Class Policy.Builder

Stay organized with collections Save and categorize content based on your preferences.
public static final class Policy.Builder extends GeneratedMessageV3.Builder<Policy.Builder> implements PolicyOrBuilder

A policy for Binary Authorization.

Protobuf type google.cloud.binaryauthorization.v1beta1.Policy

Implements

PolicyOrBuilder

Static Methods

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
TypeDescription
Descriptor

Methods

addAdmissionWhitelistPatterns(AdmissionWhitelistPattern value)

public Policy.Builder addAdmissionWhitelistPatterns(AdmissionWhitelistPattern value)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
valueAdmissionWhitelistPattern
Returns
TypeDescription
Policy.Builder

addAdmissionWhitelistPatterns(AdmissionWhitelistPattern.Builder builderForValue)

public Policy.Builder addAdmissionWhitelistPatterns(AdmissionWhitelistPattern.Builder builderForValue)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
builderForValueAdmissionWhitelistPattern.Builder
Returns
TypeDescription
Policy.Builder

addAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern value)

public Policy.Builder addAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern value)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
indexint
valueAdmissionWhitelistPattern
Returns
TypeDescription
Policy.Builder

addAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern.Builder builderForValue)

public Policy.Builder addAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern.Builder builderForValue)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
indexint
builderForValueAdmissionWhitelistPattern.Builder
Returns
TypeDescription
Policy.Builder

addAdmissionWhitelistPatternsBuilder()

public AdmissionWhitelistPattern.Builder addAdmissionWhitelistPatternsBuilder()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
AdmissionWhitelistPattern.Builder

addAdmissionWhitelistPatternsBuilder(int index)

public AdmissionWhitelistPattern.Builder addAdmissionWhitelistPatternsBuilder(int index)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
indexint
Returns
TypeDescription
AdmissionWhitelistPattern.Builder

addAllAdmissionWhitelistPatterns(Iterable<? extends AdmissionWhitelistPattern> values)

public Policy.Builder addAllAdmissionWhitelistPatterns(Iterable<? extends AdmissionWhitelistPattern> values)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
valuesIterable<? extends com.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern>
Returns
TypeDescription
Policy.Builder

addRepeatedField(Descriptors.FieldDescriptor field, Object value)

public Policy.Builder addRepeatedField(Descriptors.FieldDescriptor field, Object value)
Parameters
NameDescription
fieldFieldDescriptor
valueObject
Returns
TypeDescription
Policy.Builder
Overrides

build()

public Policy build()
Returns
TypeDescription
Policy

buildPartial()

public Policy buildPartial()
Returns
TypeDescription
Policy

clear()

public Policy.Builder clear()
Returns
TypeDescription
Policy.Builder
Overrides

clearAdmissionWhitelistPatterns()

public Policy.Builder clearAdmissionWhitelistPatterns()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Policy.Builder

clearClusterAdmissionRules()

public Policy.Builder clearClusterAdmissionRules()
Returns
TypeDescription
Policy.Builder

clearDefaultAdmissionRule()

public Policy.Builder clearDefaultAdmissionRule()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
Policy.Builder

clearDescription()

public Policy.Builder clearDescription()

Optional. A descriptive comment.

string description = 6 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Policy.Builder

This builder for chaining.

clearField(Descriptors.FieldDescriptor field)

public Policy.Builder clearField(Descriptors.FieldDescriptor field)
Parameter
NameDescription
fieldFieldDescriptor
Returns
TypeDescription
Policy.Builder
Overrides

clearGlobalPolicyEvaluationMode()

public Policy.Builder clearGlobalPolicyEvaluationMode()

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Policy.Builder

This builder for chaining.

clearIstioServiceIdentityAdmissionRules()

public Policy.Builder clearIstioServiceIdentityAdmissionRules()
Returns
TypeDescription
Policy.Builder

clearKubernetesNamespaceAdmissionRules()

public Policy.Builder clearKubernetesNamespaceAdmissionRules()
Returns
TypeDescription
Policy.Builder

clearKubernetesServiceAccountAdmissionRules()

public Policy.Builder clearKubernetesServiceAccountAdmissionRules()
Returns
TypeDescription
Policy.Builder

clearName()

public Policy.Builder clearName()

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
Policy.Builder

This builder for chaining.

