public static final class Resources.Policy extends GeneratedMessageV3 implements Resources.PolicyOrBuilder
A policy for container image binary authorization.
Protobuf type google.cloud.binaryauthorization.v1.Policy
Inherited Members
com.google.protobuf.GeneratedMessageV3.<ListT>makeMutableCopy(ListT)
com.google.protobuf.GeneratedMessageV3.<ListT>makeMutableCopy(ListT,int)
com.google.protobuf.GeneratedMessageV3.<T>emptyList(java.lang.Class<T>)
Static Fields
ADMISSION_WHITELIST_PATTERNS_FIELD_NUMBER
public static final int ADMISSION_WHITELIST_PATTERNS_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
CLUSTER_ADMISSION_RULES_FIELD_NUMBER
public static final int CLUSTER_ADMISSION_RULES_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
DEFAULT_ADMISSION_RULE_FIELD_NUMBER
public static final int DEFAULT_ADMISSION_RULE_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
DESCRIPTION_FIELD_NUMBER
public static final int DESCRIPTION_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
GLOBAL_POLICY_EVALUATION_MODE_FIELD_NUMBER
public static final int GLOBAL_POLICY_EVALUATION_MODE_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
ISTIO_SERVICE_IDENTITY_ADMISSION_RULES_FIELD_NUMBER
public static final int ISTIO_SERVICE_IDENTITY_ADMISSION_RULES_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
KUBERNETES_NAMESPACE_ADMISSION_RULES_FIELD_NUMBER
public static final int KUBERNETES_NAMESPACE_ADMISSION_RULES_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
KUBERNETES_SERVICE_ACCOUNT_ADMISSION_RULES_FIELD_NUMBER
public static final int KUBERNETES_SERVICE_ACCOUNT_ADMISSION_RULES_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
NAME_FIELD_NUMBER
public static final int NAME_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
UPDATE_TIME_FIELD_NUMBER
public static final int UPDATE_TIME_FIELD_NUMBER
Field Value |
---|
Type | Description |
int | |
Static Methods
getDefaultInstance()
public static Resources.Policy getDefaultInstance()
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
newBuilder()
public static Resources.Policy.Builder newBuilder()
newBuilder(Resources.Policy prototype)
public static Resources.Policy.Builder newBuilder(Resources.Policy prototype)
public static Resources.Policy parseDelimitedFrom(InputStream input)
public static Resources.Policy parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
parseFrom(byte[] data)
public static Resources.Policy parseFrom(byte[] data)
Parameter |
---|
Name | Description |
data | byte[]
|
parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
public static Resources.Policy parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
parseFrom(ByteString data)
public static Resources.Policy parseFrom(ByteString data)
parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static Resources.Policy parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static Resources.Policy parseFrom(CodedInputStream input)
public static Resources.Policy parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
public static Resources.Policy parseFrom(InputStream input)
public static Resources.Policy parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
parseFrom(ByteBuffer data)
public static Resources.Policy parseFrom(ByteBuffer data)
parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
public static Resources.Policy parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
parser()
public static Parser<Resources.Policy> parser()
Methods
containsClusterAdmissionRules(String key)
public boolean containsClusterAdmissionRules(String key)
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
Parameter |
---|
Name | Description |
key | String
|
containsIstioServiceIdentityAdmissionRules(String key)
public boolean containsIstioServiceIdentityAdmissionRules(String key)
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
Parameter |
---|
Name | Description |
key | String
|
containsKubernetesNamespaceAdmissionRules(String key)
public boolean containsKubernetesNamespaceAdmissionRules(String key)
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
Parameter |
---|
Name | Description |
key | String
|
containsKubernetesServiceAccountAdmissionRules(String key)
public boolean containsKubernetesServiceAccountAdmissionRules(String key)
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount
. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
Parameter |
---|
Name | Description |
key | String
|
equals(Object obj)
public boolean equals(Object obj)
Parameter |
---|
Name | Description |
obj | Object
|
Overrides
getAdmissionWhitelistPatterns(int index)
public Resources.AdmissionWhitelistPattern getAdmissionWhitelistPatterns(int index)
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameter |
---|
Name | Description |
index | int
|
getAdmissionWhitelistPatternsCount()
public int getAdmissionWhitelistPatternsCount()
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Returns |
---|
Type | Description |
int | |
getAdmissionWhitelistPatternsList()
public List<Resources.AdmissionWhitelistPattern> getAdmissionWhitelistPatternsList()
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
getAdmissionWhitelistPatternsOrBuilder(int index)
public Resources.AdmissionWhitelistPatternOrBuilder getAdmissionWhitelistPatternsOrBuilder(int index)
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameter |
---|
Name | Description |
index | int
|
getAdmissionWhitelistPatternsOrBuilderList()
public List<? extends Resources.AdmissionWhitelistPatternOrBuilder> getAdmissionWhitelistPatternsOrBuilderList()
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Returns |
---|
Type | Description |
List<? extends com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPatternOrBuilder> | |
getClusterAdmissionRules()
public Map<String,Resources.AdmissionRule> getClusterAdmissionRules()
getClusterAdmissionRulesCount()
public int getClusterAdmissionRulesCount()
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
Returns |
---|
Type | Description |
int | |
getClusterAdmissionRulesMap()
public Map<String,Resources.AdmissionRule> getClusterAdmissionRulesMap()
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
getClusterAdmissionRulesOrDefault(String key, Resources.AdmissionRule defaultValue)
public Resources.AdmissionRule getClusterAdmissionRulesOrDefault(String key, Resources.AdmissionRule defaultValue)
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
getClusterAdmissionRulesOrThrow(String key)
public Resources.AdmissionRule getClusterAdmissionRulesOrThrow(String key)
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
Parameter |
---|
Name | Description |
key | String
|
getDefaultAdmissionRule()
public Resources.AdmissionRule getDefaultAdmissionRule()
Required. Default admission rule for a cluster without a per-cluster, per-
kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
getDefaultAdmissionRuleOrBuilder()
public Resources.AdmissionRuleOrBuilder getDefaultAdmissionRuleOrBuilder()
Required. Default admission rule for a cluster without a per-cluster, per-
kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
getDefaultInstanceForType()
public Resources.Policy getDefaultInstanceForType()
getDescription()
public String getDescription()
Optional. A descriptive comment.
string description = 6 [(.google.api.field_behavior) = OPTIONAL];
Returns |
---|
Type | Description |
String | The description.
|
getDescriptionBytes()
public ByteString getDescriptionBytes()
Optional. A descriptive comment.
string description = 6 [(.google.api.field_behavior) = OPTIONAL];
Returns |
---|
Type | Description |
ByteString | The bytes for description.
|
getGlobalPolicyEvaluationMode()
public Resources.Policy.GlobalPolicyEvaluationMode getGlobalPolicyEvaluationMode()
Optional. Controls the evaluation of a Google-maintained global admission
policy for common system-level images. Images not covered by the global
policy will be subject to the project admission policy. This setting
has no effect when specified inside a global admission policy.
.google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
getGlobalPolicyEvaluationModeValue()
public int getGlobalPolicyEvaluationModeValue()
Optional. Controls the evaluation of a Google-maintained global admission
policy for common system-level images. Images not covered by the global
policy will be subject to the project admission policy. This setting
has no effect when specified inside a global admission policy.
.google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
Returns |
---|
Type | Description |
int | The enum numeric value on the wire for globalPolicyEvaluationMode.
