- 1.55.0 (latest)
- 1.54.0
- 1.53.0
- 1.52.0
- 1.51.0
- 1.50.0
- 1.48.0
- 1.47.0
- 1.46.0
- 1.45.0
- 1.44.0
- 1.43.0
- 1.42.0
- 1.41.0
- 1.40.0
- 1.39.0
- 1.38.0
- 1.36.0
- 1.35.0
- 1.34.0
- 1.33.0
- 1.32.0
- 1.31.0
- 1.30.0
- 1.29.0
- 1.28.0
- 1.27.0
- 1.26.0
- 1.23.0
- 1.22.0
- 1.21.0
- 1.20.0
- 1.19.0
- 1.18.0
- 1.17.0
- 1.16.0
- 1.15.0
- 1.14.0
- 1.13.0
- 1.12.0
- 1.11.0
- 1.10.0
- 1.9.0
- 1.8.0
- 1.7.0
- 1.6.0
- 1.5.0
- 1.4.0
- 1.3.0
- 1.0.6
public interface PolicyOrBuilder extends MessageOrBuilder
Implements
MessageOrBuilderMethods
containsClusterAdmissionRules(String key)
public abstract boolean containsClusterAdmissionRules(String key)
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
key | String |
Returns | |
---|---|
Type | Description |
boolean |
containsIstioServiceIdentityAdmissionRules(String key)
public abstract boolean containsIstioServiceIdentityAdmissionRules(String key)
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>
or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
key | String |
Returns | |
---|---|
Type | Description |
boolean |
containsKubernetesNamespaceAdmissionRules(String key)
public abstract boolean containsKubernetesNamespaceAdmissionRules(String key)
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+
, e.g. some-namespace
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
key | String |
Returns | |
---|---|
Type | Description |
boolean |
containsKubernetesServiceAccountAdmissionRules(String key)
public abstract boolean containsKubernetesServiceAccountAdmissionRules(String key)
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount
. e.g. test-ns:default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
key | String |
Returns | |
---|---|
Type | Description |
boolean |
getAdmissionWhitelistPatterns(int index)
public abstract AdmissionWhitelistPattern getAdmissionWhitelistPatterns(int index)
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
index | int |
Returns | |
---|---|
Type | Description |
AdmissionWhitelistPattern |
getAdmissionWhitelistPatternsCount()
public abstract int getAdmissionWhitelistPatternsCount()
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
int |
getAdmissionWhitelistPatternsList()
public abstract List<AdmissionWhitelistPattern> getAdmissionWhitelistPatternsList()
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
List<AdmissionWhitelistPattern> |
getAdmissionWhitelistPatternsOrBuilder(int index)
public abstract AdmissionWhitelistPatternOrBuilder getAdmissionWhitelistPatternsOrBuilder(int index)
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
index | int |
Returns | |
---|---|
Type | Description |
AdmissionWhitelistPatternOrBuilder |
getAdmissionWhitelistPatternsOrBuilderList()
public abstract List<? extends AdmissionWhitelistPatternOrBuilder> getAdmissionWhitelistPatternsOrBuilderList()
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
List<? extends com.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPatternOrBuilder> |
getClusterAdmissionRules()
public abstract Map<String,AdmissionRule> getClusterAdmissionRules()
Use #getClusterAdmissionRulesMap() instead.
Returns | |
---|---|
Type | Description |
Map<String,AdmissionRule> |
getClusterAdmissionRulesCount()
public abstract int getClusterAdmissionRulesCount()
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
int |
getClusterAdmissionRulesMap()
public abstract Map<String,AdmissionRule> getClusterAdmissionRulesMap()
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
Map<String,AdmissionRule> |
getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
public abstract AdmissionRule getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
Parameters | |
---|---|
Name | Description |
key | String |
defaultValue | AdmissionRule |
Returns | |
---|---|
Type | Description |
AdmissionRule |
getClusterAdmissionRulesOrThrow(String key)
public abstract AdmissionRule getClusterAdmissionRulesOrThrow(String key)
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
key | String |
Returns | |
---|---|
Type | Description |
AdmissionRule |
getDefaultAdmissionRule()
public abstract AdmissionRule getDefaultAdmissionRule()
Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
Returns | |
---|---|
Type | Description |
AdmissionRule | The defaultAdmissionRule. |
getDefaultAdmissionRuleOrBuilder()
public abstract AdmissionRuleOrBuilder getDefaultAdmissionRuleOrBuilder()
Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
Returns | |
---|---|
Type | Description |
AdmissionRuleOrBuilder |
getDescription()
public abstract String getDescription()
Optional. A descriptive comment.
string description = 6 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
String | The description. |
getDescriptionBytes()
public abstract ByteString getDescriptionBytes()
Optional. A descriptive comment.
string description = 6 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
ByteString | The bytes for description. |
getGlobalPolicyEvaluationMode()
public abstract Policy.GlobalPolicyEvaluationMode getGlobalPolicyEvaluationMode()
Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
Policy.GlobalPolicyEvaluationMode | The globalPolicyEvaluationMode. |
getGlobalPolicyEvaluationModeValue()
public abstract int getGlobalPolicyEvaluationModeValue()
Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
int | The enum numeric value on the wire for globalPolicyEvaluationMode. |
getIstioServiceIdentityAdmissionRules()
public abstract Map<String,AdmissionRule> getIstioServiceIdentityAdmissionRules()
Use #getIstioServiceIdentityAdmissionRulesMap() instead.
