestorRequest
type CreateAttestorRequest struct {
// Required. The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor].
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
AttestorId string `protobuf:"bytes,2,opt,name=attestor_id,json=attestorId,proto3" json:"attestor_id,omitempty"`
// Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
// overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
// in the format `projects/*/attestors/*`.
Attestor *Attestor `protobuf:"bytes,3,opt,name=attestor,proto3" json:"attestor,omitempty"`
// contains filtered or unexported fields
}Request message for [BinauthzManagementService.CreateAttestor][].
func (*CreateAttestorRequest) Descriptor
func (*CreateAttestorRequest) Descriptor() ([]byte, []int)Deprecated: Use CreateAttestorRequest.ProtoReflect.Descriptor instead.
func (*CreateAttestorRequest) GetAttestor
func (x *CreateAttestorRequest) GetAttestor() *Attestorfunc (*CreateAttestorRequest) GetAttestorId
func (x *CreateAttestorRequest) GetAttestorId() stringfunc (*CreateAttestorRequest) GetParent
func (x *CreateAttestorRequest) GetParent() stringfunc (*CreateAttestorRequest) ProtoMessage
func (*CreateAttestorRequest) ProtoMessage()func (*CreateAttestorRequest) ProtoReflect
func (x *CreateAttestorRequest) ProtoReflect() protoreflect.Messagefunc (*CreateAttestorRequest) Reset
func (x *CreateAttestorRequest) Reset()func (*CreateAttestorRequest) String
func (x *CreateAttestorRequest) String() stringDeleteAttestorRequest
type DeleteAttestorRequest struct {
// Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
// `projects/*/attestors/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request message for [BinauthzManagementService.DeleteAttestor][].
func (*DeleteAttestorRequest) Descriptor
func (*DeleteAttestorRequest) Descriptor() ([]byte, []int)Deprecated: Use DeleteAttestorRequest.ProtoReflect.Descriptor instead.
func (*DeleteAttestorRequest) GetName
func (x *DeleteAttestorRequest) GetName() stringfunc (*DeleteAttestorRequest) ProtoMessage
func (*DeleteAttestorRequest) ProtoMessage()func (*DeleteAttestorRequest) ProtoReflect
func (x *DeleteAttestorRequest) ProtoReflect() protoreflect.Messagefunc (*DeleteAttestorRequest) Reset
func (x *DeleteAttestorRequest) Reset()func (*DeleteAttestorRequest) String
func (x *DeleteAttestorRequest) String() stringGetAttestorRequest
type GetAttestorRequest struct {
// Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
// `projects/*/attestors/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request message for [BinauthzManagementService.GetAttestor][].
func (*GetAttestorRequest) Descriptor
func (*GetAttestorRequest) Descriptor() ([]byte, []int)Deprecated: Use GetAttestorRequest.ProtoReflect.Descriptor instead.
func (*GetAttestorRequest) GetName
func (x *GetAttestorRequest) GetName() stringfunc (*GetAttestorRequest) ProtoMessage
func (*GetAttestorRequest) ProtoMessage()func (*GetAttestorRequest) ProtoReflect
func (x *GetAttestorRequest) ProtoReflect() protoreflect.Messagefunc (*GetAttestorRequest) Reset
func (x *GetAttestorRequest) Reset()func (*GetAttestorRequest) String
func (x *GetAttestorRequest) String() stringGetPolicyRequest
type GetPolicyRequest struct {
// Required. The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
// in the format `projects/*/policy`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request message for [BinauthzManagementService.GetPolicy][].
func (*GetPolicyRequest) Descriptor
func (*GetPolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use GetPolicyRequest.ProtoReflect.Descriptor instead.
func (*GetPolicyRequest) GetName
func (x *GetPolicyRequest) GetName() stringfunc (*GetPolicyRequest) ProtoMessage
func (*GetPolicyRequest) ProtoMessage()func (*GetPolicyRequest) ProtoReflect
func (x *GetPolicyRequest) ProtoReflect() protoreflect.Messagefunc (*GetPolicyRequest) Reset
func (x *GetPolicyRequest) Reset()func (*GetPolicyRequest) String
func (x *GetPolicyRequest) String() stringGetSystemPolicyRequest
type GetSystemPolicyRequest struct {
// Required. The resource name, in the format `locations/*/policy`.