|
getIstioServiceIdentityAdmissionRules()
public Map<String,Resources.AdmissionRule> getIstioServiceIdentityAdmissionRules()
getIstioServiceIdentityAdmissionRulesCount()
public int getIstioServiceIdentityAdmissionRulesCount()
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
Returns |
---|
Type | Description |
int | |
getIstioServiceIdentityAdmissionRulesMap()
public Map<String,Resources.AdmissionRule> getIstioServiceIdentityAdmissionRulesMap()
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
getIstioServiceIdentityAdmissionRulesOrDefault(String key, Resources.AdmissionRule defaultValue)
public Resources.AdmissionRule getIstioServiceIdentityAdmissionRulesOrDefault(String key, Resources.AdmissionRule defaultValue)
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
getIstioServiceIdentityAdmissionRulesOrThrow(String key)
public Resources.AdmissionRule getIstioServiceIdentityAdmissionRulesOrThrow(String key)
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
Parameter |
---|
Name | Description |
key | String
|
getKubernetesNamespaceAdmissionRules()
public Map<String,Resources.AdmissionRule> getKubernetesNamespaceAdmissionRules()
getKubernetesNamespaceAdmissionRulesCount()
public int getKubernetesNamespaceAdmissionRulesCount()
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
Returns |
---|
Type | Description |
int | |
getKubernetesNamespaceAdmissionRulesMap()
public Map<String,Resources.AdmissionRule> getKubernetesNamespaceAdmissionRulesMap()
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
getKubernetesNamespaceAdmissionRulesOrDefault(String key, Resources.AdmissionRule defaultValue)
public Resources.AdmissionRule getKubernetesNamespaceAdmissionRulesOrDefault(String key, Resources.AdmissionRule defaultValue)
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
getKubernetesNamespaceAdmissionRulesOrThrow(String key)
public Resources.AdmissionRule getKubernetesNamespaceAdmissionRulesOrThrow(String key)
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
Parameter |
---|
Name | Description |
key | String
|
getKubernetesServiceAccountAdmissionRules()
public Map<String,Resources.AdmissionRule> getKubernetesServiceAccountAdmissionRules()
getKubernetesServiceAccountAdmissionRulesCount()
public int getKubernetesServiceAccountAdmissionRulesCount()
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount
. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
Returns |
---|
Type | Description |
int | |
getKubernetesServiceAccountAdmissionRulesMap()
public Map<String,Resources.AdmissionRule> getKubernetesServiceAccountAdmissionRulesMap()
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount
. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
getKubernetesServiceAccountAdmissionRulesOrDefault(String key, Resources.AdmissionRule defaultValue)
public Resources.AdmissionRule getKubernetesServiceAccountAdmissionRulesOrDefault(String key, Resources.AdmissionRule defaultValue)
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount
. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
getKubernetesServiceAccountAdmissionRulesOrThrow(String key)
public Resources.AdmissionRule getKubernetesServiceAccountAdmissionRulesOrThrow(String key)
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount
. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
Parameter |
---|
Name | Description |
key | String
|
getName()
Output only. The resource name, in the format projects/*/policy
. There is
at most one policy per project.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns |
---|
Type | Description |
String | The name.
|
getNameBytes()
public ByteString getNameBytes()
Output only. The resource name, in the format projects/*/policy
. There is
at most one policy per project.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns |
---|
Type | Description |
ByteString | The bytes for name.
|
getParserForType()
public Parser<Resources.Policy> getParserForType()
Overrides
getSerializedSize()
public int getSerializedSize()
Returns |
---|
Type | Description |
int | |
Overrides
getUpdateTime()
public Timestamp getUpdateTime()
Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns |
---|
Type | Description |
Timestamp | The updateTime.
|
getUpdateTimeOrBuilder()
public TimestampOrBuilder getUpdateTimeOrBuilder()
Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
hasDefaultAdmissionRule()
public boolean hasDefaultAdmissionRule()
Required. Default admission rule for a cluster without a per-cluster, per-
kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
Returns |
---|
Type | Description |
boolean | Whether the defaultAdmissionRule field is set.
|
hasUpdateTime()
public boolean hasUpdateTime()
Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns |
---|
Type | Description |
boolean | Whether the updateTime field is set.
|
hashCode()
Returns |
---|
Type | Description |
int | |
Overrides
internalGetFieldAccessorTable()
protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Overrides
internalGetMapField(int number)
protected MapField internalGetMapField(int number)
Parameter |
---|
Name | Description |
number | int
|
Overrides
isInitialized()
public final boolean isInitialized()
Overrides
newBuilderForType()
public Resources.Policy.Builder newBuilderForType()
newBuilderForType(GeneratedMessageV3.BuilderParent parent)
protected Resources.Policy.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Overrides
newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Overrides
toBuilder()
public Resources.Policy.Builder toBuilder()
writeTo(CodedOutputStream output)
public void writeTo(CodedOutputStream output)
Overrides