public final class Policy extends GeneratedMessageV3 implements PolicyOrBuilder
A policy for Binary Authorization.
Protobuf type google.cloud.binaryauthorization.v1beta1.Policy
Static Fields
ADMISSION_WHITELIST_PATTERNS_FIELD_NUMBER
public static final int ADMISSION_WHITELIST_PATTERNS_FIELD_NUMBER
Field Value
CLUSTER_ADMISSION_RULES_FIELD_NUMBER
public static final int CLUSTER_ADMISSION_RULES_FIELD_NUMBER
Field Value
DEFAULT_ADMISSION_RULE_FIELD_NUMBER
public static final int DEFAULT_ADMISSION_RULE_FIELD_NUMBER
Field Value
DESCRIPTION_FIELD_NUMBER
public static final int DESCRIPTION_FIELD_NUMBER
Field Value
GLOBAL_POLICY_EVALUATION_MODE_FIELD_NUMBER
public static final int GLOBAL_POLICY_EVALUATION_MODE_FIELD_NUMBER
Field Value
ISTIO_SERVICE_IDENTITY_ADMISSION_RULES_FIELD_NUMBER
public static final int ISTIO_SERVICE_IDENTITY_ADMISSION_RULES_FIELD_NUMBER
Field Value
KUBERNETES_NAMESPACE_ADMISSION_RULES_FIELD_NUMBER
public static final int KUBERNETES_NAMESPACE_ADMISSION_RULES_FIELD_NUMBER
Field Value
KUBERNETES_SERVICE_ACCOUNT_ADMISSION_RULES_FIELD_NUMBER
public static final int KUBERNETES_SERVICE_ACCOUNT_ADMISSION_RULES_FIELD_NUMBER
Field Value
NAME_FIELD_NUMBER
public static final int NAME_FIELD_NUMBER
Field Value
UPDATE_TIME_FIELD_NUMBER
public static final int UPDATE_TIME_FIELD_NUMBER
Field Value
Static Methods
getDefaultInstance()
public static Policy getDefaultInstance()
Returns
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
Returns
newBuilder()
public static Policy.Builder newBuilder()
Returns
newBuilder(Policy prototype)
public static Policy.Builder newBuilder(Policy prototype)
Parameter
| Name | Description |
prototype | Policy
|
Returns
public static Policy parseDelimitedFrom(InputStream input)
Parameter
Returns
Exceptions
public static Policy parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parseFrom(byte[] data)
public static Policy parseFrom(byte[] data)
Parameter
| Name | Description |
data | byte[]
|
Returns
Exceptions
parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
public static Policy parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parseFrom(ByteString data)
public static Policy parseFrom(ByteString data)
Parameter
Returns
Exceptions
parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static Policy parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
public static Policy parseFrom(CodedInputStream input)
Parameter
Returns
Exceptions
public static Policy parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
public static Policy parseFrom(InputStream input)
Parameter
Returns
Exceptions
public static Policy parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parseFrom(ByteBuffer data)
public static Policy parseFrom(ByteBuffer data)
Parameter
Returns
Exceptions
parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
public static Policy parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
Parameters
Returns
Exceptions
parser()
public static Parser<Policy> parser()
Returns
Methods
containsClusterAdmissionRules(String key)
public boolean containsClusterAdmissionRules(String key)
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
containsIstioServiceIdentityAdmissionRules(String key)
public boolean containsIstioServiceIdentityAdmissionRules(String key)
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
containsKubernetesNamespaceAdmissionRules(String key)
public boolean containsKubernetesNamespaceAdmissionRules(String key)
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. some-namespace
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
containsKubernetesServiceAccountAdmissionRules(String key)
public boolean containsKubernetesServiceAccountAdmissionRules(String key)
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. test-ns:default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
equals(Object obj)
public boolean equals(Object obj)
Parameter
Returns
Overrides
getAdmissionWhitelistPatterns(int index)
public AdmissionWhitelistPattern getAdmissionWhitelistPatterns(int index)
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
getAdmissionWhitelistPatternsCount()
public int getAdmissionWhitelistPatternsCount()
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
getAdmissionWhitelistPatternsList()
public List<AdmissionWhitelistPattern> getAdmissionWhitelistPatternsList()
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
getAdmissionWhitelistPatternsOrBuilder(int index)
public AdmissionWhitelistPatternOrBuilder getAdmissionWhitelistPatternsOrBuilder(int index)
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
getAdmissionWhitelistPatternsOrBuilderList()
public List<? extends AdmissionWhitelistPatternOrBuilder> getAdmissionWhitelistPatternsOrBuilderList()
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
List<? extends com.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPatternOrBuilder> | |
getClusterAdmissionRules()
public Map<String,AdmissionRule> getClusterAdmissionRules()
Returns
getClusterAdmissionRulesCount()
public int getClusterAdmissionRulesCount()
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
getClusterAdmissionRulesMap()
public Map<String,AdmissionRule> getClusterAdmissionRulesMap()
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
public AdmissionRule getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://clou
