public final class AdmissionRule extends GeneratedMessageV3 implements AdmissionRuleOrBuilder
An admission rule specifies either that all container images
used in a pod creation request must be attested to by one or more
attestors, that all pod creations will be allowed, or that all
pod creations will be denied.
Images matching an admission allowlist pattern
are exempted from admission rules and will never block a pod creation.
Protobuf type google.cloud.binaryauthorization.v1beta1.AdmissionRule
Inherited Members
com.google.protobuf.GeneratedMessageV3.<ListT>makeMutableCopy(ListT)
Static Fields
ENFORCEMENT_MODE_FIELD_NUMBER
public static final int ENFORCEMENT_MODE_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
EVALUATION_MODE_FIELD_NUMBER
public static final int EVALUATION_MODE_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
REQUIRE_ATTESTATIONS_BY_FIELD_NUMBER
public static final int REQUIRE_ATTESTATIONS_BY_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
Static Methods
getDefaultInstance()
public static AdmissionRule getDefaultInstance()
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
newBuilder()
public static AdmissionRule.Builder newBuilder()
newBuilder(AdmissionRule prototype)
public static AdmissionRule.Builder newBuilder(AdmissionRule prototype)
public static AdmissionRule parseDelimitedFrom(InputStream input)
public static AdmissionRule parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
parseFrom(byte[] data)
public static AdmissionRule parseFrom(byte[] data)
Parameter |
---|
Name | Description |
data | byte[]
|
parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
public static AdmissionRule parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
parseFrom(ByteString data)
public static AdmissionRule parseFrom(ByteString data)
parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static AdmissionRule parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static AdmissionRule parseFrom(CodedInputStream input)
public static AdmissionRule parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
public static AdmissionRule parseFrom(InputStream input)
public static AdmissionRule parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
parseFrom(ByteBuffer data)
public static AdmissionRule parseFrom(ByteBuffer data)
parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
public static AdmissionRule parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
parser()
public static Parser<AdmissionRule> parser()
Methods
equals(Object obj)
public boolean equals(Object obj)
Parameter |
---|
Name | Description |
obj | Object
|
Overrides
getDefaultInstanceForType()
public AdmissionRule getDefaultInstanceForType()
getEnforcementMode()
public AdmissionRule.EnforcementMode getEnforcementMode()
Required. The action when a pod creation is denied by the admission rule.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
getEnforcementModeValue()
public int getEnforcementModeValue()
Required. The action when a pod creation is denied by the admission rule.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
Returns |
---|
Type | Description |
int | The enum numeric value on the wire for enforcementMode.
|
getEvaluationMode()
public AdmissionRule.EvaluationMode getEvaluationMode()
Required. How this admission rule will be evaluated.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
getEvaluationModeValue()
public int getEvaluationModeValue()
Required. How this admission rule will be evaluated.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
Returns |
---|
Type | Description |
int | The enum numeric value on the wire for evaluationMode.
|
getParserForType()
public Parser<AdmissionRule> getParserForType()
Overrides
getRequireAttestationsBy(int index)
public String getRequireAttestationsBy(int index)
Optional. The resource names of the attestors that must attest to
a container image, in the format projects/*/attestors/*
. Each
attestor must exist before a policy can reference it. To add an attestor
to a policy the principal issuing the policy change request must be able
to read the attestor resource.
Note: this field must be non-empty when the evaluation_mode field specifies
REQUIRE_ATTESTATION, otherwise it must be empty.
repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameter |
---|
Name | Description |
index | int
The index of the element to return.
|
Returns |
---|
Type | Description |
String | The requireAttestationsBy at the given index.
|
getRequireAttestationsByBytes(int index)
public ByteString getRequireAttestationsByBytes(int index)
Optional. The resource names of the attestors that must attest to
a container image, in the format projects/*/attestors/*
. Each
attestor must exist before a policy can reference it. To add an attestor
to a policy the principal issuing the policy change request must be able
to read the attestor resource.
Note: this field must be non-empty when the evaluation_mode field specifies
REQUIRE_ATTESTATION, otherwise it must be empty.
repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameter |
---|
Name | Description |
index | int
The index of the value to return.
|
Returns |
---|
Type | Description |
ByteString | The bytes of the requireAttestationsBy at the given index.
|
getRequireAttestationsByCount()
public int getRequireAttestationsByCount()
Optional. The resource names of the attestors that must attest to
a container image, in the format projects/*/attestors/*
. Each
attestor must exist before a policy can reference it. To add an attestor
to a policy the principal issuing the policy change request must be able
to read the attestor resource.
Note: this field must be non-empty when the evaluation_mode field specifies
REQUIRE_ATTESTATION, otherwise it must be empty.
repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
Returns |
---|
Type | Description |
int | The count of requireAttestationsBy.
|
getRequireAttestationsByList()
public ProtocolStringList getRequireAttestationsByList()
Optional. The resource names of the attestors that must attest to
a container image, in the format projects/*/attestors/*
. Each
attestor must exist before a policy can reference it. To add an attestor
to a policy the principal issuing the policy change request must be able
to read the attestor resource.
Note: this field must be non-empty when the evaluation_mode field specifies
REQUIRE_ATTESTATION, otherwise it must be empty.
repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
getSerializedSize()
public int getSerializedSize()
Returns |
---|
Type | Description |
int | |
Overrides
getUnknownFields()
public final UnknownFieldSet getUnknownFields()
Overrides
hashCode()
Returns |
---|
Type | Description |
int | |
Overrides
internalGetFieldAccessorTable()
protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Overrides
isInitialized()
public final boolean isInitialized()
Overrides
newBuilderForType()
public AdmissionRule.Builder newBuilderForType()
newBuilderForType(GeneratedMessageV3.BuilderParent parent)
protected AdmissionRule.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Overrides
newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Overrides
toBuilder()
public AdmissionRule.Builder toBuilder()
writeTo(CodedOutputStream output)
public void writeTo(CodedOutputStream output)
Overrides