clearOneof(Descriptors.OneofDescriptor oneof)

public Policy.Builder clearOneof(Descriptors.OneofDescriptor oneof)
Parameter
NameDescription
oneofOneofDescriptor
Returns
TypeDescription
Policy.Builder
Overrides

clearUpdateTime()

public Policy.Builder clearUpdateTime()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
Policy.Builder

clone()

public Policy.Builder clone()
Returns
TypeDescription
Policy.Builder
Overrides

containsClusterAdmissionRules(String key)

public boolean containsClusterAdmissionRules(String key)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

containsIstioServiceIdentityAdmissionRules(String key)

public boolean containsIstioServiceIdentityAdmissionRules(String key)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

containsKubernetesNamespaceAdmissionRules(String key)

public boolean containsKubernetesNamespaceAdmissionRules(String key)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

containsKubernetesServiceAccountAdmissionRules(String key)

public boolean containsKubernetesServiceAccountAdmissionRules(String key)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

getAdmissionWhitelistPatterns(int index)

public AdmissionWhitelistPattern getAdmissionWhitelistPatterns(int index)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
indexint
Returns
TypeDescription
AdmissionWhitelistPattern

getAdmissionWhitelistPatternsBuilder(int index)

public AdmissionWhitelistPattern.Builder getAdmissionWhitelistPatternsBuilder(int index)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
indexint
Returns
TypeDescription
AdmissionWhitelistPattern.Builder

getAdmissionWhitelistPatternsBuilderList()

public List<AdmissionWhitelistPattern.Builder> getAdmissionWhitelistPatternsBuilderList()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
List<Builder>

getAdmissionWhitelistPatternsCount()

public int getAdmissionWhitelistPatternsCount()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getAdmissionWhitelistPatternsList()

public List<AdmissionWhitelistPattern> getAdmissionWhitelistPatternsList()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
List<AdmissionWhitelistPattern>

getAdmissionWhitelistPatternsOrBuilder(int index)

public AdmissionWhitelistPatternOrBuilder getAdmissionWhitelistPatternsOrBuilder(int index)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
indexint
Returns
TypeDescription
AdmissionWhitelistPatternOrBuilder

getAdmissionWhitelistPatternsOrBuilderList()

public List<? extends AdmissionWhitelistPatternOrBuilder> getAdmissionWhitelistPatternsOrBuilderList()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
List<? extends com.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPatternOrBuilder>

getClusterAdmissionRules()

public Map<String,AdmissionRule> getClusterAdmissionRules()
Returns
TypeDescription
Map<String,AdmissionRule>

getClusterAdmissionRulesCount()

public int getClusterAdmissionRulesCount()

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getClusterAdmissionRulesMap()

public Map<String,AdmissionRule> getClusterAdmissionRulesMap()

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Map<String,AdmissionRule>

getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

public AdmissionRule getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
keyString
defaultValueAdmissionRule
Returns
TypeDescription
AdmissionRule

getClusterAdmissionRulesOrThrow(String key)

public AdmissionRule getClusterAdmissionRulesOrThrow(String key)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
AdmissionRule

getDefaultAdmissionRule()

public AdmissionRule getDefaultAdmissionRule()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
AdmissionRule

The defaultAdmissionRule.

getDefaultAdmissionRuleBuilder()

public AdmissionRule.Builder getDefaultAdmissionRuleBuilder()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
AdmissionRule.Builder

getDefaultAdmissionRuleOrBuilder()

public AdmissionRuleOrBuilder getDefaultAdmissionRuleOrBuilder()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
AdmissionRuleOrBuilder

getDefaultInstanceForType()

public Policy getDefaultInstanceForType()
Returns
TypeDescription
Policy

getDescription()

public String getDescription()

Optional. A descriptive comment.

string description = 6 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
String

The description.

getDescriptionBytes()

public ByteString getDescriptionBytes()

Optional. A descriptive comment.

string description = 6 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
ByteString

The bytes for description.

getDescriptorForType()

public Descriptors.Descriptor getDescriptorForType()
Returns
TypeDescription
Descriptor
Overrides

getGlobalPolicyEvaluationMode()

public Policy.GlobalPolicyEvaluationMode getGlobalPolicyEvaluationMode()

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Policy.GlobalPolicyEvaluationMode

The globalPolicyEvaluationMode.

getGlobalPolicyEvaluationModeValue()

public int getGlobalPolicyEvaluationModeValue()

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

The enum numeric value on the wire for globalPolicyEvaluationMode.

getIstioServiceIdentityAdmissionRules()

public Map<String,AdmissionRule> getIstioServiceIdentityAdmissionRules()
Returns
TypeDescription
Map<String,AdmissionRule>

getIstioServiceIdentityAdmissionRulesCount()

public int getIstioServiceIdentityAdmissionRulesCount()

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getIstioServiceIdentityAdmissionRulesMap()

public Map<String,AdmissionRule> getIstioServiceIdentityAdmissionRulesMap()

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Map<String,AdmissionRule>

getIstioServiceIdentityAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

public AdmissionRule getIstioServiceIdentityAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
keyString
defaultValueAdmissionRule
Returns
TypeDescription
AdmissionRule

getIstioServiceIdentityAdmissionRulesOrThrow(String key)

public AdmissionRule getIstioServiceIdentityAdmissionRulesOrThrow(String key)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
AdmissionRule

getKubernetesNamespaceAdmissionRules()

public Map<String,AdmissionRule> getKubernetesNamespaceAdmissionRules()
Returns
TypeDescription
Map<String,AdmissionRule>

getKubernetesNamespaceAdmissionRulesCount()

public int getKubernetesNamespaceAdmissionRulesCount()

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getKubernetesNamespaceAdmissionRulesMap()

public Map<String,AdmissionRule> getKubernetesNamespaceAdmissionRulesMap()

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Map<String,AdmissionRule>

getKubernetesNamespaceAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

public AdmissionRule getKubernetesNamespaceAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
keyString
defaultValueAdmissionRule
Returns
TypeDescription
AdmissionRule

getKubernetesNamespaceAdmissionRulesOrThrow(String key)

public AdmissionRule getKubernetesNamespaceAdmissionRulesOrThrow(String key)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
AdmissionRule

getKubernetesServiceAccountAdmissionRules()

public Map<String,AdmissionRule> getKubernetesServiceAccountAdmissionRules()
Returns
TypeDescription
Map<String,AdmissionRule>

getKubernetesServiceAccountAdmissionRulesCount()

public int getKubernetesServiceAccountAdmissionRulesCount()

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getKubernetesServiceAccountAdmissionRulesMap()

public Map<String,AdmissionRule> getKubernetesServiceAccountAdmissionRulesMap()

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Map<String,AdmissionRule>

getKubernetesServiceAccountAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

public AdmissionRule getKubernetesServiceAccountAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
keyString
defaultValueAdmissionRule
Returns
TypeDescription
AdmissionRule

getKubernetesServiceAccountAdmissionRulesOrThrow(String key)

public AdmissionRule getKubernetesServiceAccountAdmissionRulesOrThrow(String key)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
AdmissionRule

getMutableClusterAdmissionRules()

public Map<String,AdmissionRule> getMutableClusterAdmissionRules()

Use alternate mutation accessors instead.

Returns
TypeDescription
Map<String,AdmissionRule>

getMutableIstioServiceIdentityAdmissionRules()

public Map<String,AdmissionRule> getMutableIstioServiceIdentityAdmissionRules()

Use alternate mutation accessors instead.

Returns
TypeDescription
Map<String,AdmissionRule>

getMutableKubernetesNamespaceAdmissionRules()

public Map<String,AdmissionRule> getMutableKubernetesNamespaceAdmissionRules()

Use alternate mutation accessors instead.

Returns
TypeDescription
Map<String,AdmissionRule>

getMutableKubernetesServiceAccountAdmissionRules()

public Map<String,AdmissionRule> getMutableKubernetesServiceAccountAdmissionRules()

Use alternate mutation accessors instead.