// Note that the system policy is not associated with a project.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}Request to read the current system policy.
func (*GetSystemPolicyRequest) Descriptor
func (*GetSystemPolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use GetSystemPolicyRequest.ProtoReflect.Descriptor instead.
func (*GetSystemPolicyRequest) GetName
func (x *GetSystemPolicyRequest) GetName() stringfunc (*GetSystemPolicyRequest) ProtoMessage
func (*GetSystemPolicyRequest) ProtoMessage()func (*GetSystemPolicyRequest) ProtoReflect
func (x *GetSystemPolicyRequest) ProtoReflect() protoreflect.Messagefunc (*GetSystemPolicyRequest) Reset
func (x *GetSystemPolicyRequest) Reset()func (*GetSystemPolicyRequest) String
func (x *GetSystemPolicyRequest) String() stringListAttestorsRequest
type ListAttestorsRequest struct {
// Required. The resource name of the project associated with the
// [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Requested page size. The server may return fewer results than requested. If
// unspecified, the server will pick an appropriate default.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// A token identifying a page of results the server should return. Typically,
// this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] returned
// from the previous call to the `ListAttestors` method.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}Request message for [BinauthzManagementService.ListAttestors][].
func (*ListAttestorsRequest) Descriptor
func (*ListAttestorsRequest) Descriptor() ([]byte, []int)Deprecated: Use ListAttestorsRequest.ProtoReflect.Descriptor instead.
func (*ListAttestorsRequest) GetPageSize
func (x *ListAttestorsRequest) GetPageSize() int32func (*ListAttestorsRequest) GetPageToken
func (x *ListAttestorsRequest) GetPageToken() stringfunc (*ListAttestorsRequest) GetParent
func (x *ListAttestorsRequest) GetParent() stringfunc (*ListAttestorsRequest) ProtoMessage
func (*ListAttestorsRequest) ProtoMessage()func (*ListAttestorsRequest) ProtoReflect
func (x *ListAttestorsRequest) ProtoReflect() protoreflect.Messagefunc (*ListAttestorsRequest) Reset
func (x *ListAttestorsRequest) Reset()func (*ListAttestorsRequest) String
func (x *ListAttestorsRequest) String() stringListAttestorsResponse
type ListAttestorsResponse struct {
// The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
Attestors []*Attestor `protobuf:"bytes,1,rep,name=attestors,proto3" json:"attestors,omitempty"`
// A token to retrieve the next page of results. Pass this value in the
// [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] field in the subsequent call to the
// `ListAttestors` method to retrieve the next page of results.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}Response message for [BinauthzManagementService.ListAttestors][].
func (*ListAttestorsResponse) Descriptor
func (*ListAttestorsResponse) Descriptor() ([]byte, []int)Deprecated: Use ListAttestorsResponse.ProtoReflect.Descriptor instead.
func (*ListAttestorsResponse) GetAttestors
func (x *ListAttestorsResponse) GetAttestors() []*Attestorfunc (*ListAttestorsResponse) GetNextPageToken
func (x *ListAttestorsResponse) GetNextPageToken() stringfunc (*ListAttestorsResponse) ProtoMessage
func (*ListAttestorsResponse) ProtoMessage()func (*ListAttestorsResponse) ProtoReflect
func (x *ListAttestorsResponse) ProtoReflect() protoreflect.Messagefunc (*ListAttestorsResponse) Reset
func (x *ListAttestorsResponse) Reset()func (*ListAttestorsResponse) String
func (x *ListAttestorsResponse) String() stringPkixPublicKey
type PkixPublicKey struct {
PublicKeyPem string `protobuf:"bytes,1,opt,name=public_key_pem,json=publicKeyPem,proto3" json:"public_key_pem,omitempty"`
SignatureAlgorithm PkixPublicKey_SignatureAlgorithm "" /* 190 byte string literal not displayed */
}A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.