Returns | |
---|---|
Type | Description |
Map<String,AdmissionRule> |
getIstioServiceIdentityAdmissionRulesCount()
public abstract int getIstioServiceIdentityAdmissionRulesCount()
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>
or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
int |
getIstioServiceIdentityAdmissionRulesMap()
public abstract Map<String,AdmissionRule> getIstioServiceIdentityAdmissionRulesMap()
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>
or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
Map<String,AdmissionRule> |
getIstioServiceIdentityAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
public abstract AdmissionRule getIstioServiceIdentityAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>
or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
Parameters | |
---|---|
Name | Description |
key | String |
defaultValue | AdmissionRule |
Returns | |
---|---|
Type | Description |
AdmissionRule |
getIstioServiceIdentityAdmissionRulesOrThrow(String key)
public abstract AdmissionRule getIstioServiceIdentityAdmissionRulesOrThrow(String key)
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>
or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
key | String |
Returns | |
---|---|
Type | Description |
AdmissionRule |
getKubernetesNamespaceAdmissionRules()
public abstract Map<String,AdmissionRule> getKubernetesNamespaceAdmissionRules()
Use #getKubernetesNamespaceAdmissionRulesMap() instead.
Returns | |
---|---|
Type | Description |
Map<String,AdmissionRule> |
getKubernetesNamespaceAdmissionRulesCount()
public abstract int getKubernetesNamespaceAdmissionRulesCount()
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+
, e.g. some-namespace
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
int |
getKubernetesNamespaceAdmissionRulesMap()
public abstract Map<String,AdmissionRule> getKubernetesNamespaceAdmissionRulesMap()
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+
, e.g. some-namespace
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
Map<String,AdmissionRule> |
getKubernetesNamespaceAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
public abstract AdmissionRule getKubernetesNamespaceAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+
, e.g. some-namespace
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
Parameters | |
---|---|
Name | Description |
key | String |
defaultValue | AdmissionRule |
Returns | |
---|---|
Type | Description |
AdmissionRule |
getKubernetesNamespaceAdmissionRulesOrThrow(String key)
public abstract AdmissionRule getKubernetesNamespaceAdmissionRulesOrThrow(String key)
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+
, e.g. some-namespace
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
key | String |
Returns | |
---|---|
Type | Description |
AdmissionRule |
getKubernetesServiceAccountAdmissionRules()
public abstract Map<String,AdmissionRule> getKubernetesServiceAccountAdmissionRules()
Use #getKubernetesServiceAccountAdmissionRulesMap() instead.
Returns | |
---|---|
Type | Description |
Map<String,AdmissionRule> |
getKubernetesServiceAccountAdmissionRulesCount()
public abstract int getKubernetesServiceAccountAdmissionRulesCount()
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount
. e.g. test-ns:default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
int |
getKubernetesServiceAccountAdmissionRulesMap()
public abstract Map<String,AdmissionRule> getKubernetesServiceAccountAdmissionRulesMap()
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount
. e.g. test-ns:default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
Map<String,AdmissionRule> |
getKubernetesServiceAccountAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
public abstract AdmissionRule getKubernetesServiceAccountAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount
. e.g. test-ns:default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
Parameters | |
---|---|
Name | Description |
key | String |
defaultValue | AdmissionRule |
Returns | |
---|---|
Type | Description |
AdmissionRule |
getKubernetesServiceAccountAdmissionRulesOrThrow(String key)
public abstract AdmissionRule getKubernetesServiceAccountAdmissionRulesOrThrow(String key)
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount
. e.g. test-ns:default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
key | String |
Returns | |
---|---|
Type | Description |
AdmissionRule |
getName()
public abstract String getName()
Output only. The resource name, in the format projects/*/policy
. There is
at most one policy per project.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns | |
---|---|
Type | Description |
String | The name. |
getNameBytes()
public abstract ByteString getNameBytes()
Output only. The resource name, in the format projects/*/policy
. There is
at most one policy per project.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns | |
---|---|
Type | Description |
ByteString | The bytes for name. |
getUpdateTime()
public abstract Timestamp getUpdateTime()
Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns | |
---|---|
Type | Description |
Timestamp | The updateTime. |
getUpdateTimeOrBuilder()
public abstract TimestampOrBuilder getUpdateTimeOrBuilder()
Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns | |
---|---|
Type | Description |
TimestampOrBuilder |
hasDefaultAdmissionRule()
public abstract boolean hasDefaultAdmissionRule()
Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
Returns | |
---|---|
Type | Description |
boolean | Whether the defaultAdmissionRule field is set. |
hasUpdateTime()
public abstract boolean hasUpdateTime()
Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns | |
---|---|
Type | Description |
boolean | Whether the updateTime field is set. |