Returns
TypeDescription
Map<String,AdmissionRule>

getName()

public String getName()

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
String

The name.

getNameBytes()

public ByteString getNameBytes()

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
ByteString

The bytes for name.

getUpdateTime()

public Timestamp getUpdateTime()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
Timestamp

The updateTime.

getUpdateTimeBuilder()

public Timestamp.Builder getUpdateTimeBuilder()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
Builder

getUpdateTimeOrBuilder()

public TimestampOrBuilder getUpdateTimeOrBuilder()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
TimestampOrBuilder

hasDefaultAdmissionRule()

public boolean hasDefaultAdmissionRule()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
boolean

Whether the defaultAdmissionRule field is set.

hasUpdateTime()

public boolean hasUpdateTime()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
boolean

Whether the updateTime field is set.

internalGetFieldAccessorTable()

protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
TypeDescription
FieldAccessorTable
Overrides

internalGetMapField(int number)

protected MapField internalGetMapField(int number)
Parameter
NameDescription
numberint
Returns
TypeDescription
MapField
Overrides

internalGetMutableMapField(int number)

protected MapField internalGetMutableMapField(int number)
Parameter
NameDescription
numberint
Returns
TypeDescription
MapField
Overrides

isInitialized()

public final boolean isInitialized()
Returns
TypeDescription
boolean
Overrides

mergeDefaultAdmissionRule(AdmissionRule value)

public Policy.Builder mergeDefaultAdmissionRule(AdmissionRule value)

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

Parameter
NameDescription
valueAdmissionRule
Returns
TypeDescription
Policy.Builder

mergeFrom(Policy other)

public Policy.Builder mergeFrom(Policy other)
Parameter
NameDescription
otherPolicy
Returns
TypeDescription
Policy.Builder

mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

public Policy.Builder mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputCodedInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
Policy.Builder
Overrides Exceptions
TypeDescription
IOException

mergeFrom(Message other)

public Policy.Builder mergeFrom(Message other)
Parameter
NameDescription
otherMessage
Returns
TypeDescription
Policy.Builder
Overrides

mergeUnknownFields(UnknownFieldSet unknownFields)

public final Policy.Builder mergeUnknownFields(UnknownFieldSet unknownFields)
Parameter
NameDescription
unknownFieldsUnknownFieldSet
Returns
TypeDescription
Policy.Builder
Overrides

mergeUpdateTime(Timestamp value)

public Policy.Builder mergeUpdateTime(Timestamp value)

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Parameter
NameDescription
valueTimestamp
Returns
TypeDescription
Policy.Builder

putAllClusterAdmissionRules(Map<String,AdmissionRule> values)

public Policy.Builder putAllClusterAdmissionRules(Map<String,AdmissionRule> values)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
valuesMap<String,AdmissionRule>
Returns
TypeDescription
Policy.Builder

putAllIstioServiceIdentityAdmissionRules(Map<String,AdmissionRule> values)

public Policy.Builder putAllIstioServiceIdentityAdmissionRules(Map<String,AdmissionRule> values)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
valuesMap<String,AdmissionRule>
Returns
TypeDescription
Policy.Builder

putAllKubernetesNamespaceAdmissionRules(Map<String,AdmissionRule> values)

public Policy.Builder putAllKubernetesNamespaceAdmissionRules(Map<String,AdmissionRule> values)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
valuesMap<String,AdmissionRule>
Returns
TypeDescription
Policy.Builder

putAllKubernetesServiceAccountAdmissionRules(Map<String,AdmissionRule> values)

public Policy.Builder putAllKubernetesServiceAccountAdmissionRules(Map<String,AdmissionRule> values)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
valuesMap<String,AdmissionRule>
Returns
TypeDescription
Policy.Builder

putClusterAdmissionRules(String key, AdmissionRule value)

public Policy.Builder putClusterAdmissionRules(String key, AdmissionRule value)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
keyString
valueAdmissionRule
Returns
TypeDescription
Policy.Builder

putIstioServiceIdentityAdmissionRules(String key, AdmissionRule value)

public Policy.Builder putIstioServiceIdentityAdmissionRules(String key, AdmissionRule value)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
keyString
valueAdmissionRule
Returns
TypeDescription
Policy.Builder

putKubernetesNamespaceAdmissionRules(String key, AdmissionRule value)

public Policy.Builder putKubernetesNamespaceAdmissionRules(String key, AdmissionRule value)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
keyString
valueAdmissionRule
Returns
TypeDescription
Policy.Builder

putKubernetesServiceAccountAdmissionRules(String key, AdmissionRule value)

public Policy.Builder putKubernetesServiceAccountAdmissionRules(String key, AdmissionRule value)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
keyString
valueAdmissionRule
Returns
TypeDescription
Policy.Builder

removeAdmissionWhitelistPatterns(int index)

public Policy.Builder removeAdmissionWhitelistPatterns(int index)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
indexint
Returns
TypeDescription
Policy.Builder

removeClusterAdmissionRules(String key)

public Policy.Builder removeClusterAdmissionRules(String key)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
Policy.Builder

removeIstioServiceIdentityAdmissionRules(String key)

public Policy.Builder removeIstioServiceIdentityAdmissionRules(String key)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
Policy.Builder

removeKubernetesNamespaceAdmissionRules(String key)

public Policy.Builder removeKubernetesNamespaceAdmissionRules(String key)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
Policy.Builder

removeKubernetesServiceAccountAdmissionRules(String key)

public Policy.Builder removeKubernetesServiceAccountAdmissionRules(String key)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
Policy.Builder

setAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern value)

public Policy.Builder setAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern value)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
indexint
valueAdmissionWhitelistPattern
Returns
TypeDescription
Policy.Builder

setAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern.Builder builderForValue)

public Policy.Builder setAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern.Builder builderForValue)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
indexint
builderForValueAdmissionWhitelistPattern.Builder
Returns
TypeDescription
Policy.Builder

setDefaultAdmissionRule(AdmissionRule value)

public Policy.Builder setDefaultAdmissionRule(AdmissionRule value)

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

Parameter
NameDescription
valueAdmissionRule
Returns
TypeDescription
Policy.Builder

setDefaultAdmissionRule(AdmissionRule.Builder builderForValue)

public Policy.Builder setDefaultAdmissionRule(AdmissionRule.Builder builderForValue)

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

Parameter
NameDescription
builderForValueAdmissionRule.Builder
Returns
TypeDescription
Policy.Builder

setDescription(String value)

public Policy.Builder setDescription(String value)

Optional. A descriptive comment.

string description = 6 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
valueString

The description to set.

Returns
TypeDescription
Policy.Builder

This builder for chaining.

setDescriptionBytes(ByteString value)

public Policy.Builder setDescriptionBytes(ByteString value)

Optional. A descriptive comment.

string description = 6 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
valueByteString

The bytes for description to set.

Returns
TypeDescription
Policy.Builder

This builder for chaining.

setField(Descriptors.FieldDescriptor field, Object value)

public Policy.Builder setField(Descriptors.FieldDescriptor field, Object value)
Parameters
NameDescription
fieldFieldDescriptor
valueObject
Returns
TypeDescription
Policy.Builder
Overrides

setGlobalPolicyEvaluationMode(Policy.GlobalPolicyEvaluationMode value)

public Policy.Builder setGlobalPolicyEvaluationMode(Policy.GlobalPolicyEvaluationMode value)

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
valuePolicy.GlobalPolicyEvaluationMode

The globalPolicyEvaluationMode to set.

Returns
TypeDescription
Policy.Builder

This builder for chaining.

setGlobalPolicyEvaluationModeValue(int value)

public Policy.Builder setGlobalPolicyEvaluationModeValue(int value)

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
valueint

The enum numeric value on the wire for globalPolicyEvaluationMode to set.

Returns
TypeDescription
Policy.Builder

This builder for chaining.

setName(String value)

public Policy.Builder setName(String value)

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

Parameter
NameDescription
valueString

The name to set.

Returns
TypeDescription
Policy.Builder

This builder for chaining.

setNameBytes(ByteString value)

public Policy.Builder setNameBytes(ByteString value)

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

Parameter
NameDescription
valueByteString

The bytes for name to set.

Returns
TypeDescription
Policy.Builder

This builder for chaining.

setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)

public Policy.Builder setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)
Parameters
NameDescription
fieldFieldDescriptor
indexint
valueObject
Returns
TypeDescription
Policy.Builder
Overrides

setUnknownFields(UnknownFieldSet unknownFields)

public final Policy.Builder setUnknownFields(UnknownFieldSet unknownFields)
Parameter
NameDescription
unknownFieldsUnknownFieldSet
Returns
TypeDescription
Policy.Builder
Overrides

setUpdateTime(Timestamp value)

public Policy.Builder setUpdateTime(Timestamp value)

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Parameter
NameDescription
valueTimestamp
Returns
TypeDescription
Policy.Builder

setUpdateTime(Timestamp.Builder builderForValue)

public Policy.Builder setUpdateTime(Timestamp.Builder builderForValue)

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Parameter
NameDescription
builderForValueBuilder
Returns
TypeDescription
Policy.Builder