func (*PkixPublicKey) Descriptor
func (*PkixPublicKey) Descriptor() ([]byte, []int)Deprecated: Use PkixPublicKey.ProtoReflect.Descriptor instead.
func (*PkixPublicKey) GetPublicKeyPem
func (x *PkixPublicKey) GetPublicKeyPem() stringfunc (*PkixPublicKey) GetSignatureAlgorithm
func (x *PkixPublicKey) GetSignatureAlgorithm() PkixPublicKey_SignatureAlgorithmfunc (*PkixPublicKey) ProtoMessage
func (*PkixPublicKey) ProtoMessage()func (*PkixPublicKey) ProtoReflect
func (x *PkixPublicKey) ProtoReflect() protoreflect.Messagefunc (*PkixPublicKey) Reset
func (x *PkixPublicKey) Reset()func (*PkixPublicKey) String
func (x *PkixPublicKey) String() stringPkixPublicKey_SignatureAlgorithm
type PkixPublicKey_SignatureAlgorithm int32Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS.
PkixPublicKey_SIGNATURE_ALGORITHM_UNSPECIFIED, PkixPublicKey_RSA_PSS_2048_SHA256, PkixPublicKey_RSA_PSS_3072_SHA256, PkixPublicKey_RSA_PSS_4096_SHA256, PkixPublicKey_RSA_PSS_4096_SHA512, PkixPublicKey_RSA_SIGN_PKCS1_2048_SHA256, PkixPublicKey_RSA_SIGN_PKCS1_3072_SHA256, PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA256, PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA512, PkixPublicKey_ECDSA_P256_SHA256, PkixPublicKey_EC_SIGN_P256_SHA256, PkixPublicKey_ECDSA_P384_SHA384, PkixPublicKey_EC_SIGN_P384_SHA384, PkixPublicKey_ECDSA_P521_SHA512, PkixPublicKey_EC_SIGN_P521_SHA512
const (
// Not specified.
PkixPublicKey_SIGNATURE_ALGORITHM_UNSPECIFIED PkixPublicKey_SignatureAlgorithm = 0
// RSASSA-PSS 2048 bit key with a SHA256 digest.
PkixPublicKey_RSA_PSS_2048_SHA256 PkixPublicKey_SignatureAlgorithm = 1
// RSASSA-PSS 3072 bit key with a SHA256 digest.
PkixPublicKey_RSA_PSS_3072_SHA256 PkixPublicKey_SignatureAlgorithm = 2
// RSASSA-PSS 4096 bit key with a SHA256 digest.
PkixPublicKey_RSA_PSS_4096_SHA256 PkixPublicKey_SignatureAlgorithm = 3
// RSASSA-PSS 4096 bit key with a SHA512 digest.
PkixPublicKey_RSA_PSS_4096_SHA512 PkixPublicKey_SignatureAlgorithm = 4
// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
PkixPublicKey_RSA_SIGN_PKCS1_2048_SHA256 PkixPublicKey_SignatureAlgorithm = 5
// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
PkixPublicKey_RSA_SIGN_PKCS1_3072_SHA256 PkixPublicKey_SignatureAlgorithm = 6
// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA256 PkixPublicKey_SignatureAlgorithm = 7
// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA512 PkixPublicKey_SignatureAlgorithm = 8
// ECDSA on the NIST P-256 curve with a SHA256 digest.
PkixPublicKey_ECDSA_P256_SHA256 PkixPublicKey_SignatureAlgorithm = 9
// ECDSA on the NIST P-256 curve with a SHA256 digest.
PkixPublicKey_EC_SIGN_P256_SHA256 PkixPublicKey_SignatureAlgorithm = 9
// ECDSA on the NIST P-384 curve with a SHA384 digest.
PkixPublicKey_ECDSA_P384_SHA384 PkixPublicKey_SignatureAlgorithm = 10
// ECDSA on the NIST P-384 curve with a SHA384 digest.
PkixPublicKey_EC_SIGN_P384_SHA384 PkixPublicKey_SignatureAlgorithm = 10
// ECDSA on the NIST P-521 curve with a SHA512 digest.
