Package com.google.cloud.binaryauthorization.v1beta1

The interfaces provided are listed below, along with usage samples.

BinauthzManagementServiceV1Beta1Client

Service Description: Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

  • Policy
  • Attestor

Sample for BinauthzManagementServiceV1Beta1Client:


 try (BinauthzManagementServiceV1Beta1Client binauthzManagementServiceV1Beta1Client =
     BinauthzManagementServiceV1Beta1Client.create()) {
   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
   Policy response = binauthzManagementServiceV1Beta1Client.getPolicy(name);
 }
 

SystemPolicyV1Beta1Client

Service Description: API for working with the system policy.

Sample for SystemPolicyV1Beta1Client:


 try (SystemPolicyV1Beta1Client systemPolicyV1Beta1Client = SystemPolicyV1Beta1Client.create()) {
   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
   Policy response = systemPolicyV1Beta1Client.getSystemPolicy(name);
 }
 

Classes

AdmissionRule

An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation.

Protobuf type google.cloud.binaryauthorization.v1beta1.AdmissionRule

AdmissionRule.Builder

An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation.

Protobuf type google.cloud.binaryauthorization.v1beta1.AdmissionRule

AdmissionWhitelistPattern

An admission allowlist pattern exempts images from checks by admission rules.

Protobuf type google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern

AdmissionWhitelistPattern.Builder

An admission allowlist pattern exempts images from checks by admission rules.

Protobuf type google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern

Attestor

An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

Protobuf type google.cloud.binaryauthorization.v1beta1.Attestor

Attestor.Builder

An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

Protobuf type google.cloud.binaryauthorization.v1beta1.Attestor

AttestorName

AttestorName.Builder

Builder for projects/{project}/attestors/{attestor}.

AttestorPublicKey

An attestor public key that will be used to verify attestations signed by this attestor.

Protobuf type google.cloud.binaryauthorization.v1beta1.AttestorPublicKey

AttestorPublicKey.Builder

An attestor public key that will be used to verify attestations signed by this attestor.

Protobuf type google.cloud.binaryauthorization.v1beta1.AttestorPublicKey

BinaryAuthorizationResourcesProto

BinaryAuthorizationServiceProto

BinauthzManagementServiceV1Beta1Client

Service Description: Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

  • Policy
  • Attestor

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:


 try (BinauthzManagementServiceV1Beta1Client binauthzManagementServiceV1Beta1Client =
     BinauthzManagementServiceV1Beta1Client.create()) {
   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
   Policy response = binauthzManagementServiceV1Beta1Client.getPolicy(name);
 }
 

Note: close() needs to be called on the BinauthzManagementServiceV1Beta1Client object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().

The surface of this class includes several types of Java methods for each of the API's methods:

  1. A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
  2. A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
  3. A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.

See the individual methods for example code.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.

This class can be customized by passing in a custom instance of BinauthzManagementServiceV1Beta1Settings to create(). For example:

To customize credentials:


 BinauthzManagementServiceV1Beta1Settings binauthzManagementServiceV1Beta1Settings =
     BinauthzManagementServiceV1Beta1Settings.newBuilder()
         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
         .build();
 BinauthzManagementServiceV1Beta1Client binauthzManagementServiceV1Beta1Client =
     BinauthzManagementServiceV1Beta1Client.create(binauthzManagementServiceV1Beta1Settings);
 

To customize the endpoint:


 BinauthzManagementServiceV1Beta1Settings binauthzManagementServiceV1Beta1Settings =
     BinauthzManagementServiceV1Beta1Settings.newBuilder().setEndpoint(myEndpoint).build();
 BinauthzManagementServiceV1Beta1Client binauthzManagementServiceV1Beta1Client =
     BinauthzManagementServiceV1Beta1Client.create(binauthzManagementServiceV1Beta1Settings);
 

Please refer to the GitHub repository's samples for more quickstart code snippets.

