public static final class Policy.Builder extends GeneratedMessageV3.Builder<Policy.Builder> implements PolicyOrBuilder
A policy for Binary Authorization.
Protobuf type google.cloud.binaryauthorization.v1beta1.Policy
Inheritance
Object > AbstractMessageLite.Builder<MessageType,BuilderType> > AbstractMessage.Builder<BuilderType> > GeneratedMessageV3.Builder > Policy.BuilderImplements
PolicyOrBuilderStatic Methods
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
Returns | |
---|---|
Type | Description |
Descriptor |
Methods
addAdmissionWhitelistPatterns(AdmissionWhitelistPattern value)
public Policy.Builder addAdmissionWhitelistPatterns(AdmissionWhitelistPattern value)
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
value | AdmissionWhitelistPattern |
Returns | |
---|---|
Type | Description |
Policy.Builder |
addAdmissionWhitelistPatterns(AdmissionWhitelistPattern.Builder builderForValue)
public Policy.Builder addAdmissionWhitelistPatterns(AdmissionWhitelistPattern.Builder builderForValue)
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
builderForValue | AdmissionWhitelistPattern.Builder |
Returns | |
---|---|
Type | Description |
Policy.Builder |
addAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern value)
public Policy.Builder addAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern value)
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameters | |
---|---|
Name | Description |
index | int |
value | AdmissionWhitelistPattern |
Returns | |
---|---|
Type | Description |
Policy.Builder |
addAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern.Builder builderForValue)
public Policy.Builder addAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern.Builder builderForValue)
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameters | |
---|---|
Name | Description |
index | int |
builderForValue | AdmissionWhitelistPattern.Builder |
Returns | |
---|---|
Type | Description |
Policy.Builder |
addAdmissionWhitelistPatternsBuilder()
public AdmissionWhitelistPattern.Builder addAdmissionWhitelistPatternsBuilder()
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
AdmissionWhitelistPattern.Builder |
addAdmissionWhitelistPatternsBuilder(int index)
public AdmissionWhitelistPattern.Builder addAdmissionWhitelistPatternsBuilder(int index)
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
index | int |
Returns | |
---|---|
Type | Description |
AdmissionWhitelistPattern.Builder |
addAllAdmissionWhitelistPatterns(Iterable<? extends AdmissionWhitelistPattern> values)
public Policy.Builder addAllAdmissionWhitelistPatterns(Iterable<? extends AdmissionWhitelistPattern> values)
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
values | Iterable<? extends com.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern> |
Returns | |
---|---|
Type | Description |
Policy.Builder |
addRepeatedField(Descriptors.FieldDescriptor field, Object value)
public Policy.Builder addRepeatedField(Descriptors.FieldDescriptor field, Object value)
Parameters | |
---|---|
Name | Description |
field | FieldDescriptor |
value | Object |
Returns | |
---|---|
Type | Description |
Policy.Builder |
build()
public Policy build()
Returns | |
---|---|
Type | Description |
Policy |
buildPartial()
public Policy buildPartial()
Returns | |
---|---|
Type | Description |
Policy |
clear()
public Policy.Builder clear()
Returns | |
---|---|
Type | Description |
Policy.Builder |
clearAdmissionWhitelistPatterns()
public Policy.Builder clearAdmissionWhitelistPatterns()
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
Policy.Builder |
clearClusterAdmissionRules()
public Policy.Builder clearClusterAdmissionRules()
Returns | |
---|---|
Type | Description |
Policy.Builder |
clearDefaultAdmissionRule()
public Policy.Builder clearDefaultAdmissionRule()
Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
Returns | |
---|---|
Type | Description |
Policy.Builder |
clearDescription()
public Policy.Builder clearDescription()
Optional. A descriptive comment.