PkixPublicKey_ECDSA_P521_SHA512 PkixPublicKey_SignatureAlgorithm = 11
// ECDSA on the NIST P-521 curve with a SHA512 digest.
PkixPublicKey_EC_SIGN_P521_SHA512 PkixPublicKey_SignatureAlgorithm = 11
)func (PkixPublicKey_SignatureAlgorithm) Descriptor
func (PkixPublicKey_SignatureAlgorithm) Descriptor() protoreflect.EnumDescriptorfunc (PkixPublicKey_SignatureAlgorithm) Enum
func (x PkixPublicKey_SignatureAlgorithm) Enum() *PkixPublicKey_SignatureAlgorithmfunc (PkixPublicKey_SignatureAlgorithm) EnumDescriptor
func (PkixPublicKey_SignatureAlgorithm) EnumDescriptor() ([]byte, []int)Deprecated: Use PkixPublicKey_SignatureAlgorithm.Descriptor instead.
func (PkixPublicKey_SignatureAlgorithm) Number
func (x PkixPublicKey_SignatureAlgorithm) Number() protoreflect.EnumNumberfunc (PkixPublicKey_SignatureAlgorithm) String
func (x PkixPublicKey_SignatureAlgorithm) String() stringfunc (PkixPublicKey_SignatureAlgorithm) Type
func (PkixPublicKey_SignatureAlgorithm) Type() protoreflect.EnumTypePolicy
type Policy struct {
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
GlobalPolicyEvaluationMode Policy_GlobalPolicyEvaluationMode "" /* 219 byte string literal not displayed */
AdmissionWhitelistPatterns []*AdmissionWhitelistPattern "" /* 141 byte string literal not displayed */
ClusterAdmissionRules map[string]*AdmissionRule "" /* 214 byte string literal not displayed */
KubernetesNamespaceAdmissionRules map[string]*AdmissionRule "" /* 253 byte string literal not displayed */
KubernetesServiceAccountAdmissionRules map[string]*AdmissionRule "" /* 269 byte string literal not displayed */
IstioServiceIdentityAdmissionRules map[string]*AdmissionRule "" /* 257 byte string literal not displayed */
DefaultAdmissionRule *AdmissionRule `protobuf:"bytes,4,opt,name=default_admission_rule,json=defaultAdmissionRule,proto3" json:"default_admission_rule,omitempty"`
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
}A [policy][google.cloud.binaryauthorization.v1.Policy] for container image binary authorization.
func (*Policy) Descriptor
Deprecated: Use Policy.ProtoReflect.Descriptor instead.
func (*Policy) GetAdmissionWhitelistPatterns
func (x *Policy) GetAdmissionWhitelistPatterns() []*AdmissionWhitelistPatternfunc (*Policy) GetClusterAdmissionRules
func (x *Policy) GetClusterAdmissionRules() map[string]*AdmissionRulefunc (*Policy) GetDefaultAdmissionRule
func (x *Policy) GetDefaultAdmissionRule() *AdmissionRulefunc (*Policy) GetDescription
func (*Policy) GetGlobalPolicyEvaluationMode
func (x *Policy) GetGlobalPolicyEvaluationMode() Policy_GlobalPolicyEvaluationModefunc (*Policy) GetIstioServiceIdentityAdmissionRules
func (x *Policy) GetIstioServiceIdentityAdmissionRules() map[string]*AdmissionRulefunc (*Policy) GetKubernetesNamespaceAdmissionRules
func (x *Policy) GetKubernetesNamespaceAdmissionRules() map[string]*AdmissionRulefunc (*Policy) GetKubernetesServiceAccountAdmissionRules
func (x *Policy) GetKubernetesServiceAccountAdmissionRules() map[string]*AdmissionRulefunc (*Policy) GetName
func (*Policy) GetUpdateTime
func (x *Policy) GetUpdateTime() *timestamppb.Timestampfunc (*Policy) ProtoMessage
func (*Policy) ProtoMessage()func (*Policy) ProtoReflect
func (x *Policy) ProtoReflect() protoreflect.Messagefunc (*Policy) Reset
func (x *Policy) Reset()func (*Policy) String
Policy_GlobalPolicyEvaluationMode
type Policy_GlobalPolicyEvaluationMode int32Policy_GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, Policy_ENABLE, Policy_DISABLE
const (
// Not specified: DISABLE is assumed.