BinauthzManagementServiceV1Beta1Client.ListAttestorsFixedSizeCollection

BinauthzManagementServiceV1Beta1Client.ListAttestorsPage

BinauthzManagementServiceV1Beta1Client.ListAttestorsPagedResponse

BinauthzManagementServiceV1Beta1Grpc

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities. This API implements a REST model with the following objects:

  • Policy
  • Attestor

BinauthzManagementServiceV1Beta1Grpc.BinauthzManagementServiceV1Beta1BlockingStub

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities. This API implements a REST model with the following objects:

  • Policy
  • Attestor

BinauthzManagementServiceV1Beta1Grpc.BinauthzManagementServiceV1Beta1FutureStub

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities. This API implements a REST model with the following objects:

  • Policy
  • Attestor

BinauthzManagementServiceV1Beta1Grpc.BinauthzManagementServiceV1Beta1ImplBase

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities. This API implements a REST model with the following objects:

  • Policy
  • Attestor

BinauthzManagementServiceV1Beta1Grpc.BinauthzManagementServiceV1Beta1Stub

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities. This API implements a REST model with the following objects:

  • Policy
  • Attestor

BinauthzManagementServiceV1Beta1Settings

Settings class to configure an instance of BinauthzManagementServiceV1Beta1Client.

The default instance has everything set to sensible defaults:

  • The default service address (binaryauthorization.googleapis.com) and default port (443) are used.
  • Credentials are acquired automatically through Application Default Credentials.
  • Retries are configured for idempotent methods but not for non-idempotent methods.

The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.

For example, to set the total timeout of getPolicy to 30 seconds:


 BinauthzManagementServiceV1Beta1Settings.Builder
     binauthzManagementServiceV1Beta1SettingsBuilder =
         BinauthzManagementServiceV1Beta1Settings.newBuilder();
 binauthzManagementServiceV1Beta1SettingsBuilder
     .getPolicySettings()
     .setRetrySettings(
         binauthzManagementServiceV1Beta1SettingsBuilder
             .getPolicySettings()
             .getRetrySettings()
             .toBuilder()
             .setTotalTimeout(Duration.ofSeconds(30))
             .build());
 BinauthzManagementServiceV1Beta1Settings binauthzManagementServiceV1Beta1Settings =
     binauthzManagementServiceV1Beta1SettingsBuilder.build();
 

BinauthzManagementServiceV1Beta1Settings.Builder

Builder for BinauthzManagementServiceV1Beta1Settings.

ContinuousValidationEvent

Represents an auditing event from Continuous Validation.

Protobuf type google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent

ContinuousValidationEvent.Builder

Represents an auditing event from Continuous Validation.

Protobuf type google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent

ContinuousValidationEvent.ContinuousValidationPodEvent

An auditing event for one Pod.

Protobuf type google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent

ContinuousValidationEvent.ContinuousValidationPodEvent.Builder

An auditing event for one Pod.

Protobuf type google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent

ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails

Container image with auditing details.

Protobuf type google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails

ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.Builder

Container image with auditing details.

Protobuf type google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails

ContinuousValidationEvent.UnsupportedPolicyEvent

An event describing that the project policy is unsupported by CV.

Protobuf type google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent

ContinuousValidationEvent.UnsupportedPolicyEvent.Builder

An event describing that the project policy is unsupported by CV.

Protobuf type google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.UnsupportedPolicyEvent

ContinuousValidationLoggingProto

CreateAttestorRequest

Request message for [BinauthzManagementService.CreateAttestor][].

Protobuf type google.cloud.binaryauthorization.v1beta1.CreateAttestorRequest

CreateAttestorRequest.Builder

Request message for [BinauthzManagementService.CreateAttestor][].

Protobuf type google.cloud.binaryauthorization.v1beta1.CreateAttestorRequest

DeleteAttestorRequest

Request message for [BinauthzManagementService.DeleteAttestor][].

Protobuf type google.cloud.binaryauthorization.v1beta1.DeleteAttestorRequest

DeleteAttestorRequest.Builder

Request message for [BinauthzManagementService.DeleteAttestor][].

Protobuf type google.cloud.binaryauthorization.v1beta1.DeleteAttestorRequest

GetAttestorRequest

Request message for [BinauthzManagementService.GetAttestor][].

Protobuf type google.cloud.binaryauthorization.v1beta1.GetAttestorRequest

GetAttestorRequest.Builder

Request message for [BinauthzManagementService.GetAttestor][].

Protobuf type google.cloud.binaryauthorization.v1beta1.GetAttestorRequest

GetPolicyRequest

Request message for [BinauthzManagementService.GetPolicy][].

Protobuf type google.cloud.binaryauthorization.v1beta1.GetPolicyRequest

GetPolicyRequest.Builder

Request message for [BinauthzManagementService.GetPolicy][].

