Class Policy.Builder (1.23.0)

public static final class Policy.Builder extends GeneratedMessageV3.Builder<Policy.Builder> implements PolicyOrBuilder

A policy for Binary Authorization.

Protobuf type google.cloud.binaryauthorization.v1beta1.Policy

Implements

PolicyOrBuilder

Static Methods

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
TypeDescription
Descriptor

Methods

addAdmissionWhitelistPatterns(AdmissionWhitelistPattern value)

public Policy.Builder addAdmissionWhitelistPatterns(AdmissionWhitelistPattern value)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
valueAdmissionWhitelistPattern
Returns
TypeDescription
Policy.Builder

addAdmissionWhitelistPatterns(AdmissionWhitelistPattern.Builder builderForValue)

public Policy.Builder addAdmissionWhitelistPatterns(AdmissionWhitelistPattern.Builder builderForValue)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
builderForValueAdmissionWhitelistPattern.Builder
Returns
TypeDescription
Policy.Builder

addAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern value)

public Policy.Builder addAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern value)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
indexint
valueAdmissionWhitelistPattern
Returns
TypeDescription
Policy.Builder

addAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern.Builder builderForValue)

public Policy.Builder addAdmissionWhitelistPatterns(int index, AdmissionWhitelistPattern.Builder builderForValue)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
indexint
builderForValueAdmissionWhitelistPattern.Builder
Returns
TypeDescription
Policy.Builder

addAdmissionWhitelistPatternsBuilder()

public AdmissionWhitelistPattern.Builder addAdmissionWhitelistPatternsBuilder()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
AdmissionWhitelistPattern.Builder

addAdmissionWhitelistPatternsBuilder(int index)

public AdmissionWhitelistPattern.Builder addAdmissionWhitelistPatternsBuilder(int index)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
indexint
Returns
TypeDescription
AdmissionWhitelistPattern.Builder

addAllAdmissionWhitelistPatterns(Iterable<? extends AdmissionWhitelistPattern> values)

public Policy.Builder addAllAdmissionWhitelistPatterns(Iterable<? extends AdmissionWhitelistPattern> values)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
valuesIterable<? extends com.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern>
Returns
TypeDescription
Policy.Builder

addRepeatedField(Descriptors.FieldDescriptor field, Object value)

public Policy.Builder addRepeatedField(Descriptors.FieldDescriptor field, Object value)
Parameters
NameDescription
fieldFieldDescriptor
valueObject
Returns
TypeDescription
Policy.Builder
Overrides

build()

public Policy build()
Returns
TypeDescription
Policy

buildPartial()

public Policy buildPartial()
Returns
TypeDescription
Policy

clear()

public Policy.Builder clear()
Returns
TypeDescription
Policy.Builder
Overrides

clearAdmissionWhitelistPatterns()

public Policy.Builder clearAdmissionWhitelistPatterns()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Policy.Builder

clearClusterAdmissionRules()

public Policy.Builder clearClusterAdmissionRules()
Returns
TypeDescription
Policy.Builder

clearDefaultAdmissionRule()

public Policy.Builder clearDefaultAdmissionRule()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
Policy.Builder

clearDescription()

public Policy.Builder clearDescription()

Optional. A descriptive comment.

string description = 6 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Policy.Builder

This builder for chaining.

clearField(Descriptors.FieldDescriptor field)

public Policy.Builder clearField(Descriptors.FieldDescriptor field)
Parameter
NameDescription
fieldFieldDescriptor
Returns
TypeDescription
Policy.Builder
Overrides

clearGlobalPolicyEvaluationMode()

public Policy.Builder clearGlobalPolicyEvaluationMode()

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Policy.Builder

This builder for chaining.

clearIstioServiceIdentityAdmissionRules()

public Policy.Builder clearIstioServiceIdentityAdmissionRules()
Returns
TypeDescription
Policy.Builder

clearKubernetesNamespaceAdmissionRules()

public Policy.Builder clearKubernetesNamespaceAdmissionRules()
Returns
TypeDescription
Policy.Builder

clearKubernetesServiceAccountAdmissionRules()

public Policy.Builder clearKubernetesServiceAccountAdmissionRules()
Returns
TypeDescription
Policy.Builder

clearName()

public Policy.Builder clearName()

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
Policy.Builder

This builder for chaining.

clearOneof(Descriptors.OneofDescriptor oneof)

public Policy.Builder clearOneof(Descriptors.OneofDescriptor oneof)
Parameter
NameDescription
oneofOneofDescriptor
Returns
TypeDescription
Policy.Builder
Overrides

clearUpdateTime()

public Policy.Builder clearUpdateTime()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
Policy.Builder

clone()

public Policy.Builder clone()
Returns
TypeDescription
Policy.Builder
Overrides

containsClusterAdmissionRules(String key)

public boolean containsClusterAdmissionRules(String key)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

containsIstioServiceIdentityAdmissionRules(String key)

public boolean containsIstioServiceIdentityAdmissionRules(String key)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

containsKubernetesNamespaceAdmissionRules(String key)

public boolean containsKubernetesNamespaceAdmissionRules(String key)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

containsKubernetesServiceAccountAdmissionRules(String key)

public boolean containsKubernetesServiceAccountAdmissionRules(String key)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

getAdmissionWhitelistPatterns(int index)

public AdmissionWhitelistPattern getAdmissionWhitelistPatterns(int index)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
indexint
Returns
TypeDescription
AdmissionWhitelistPattern

getAdmissionWhitelistPatternsBuilder(int index)

public AdmissionWhitelistPattern.Builder getAdmissionWhitelistPatternsBuilder(int index)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
indexint
Returns
TypeDescription
AdmissionWhitelistPattern.Builder

getAdmissionWhitelistPatternsBuilderList()

public List<AdmissionWhitelistPattern.Builder> getAdmissionWhitelistPatternsBuilderList()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
List<Builder>

getAdmissionWhitelistPatternsCount()

public int getAdmissionWhitelistPatternsCount()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getAdmissionWhitelistPatternsList()

public List<AdmissionWhitelistPattern> getAdmissionWhitelistPatternsList()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
List<AdmissionWhitelistPattern>

getAdmissionWhitelistPatternsOrBuilder(int index)

public AdmissionWhitelistPatternOrBuilder getAdmissionWhitelistPatternsOrBuilder(int index)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
indexint
Returns
TypeDescription
AdmissionWhitelistPatternOrBuilder

getAdmissionWhitelistPatternsOrBuilderList()

public List<? extends AdmissionWhitelistPatternOrBuilder> getAdmissionWhitelistPatternsOrBuilderList()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
List<? extends com.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPatternOrBuilder>

getClusterAdmissionRules()

public Map<String,AdmissionRule> getClusterAdmissionRules()
Returns
TypeDescription
Map<String,AdmissionRule>

getClusterAdmissionRulesCount()

public int getClusterAdmissionRulesCount()

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getClusterAdmissionRulesMap()

public Map<String,AdmissionRule> getClusterAdmissionRulesMap()

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Map<String,AdmissionRule>

getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

public AdmissionRule getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
keyString
defaultValueAdmissionRule
Returns
TypeDescription
AdmissionRule

getClusterAdmissionRulesOrThrow(String key)

public AdmissionRule getClusterAdmissionRulesOrThrow(String key)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A