Policy_GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED Policy_GlobalPolicyEvaluationMode = 0
// Enables system policy evaluation.
Policy_ENABLE Policy_GlobalPolicyEvaluationMode = 1
// Disables system policy evaluation.
Policy_DISABLE Policy_GlobalPolicyEvaluationMode = 2
)func (Policy_GlobalPolicyEvaluationMode) Descriptor
func (Policy_GlobalPolicyEvaluationMode) Descriptor() protoreflect.EnumDescriptorfunc (Policy_GlobalPolicyEvaluationMode) Enum
func (x Policy_GlobalPolicyEvaluationMode) Enum() *Policy_GlobalPolicyEvaluationModefunc (Policy_GlobalPolicyEvaluationMode) EnumDescriptor
func (Policy_GlobalPolicyEvaluationMode) EnumDescriptor() ([]byte, []int)Deprecated: Use Policy_GlobalPolicyEvaluationMode.Descriptor instead.
func (Policy_GlobalPolicyEvaluationMode) Number
func (x Policy_GlobalPolicyEvaluationMode) Number() protoreflect.EnumNumberfunc (Policy_GlobalPolicyEvaluationMode) String
func (x Policy_GlobalPolicyEvaluationMode) String() stringfunc (Policy_GlobalPolicyEvaluationMode) Type
func (Policy_GlobalPolicyEvaluationMode) Type() protoreflect.EnumTypeSystemPolicyV1Client
type SystemPolicyV1Client interface {
// Gets the current system policy in the specified location.
GetSystemPolicy(ctx context.Context, in *GetSystemPolicyRequest, opts ...grpc.CallOption) (*Policy, error)
}SystemPolicyV1Client is the client API for SystemPolicyV1 service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewSystemPolicyV1Client
func NewSystemPolicyV1Client(cc grpc.ClientConnInterface) SystemPolicyV1ClientSystemPolicyV1Server
type SystemPolicyV1Server interface {
// Gets the current system policy in the specified location.
GetSystemPolicy(context.Context, *GetSystemPolicyRequest) (*Policy, error)
}SystemPolicyV1Server is the server API for SystemPolicyV1 service.
UnimplementedBinauthzManagementServiceV1Server
type UnimplementedBinauthzManagementServiceV1Server struct {
}UnimplementedBinauthzManagementServiceV1Server can be embedded to have forward compatible implementations.
func (*UnimplementedBinauthzManagementServiceV1Server) CreateAttestor
func (*UnimplementedBinauthzManagementServiceV1Server) CreateAttestor(context.Context, *CreateAttestorRequest) (*Attestor, error)func (*UnimplementedBinauthzManagementServiceV1Server) DeleteAttestor
func (*UnimplementedBinauthzManagementServiceV1Server) DeleteAttestor(context.Context, *DeleteAttestorRequest) (*emptypb.Empty, error)func (*UnimplementedBinauthzManagementServiceV1Server) GetAttestor
func (*UnimplementedBinauthzManagementServiceV1Server) GetAttestor(context.Context, *GetAttestorRequest) (*Attestor, error)func (*UnimplementedBinauthzManagementServiceV1Server) GetPolicy
func (*UnimplementedBinauthzManagementServiceV1Server) GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)func (*UnimplementedBinauthzManagementServiceV1Server) ListAttestors
func (*UnimplementedBinauthzManagementServiceV1Server) ListAttestors(context.Context, *ListAttestorsRequest) (*ListAttestorsResponse, error)func (*UnimplementedBinauthzManagementServiceV1Server) UpdateAttestor
func (*UnimplementedBinauthzManagementServiceV1Server) UpdateAttestor(context.Context, *UpdateAttestorRequest) (*Attestor, error)func (*UnimplementedBinauthzManagementServiceV1Server) UpdatePolicy
func (*UnimplementedBinauthzManagementServiceV1Server) UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)UnimplementedSystemPolicyV1Server
type UnimplementedSystemPolicyV1Server struct {
}UnimplementedSystemPolicyV1Server can be embedded to have forward compatible implementations.
func (*UnimplementedSystemPolicyV1Server) GetSystemPolicy
func (*UnimplementedSystemPolicyV1Server) GetSystemPolicy(context.Context, *GetSystemPolicyRequest) (*Policy, error)UnimplementedValidationHelperV1Server
type UnimplementedValidationHelperV1Server struct {
}UnimplementedValidationHelperV1Server can be embedded to have forward compatible implementations.
func (*UnimplementedValidationHelperV1Server) ValidateAttestationOccurrence
func (*UnimplementedValidationHelperV1Server) ValidateAttestationOccurrence(context.Context, *ValidateAttestationOccurrenceRequest) (*ValidateAttestationOccurrenceResponse, error)UpdateAttestorRequest
type UpdateAttestorRequest struct {
// Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
// overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
// in the request URL, in the format `projects/*/attestors/*`.
Attestor *Attestor `protobuf:"bytes,1,opt,name=attestor,proto3" json:"attestor,omitempty"`
// contains filtered or unexported fields
}Request message for [BinauthzManagementService.UpdateAttestor][].
func (*UpdateAttestorRequest) Descriptor
func (*UpdateAttestorRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdateAttestorRequest.ProtoReflect.Descriptor instead.
func (*UpdateAttestorRequest) GetAttestor
func (x *UpdateAttestorRequest) GetAttestor() *Attestorfunc (*UpdateAttestorRequest) ProtoMessage
func (*UpdateAttestorRequest) ProtoMessage()func (*UpdateAttestorRequest) ProtoReflect
func (x *UpdateAttestorRequest) ProtoReflect() protoreflect.Messagefunc (*UpdateAttestorRequest) Reset
func (x *UpdateAttestorRequest) Reset()func (*UpdateAttestorRequest) String
func (x *UpdateAttestorRequest) String() stringUpdatePolicyRequest
type UpdatePolicyRequest struct {
// Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
// overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
// the request URL, in the format `projects/*/policy`.
Policy *Policy `protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty"`
// contains filtered or unexported fields
}Request message for [BinauthzManagementService.UpdatePolicy][].
func (*UpdatePolicyRequest) Descriptor
func (*UpdatePolicyRequest) Descriptor() ([]byte, []int)Deprecated: Use UpdatePolicyRequest.ProtoReflect.Descriptor instead.
func (*UpdatePolicyRequest) GetPolicy
func (x *UpdatePolicyRequest) GetPolicy() *Policyfunc (*UpdatePolicyRequest) ProtoMessage
func (*UpdatePolicyRequest) ProtoMessage()func (*UpdatePolicyRequest) ProtoReflect
func (x *UpdatePolicyRequest) ProtoReflect() protoreflect.Messagefunc (*UpdatePolicyRequest) Reset
func (x *UpdatePolicyRequest) Reset()func (*UpdatePolicyRequest) String
func (x *UpdatePolicyRequest) String() stringUserOwnedGrafeasNote
type UserOwnedGrafeasNote struct {
NoteReference string `protobuf:"bytes,1,opt,name=note_reference,json=noteReference,proto3" json:"note_reference,omitempty"`
PublicKeys []*AttestorPublicKey `protobuf:"bytes,2,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"`
DelegationServiceAccountEmail string "" /* 152 byte string literal not displayed */
}An [user owned Grafeas note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a Grafeas Attestation.Authority Note created by the user.
func (*UserOwnedGrafeasNote) Descriptor
func (*UserOwnedGrafeasNote) Descriptor() ([]byte, []int)Deprecated: Use UserOwnedGrafeasNote.ProtoReflect.Descriptor instead.