Protobuf type google.cloud.binaryauthorization.v1beta1.GetPolicyRequest

GetSystemPolicyRequest

Request to read the current system policy.

Protobuf type google.cloud.binaryauthorization.v1beta1.GetSystemPolicyRequest

GetSystemPolicyRequest.Builder

Request to read the current system policy.

Protobuf type google.cloud.binaryauthorization.v1beta1.GetSystemPolicyRequest

ListAttestorsRequest

Request message for [BinauthzManagementService.ListAttestors][].

Protobuf type google.cloud.binaryauthorization.v1beta1.ListAttestorsRequest

ListAttestorsRequest.Builder

Request message for [BinauthzManagementService.ListAttestors][].

Protobuf type google.cloud.binaryauthorization.v1beta1.ListAttestorsRequest

ListAttestorsResponse

Response message for [BinauthzManagementService.ListAttestors][].

Protobuf type google.cloud.binaryauthorization.v1beta1.ListAttestorsResponse

ListAttestorsResponse.Builder

Response message for [BinauthzManagementService.ListAttestors][].

Protobuf type google.cloud.binaryauthorization.v1beta1.ListAttestorsResponse

PkixPublicKey

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

Protobuf type google.cloud.binaryauthorization.v1beta1.PkixPublicKey

PkixPublicKey.Builder

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

Protobuf type google.cloud.binaryauthorization.v1beta1.PkixPublicKey

Policy

A policy for Binary Authorization.

Protobuf type google.cloud.binaryauthorization.v1beta1.Policy

Policy.Builder

A policy for Binary Authorization.

Protobuf type google.cloud.binaryauthorization.v1beta1.Policy

PolicyName

PolicyName.Builder

Builder for projects/{project}/policy.

PolicyName.LocationBuilder

Builder for locations/{location}/policy.

ProjectName

ProjectName.Builder

Builder for projects/{project}.

SystemPolicyV1Beta1Client

Service Description: API for working with the system policy.

This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:


 try (SystemPolicyV1Beta1Client systemPolicyV1Beta1Client = SystemPolicyV1Beta1Client.create()) {
   PolicyName name = PolicyName.ofProjectName("[PROJECT]");
   Policy response = systemPolicyV1Beta1Client.getSystemPolicy(name);
 }
 

Note: close() needs to be called on the SystemPolicyV1Beta1Client object to clean up resources such as threads. In the example above, try-with-resources is used, which automatically calls close().

The surface of this class includes several types of Java methods for each of the API's methods:

  1. A "flattened" method. With this type of method, the fields of the request type have been converted into function parameters. It may be the case that not all fields are available as parameters, and not every API method will have a flattened method entry point.
  2. A "request object" method. This type of method only takes one parameter, a request object, which must be constructed before the call. Not every API method will have a request object method.
  3. A "callable" method. This type of method takes no parameters and returns an immutable API callable object, which can be used to initiate calls to the service.

See the individual methods for example code.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parse method to extract the individual identifiers contained within names that are returned.

This class can be customized by passing in a custom instance of SystemPolicyV1Beta1Settings to create(). For example:

To customize credentials:


 SystemPolicyV1Beta1Settings systemPolicyV1Beta1Settings =
     SystemPolicyV1Beta1Settings.newBuilder()
         .setCredentialsProvider(FixedCredentialsProvider.create(myCredentials))
         .build();
 SystemPolicyV1Beta1Client systemPolicyV1Beta1Client =
     SystemPolicyV1Beta1Client.create(systemPolicyV1Beta1Settings);
 

To customize the endpoint:


 SystemPolicyV1Beta1Settings systemPolicyV1Beta1Settings =
     SystemPolicyV1Beta1Settings.newBuilder().setEndpoint(myEndpoint).build();
 SystemPolicyV1Beta1Client systemPolicyV1Beta1Client =
     SystemPolicyV1Beta1Client.create(systemPolicyV1Beta1Settings);
 

Please refer to the GitHub repository's samples for more quickstart code snippets.

SystemPolicyV1Beta1Grpc

API for working with the system policy.

SystemPolicyV1Beta1Grpc.SystemPolicyV1Beta1BlockingStub

API for working with the system policy.

SystemPolicyV1Beta1Grpc.SystemPolicyV1Beta1FutureStub

API for working with the system policy.

SystemPolicyV1Beta1Grpc.SystemPolicyV1Beta1ImplBase

API for working with the system policy.