string description = 6 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
Policy.Builder | This builder for chaining. |
clearField(Descriptors.FieldDescriptor field)
public Policy.Builder clearField(Descriptors.FieldDescriptor field)
Parameter | |
---|---|
Name | Description |
field | FieldDescriptor |
Returns | |
---|---|
Type | Description |
Policy.Builder |
clearGlobalPolicyEvaluationMode()
public Policy.Builder clearGlobalPolicyEvaluationMode()
Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
Policy.Builder | This builder for chaining. |
clearIstioServiceIdentityAdmissionRules()
public Policy.Builder clearIstioServiceIdentityAdmissionRules()
Returns | |
---|---|
Type | Description |
Policy.Builder |
clearKubernetesNamespaceAdmissionRules()
public Policy.Builder clearKubernetesNamespaceAdmissionRules()
Returns | |
---|---|
Type | Description |
Policy.Builder |
clearKubernetesServiceAccountAdmissionRules()
public Policy.Builder clearKubernetesServiceAccountAdmissionRules()
Returns | |
---|---|
Type | Description |
Policy.Builder |
clearName()
public Policy.Builder clearName()
Output only. The resource name, in the format projects/*/policy
. There is
at most one policy per project.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns | |
---|---|
Type | Description |
Policy.Builder | This builder for chaining. |
clearOneof(Descriptors.OneofDescriptor oneof)
public Policy.Builder clearOneof(Descriptors.OneofDescriptor oneof)
Parameter | |
---|---|
Name | Description |
oneof | OneofDescriptor |
Returns | |
---|---|
Type | Description |
Policy.Builder |
clearUpdateTime()
public Policy.Builder clearUpdateTime()
Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
Returns | |
---|---|
Type | Description |
Policy.Builder |
clone()
public Policy.Builder clone()
Returns | |
---|---|
Type | Description |
Policy.Builder |
containsClusterAdmissionRules(String key)
public boolean containsClusterAdmissionRules(String key)
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
key | String |
Returns | |
---|---|
Type | Description |
boolean |
containsIstioServiceIdentityAdmissionRules(String key)
public boolean containsIstioServiceIdentityAdmissionRules(String key)
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>
or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
key | String |
Returns | |
---|---|
Type | Description |
boolean |
containsKubernetesNamespaceAdmissionRules(String key)
public boolean containsKubernetesNamespaceAdmissionRules(String key)
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+
, e.g. some-namespace
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
key | String |
Returns | |
---|---|
Type | Description |
boolean |
containsKubernetesServiceAccountAdmissionRules(String key)
public boolean containsKubernetesServiceAccountAdmissionRules(String key)
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount
. e.g. test-ns:default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
key | String |
Returns | |
---|---|
Type | Description |
boolean |
getAdmissionWhitelistPatterns(int index)
public AdmissionWhitelistPattern getAdmissionWhitelistPatterns(int index)
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
index | int |
Returns | |
---|---|
Type | Description |
AdmissionWhitelistPattern |
getAdmissionWhitelistPatternsBuilder(int index)
public AdmissionWhitelistPattern.Builder getAdmissionWhitelistPatternsBuilder(int index)
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
index | int |
Returns | |
---|---|
Type | Description |
AdmissionWhitelistPattern.Builder |
getAdmissionWhitelistPatternsBuilderList()
public List<AdmissionWhitelistPattern.Builder> getAdmissionWhitelistPatternsBuilderList()
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
List<Builder> |
getAdmissionWhitelistPatternsCount()
public int getAdmissionWhitelistPatternsCount()
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
int |
getAdmissionWhitelistPatternsList()
public List<AdmissionWhitelistPattern> getAdmissionWhitelistPatternsList()
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
List<AdmissionWhitelistPattern> |
getAdmissionWhitelistPatternsOrBuilder(int index)
public AdmissionWhitelistPatternOrBuilder getAdmissionWhitelistPatternsOrBuilder(int index)
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Parameter | |
---|---|
Name | Description |
index | int |
Returns | |
---|---|
Type | Description |
AdmissionWhitelistPatternOrBuilder |
getAdmissionWhitelistPatternsOrBuilderList()
public List<? extends AdmissionWhitelistPatternOrBuilder> getAdmissionWhitelistPatternsOrBuilderList()
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
List<? extends com.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPatternOrBuilder> |
getClusterAdmissionRules()
public Map<String,AdmissionRule> getClusterAdmissionRules()
Use #getClusterAdmissionRulesMap() instead.
Returns | |
---|---|
Type | Description |
Map<String,AdmissionRule> |
getClusterAdmissionRulesCount()
public int getClusterAdmissionRulesCount()
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
int |
getClusterAdmissionRulesMap()
public Map<String,AdmissionRule> getClusterAdmissionRulesMap()
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
Returns | |
---|---|
Type | Description |
Map<String,AdmissionRule> |
getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
public AdmissionRule getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
Parameters | |
---|---|
Name | Description |
key | String |
defaultValue | AdmissionRule |
Returns | |
---|---|
Type | Description |
AdmissionRule |
getClusterAdmissionRulesOrThrow(String key)
public AdmissionRule getClusterAdmissionRulesOrThrow(String key)
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A