func (*UserOwnedGrafeasNote) GetDelegationServiceAccountEmail
func (x *UserOwnedGrafeasNote) GetDelegationServiceAccountEmail() stringfunc (*UserOwnedGrafeasNote) GetNoteReference
func (x *UserOwnedGrafeasNote) GetNoteReference() stringfunc (*UserOwnedGrafeasNote) GetPublicKeys
func (x *UserOwnedGrafeasNote) GetPublicKeys() []*AttestorPublicKeyfunc (*UserOwnedGrafeasNote) ProtoMessage
func (*UserOwnedGrafeasNote) ProtoMessage()func (*UserOwnedGrafeasNote) ProtoReflect
func (x *UserOwnedGrafeasNote) ProtoReflect() protoreflect.Messagefunc (*UserOwnedGrafeasNote) Reset
func (x *UserOwnedGrafeasNote) Reset()func (*UserOwnedGrafeasNote) String
func (x *UserOwnedGrafeasNote) String() stringValidateAttestationOccurrenceRequest
type ValidateAttestationOccurrenceRequest struct {
// Required. The resource name of the [Attestor][google.cloud.binaryauthorization.v1.Attestor] of the
// [occurrence][grafeas.v1.Occurrence], in the format
// `projects/*/attestors/*`.
Attestor string `protobuf:"bytes,1,opt,name=attestor,proto3" json:"attestor,omitempty"`
// Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
// be checked that it can be verified by the Attestor. It does not have to be
// an existing entity in Container Analysis. It must otherwise be a valid
// AttestationOccurrence.
Attestation *v1.AttestationOccurrence `protobuf:"bytes,2,opt,name=attestation,proto3" json:"attestation,omitempty"`
// Required. The resource name of the [Note][grafeas.v1.Note] to which the
// containing [Occurrence][grafeas.v1.Occurrence] is associated.
OccurrenceNote string `protobuf:"bytes,3,opt,name=occurrence_note,json=occurrenceNote,proto3" json:"occurrence_note,omitempty"`
// Required. The URI of the artifact (e.g. container image) that is the
// subject of the containing [Occurrence][grafeas.v1.Occurrence].
OccurrenceResourceUri string `protobuf:"bytes,4,opt,name=occurrence_resource_uri,json=occurrenceResourceUri,proto3" json:"occurrence_resource_uri,omitempty"`
// contains filtered or unexported fields
}Request message for [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
func (*ValidateAttestationOccurrenceRequest) Descriptor
func (*ValidateAttestationOccurrenceRequest) Descriptor() ([]byte, []int)Deprecated: Use ValidateAttestationOccurrenceRequest.ProtoReflect.Descriptor instead.
func (*ValidateAttestationOccurrenceRequest) GetAttestation
func (x *ValidateAttestationOccurrenceRequest) GetAttestation() *v1.AttestationOccurrencefunc (*ValidateAttestationOccurrenceRequest) GetAttestor
func (x *ValidateAttestationOccurrenceRequest) GetAttestor() stringfunc (*ValidateAttestationOccurrenceRequest) GetOccurrenceNote
func (x *ValidateAttestationOccurrenceRequest) GetOccurrenceNote() stringfunc (*ValidateAttestationOccurrenceRequest) GetOccurrenceResourceUri
func (x *ValidateAttestationOccurrenceRequest) GetOccurrenceResourceUri() stringfunc (*ValidateAttestationOccurrenceRequest) ProtoMessage
func (*ValidateAttestationOccurrenceRequest) ProtoMessage()func (*ValidateAttestationOccurrenceRequest) ProtoReflect
func (x *ValidateAttestationOccurrenceRequest) ProtoReflect() protoreflect.Messagefunc (*ValidateAttestationOccurrenceRequest) Reset
func (x *ValidateAttestationOccurrenceRequest) Reset()func (*ValidateAttestationOccurrenceRequest) String
func (x *ValidateAttestationOccurrenceRequest) String() stringValidateAttestationOccurrenceResponse
type ValidateAttestationOccurrenceResponse struct {
Result ValidateAttestationOccurrenceResponse_Result "" /* 152 byte string literal not displayed */
DenialReason string `protobuf:"bytes,2,opt,name=denial_reason,json=denialReason,proto3" json:"denial_reason,omitempty"`
}Response message for [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
func (*ValidateAttestationOccurrenceResponse) Descriptor
func (*ValidateAttestationOccurrenceResponse) Descriptor() ([]byte, []int)Deprecated: Use ValidateAttestationOccurrenceResponse.ProtoReflect.Descriptor instead.
func (*ValidateAttestationOccurrenceResponse) GetDenialReason
func (x *ValidateAttestationOccurrenceResponse) GetDenialReason() stringfunc (*ValidateAttestationOccurrenceResponse) GetResult
func (x *ValidateAttestationOccurrenceResponse) GetResult() ValidateAttestationOccurrenceResponse_Resultfunc (*ValidateAttestationOccurrenceResponse) ProtoMessage
func (*ValidateAttestationOccurrenceResponse) ProtoMessage()func (*ValidateAttestationOccurrenceResponse) ProtoReflect
func (x *ValidateAttestationOccurrenceResponse) ProtoReflect() protoreflect.Messagefunc (*ValidateAttestationOccurrenceResponse) Reset
func (x *ValidateAttestationOccurrenceResponse) Reset()func (*ValidateAttestationOccurrenceResponse) String
func (x *ValidateAttestationOccurrenceResponse) String() stringValidateAttestationOccurrenceResponse_Result
type ValidateAttestationOccurrenceResponse_Result int32The enum returned in the "result" field.
ValidateAttestationOccurrenceResponse_RESULT_UNSPECIFIED, ValidateAttestationOccurrenceResponse_VERIFIED, ValidateAttestationOccurrenceResponse_ATTESTATION_NOT_VERIFIABLE
const (
// Unspecified.
ValidateAttestationOccurrenceResponse_RESULT_UNSPECIFIED ValidateAttestationOccurrenceResponse_Result = 0
// The Attestation was able to verified by the Attestor.
ValidateAttestationOccurrenceResponse_VERIFIED ValidateAttestationOccurrenceResponse_Result = 1
// The Attestation was not able to verified by the Attestor.
ValidateAttestationOccurrenceResponse_ATTESTATION_NOT_VERIFIABLE ValidateAttestationOccurrenceResponse_Result = 2
)func (ValidateAttestationOccurrenceResponse_Result) Descriptor
func (ValidateAttestationOccurrenceResponse_Result) Descriptor() protoreflect.EnumDescriptorfunc (ValidateAttestationOccurrenceResponse_Result) Enum
func (x ValidateAttestationOccurrenceResponse_Result) Enum() *ValidateAttestationOccurrenceResponse_Resultfunc (ValidateAttestationOccurrenceResponse_Result) EnumDescriptor
func (ValidateAttestationOccurrenceResponse_Result) EnumDescriptor() ([]byte, []int)Deprecated: Use ValidateAttestationOccurrenceResponse_Result.Descriptor instead.
func (ValidateAttestationOccurrenceResponse_Result) Number
func (x ValidateAttestationOccurrenceResponse_Result) Number() protoreflect.EnumNumberfunc (ValidateAttestationOccurrenceResponse_Result) String
func (x ValidateAttestationOccurrenceResponse_Result) String() stringfunc (ValidateAttestationOccurrenceResponse_Result) Type
func (ValidateAttestationOccurrenceResponse_Result) Type() protoreflect.EnumTypeValidationHelperV1Client
type ValidationHelperV1Client interface {
// Returns whether the given Attestation for the given image URI
// was signed by the given Attestor
ValidateAttestationOccurrence(ctx context.Context, in *ValidateAttestationOccurrenceRequest, opts ...grpc.CallOption) (*ValidateAttestationOccurrenceResponse, error)
}ValidationHelperV1Client is the client API for ValidationHelperV1 service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.
func NewValidationHelperV1Client
func NewValidationHelperV1Client(cc grpc.ClientConnInterface) ValidationHelperV1ClientValidationHelperV1Server
type ValidationHelperV1Server interface {
// Returns whether the given Attestation for the given image URI
// was signed by the given Attestor
ValidateAttestationOccurrence(context.Context, *ValidateAttestationOccurrenceRequest) (*ValidateAttestationOccurrenceResponse, error)
}ValidationHelperV1Server is the server API for ValidationHelperV1 service.