SystemPolicyV1Beta1Grpc.SystemPolicyV1Beta1Stub

API for working with the system policy.

SystemPolicyV1Beta1Settings

Settings class to configure an instance of SystemPolicyV1Beta1Client.

The default instance has everything set to sensible defaults:

  • The default service address (binaryauthorization.googleapis.com) and default port (443) are used.
  • Credentials are acquired automatically through Application Default Credentials.
  • Retries are configured for idempotent methods but not for non-idempotent methods.

The builder of this class is recursive, so contained classes are themselves builders. When build() is called, the tree of builders is called to create the complete settings object.

For example, to set the total timeout of getSystemPolicy to 30 seconds:


 SystemPolicyV1Beta1Settings.Builder systemPolicyV1Beta1SettingsBuilder =
     SystemPolicyV1Beta1Settings.newBuilder();
 systemPolicyV1Beta1SettingsBuilder
     .getSystemPolicySettings()
     .setRetrySettings(
         systemPolicyV1Beta1SettingsBuilder
             .getSystemPolicySettings()
             .getRetrySettings()
             .toBuilder()
             .setTotalTimeout(Duration.ofSeconds(30))
             .build());
 SystemPolicyV1Beta1Settings systemPolicyV1Beta1Settings =
     systemPolicyV1Beta1SettingsBuilder.build();
 

SystemPolicyV1Beta1Settings.Builder

Builder for SystemPolicyV1Beta1Settings.

UpdateAttestorRequest

Request message for [BinauthzManagementService.UpdateAttestor][].

Protobuf type google.cloud.binaryauthorization.v1beta1.UpdateAttestorRequest

UpdateAttestorRequest.Builder

Request message for [BinauthzManagementService.UpdateAttestor][].

Protobuf type google.cloud.binaryauthorization.v1beta1.UpdateAttestorRequest

UpdatePolicyRequest

Request message for [BinauthzManagementService.UpdatePolicy][].

Protobuf type google.cloud.binaryauthorization.v1beta1.UpdatePolicyRequest

UpdatePolicyRequest.Builder

Request message for [BinauthzManagementService.UpdatePolicy][].

Protobuf type google.cloud.binaryauthorization.v1beta1.UpdatePolicyRequest

UserOwnedDrydockNote

An user owned drydock note references a Drydock ATTESTATION_AUTHORITY Note created by the user.

Protobuf type google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote

UserOwnedDrydockNote.Builder

An user owned drydock note references a Drydock ATTESTATION_AUTHORITY Note created by the user.

Protobuf type google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote

Interfaces

AdmissionRuleOrBuilder

AdmissionWhitelistPatternOrBuilder

AttestorOrBuilder

AttestorPublicKeyOrBuilder

ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetailsOrBuilder

ContinuousValidationEvent.ContinuousValidationPodEventOrBuilder

ContinuousValidationEvent.UnsupportedPolicyEventOrBuilder

ContinuousValidationEventOrBuilder

CreateAttestorRequestOrBuilder

DeleteAttestorRequestOrBuilder

GetAttestorRequestOrBuilder

GetPolicyRequestOrBuilder

GetSystemPolicyRequestOrBuilder

ListAttestorsRequestOrBuilder

ListAttestorsResponseOrBuilder

PkixPublicKeyOrBuilder

PolicyOrBuilder

UpdateAttestorRequestOrBuilder

UpdatePolicyRequestOrBuilder

UserOwnedDrydockNoteOrBuilder

Enums

AdmissionRule.EnforcementMode

Defines the possible actions when a pod creation is denied by an admission rule.

Protobuf enum google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementMode

AdmissionRule.EvaluationMode

Protobuf enum google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationMode

Attestor.AttestorTypeCase

AttestorPublicKey.PublicKeyCase

ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult

Result of the audit.

Protobuf enum google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.ImageDetails.AuditResult

ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict

Audit time policy conformance verdict.

Protobuf enum google.cloud.binaryauthorization.v1beta1.ContinuousValidationEvent.ContinuousValidationPodEvent.PolicyConformanceVerdict

ContinuousValidationEvent.EventTypeCase

PkixPublicKey.SignatureAlgorithm

Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS.

Protobuf enum google.cloud.binaryauthorization.v1beta1.PkixPublicKey.SignatureAlgorithm

Policy.GlobalPolicyEvaluationMode

Protobuf enum google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode