Interface PolicyOrBuilder (1.5.0)

Stay organized with collections Save and categorize content based on your preferences.
public interface PolicyOrBuilder extends MessageOrBuilder

Implements

MessageOrBuilder

Methods

containsClusterAdmissionRules(String key)

public abstract boolean containsClusterAdmissionRules(String key)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

containsIstioServiceIdentityAdmissionRules(String key)

public abstract boolean containsIstioServiceIdentityAdmissionRules(String key)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

containsKubernetesNamespaceAdmissionRules(String key)

public abstract boolean containsKubernetesNamespaceAdmissionRules(String key)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

containsKubernetesServiceAccountAdmissionRules(String key)

public abstract boolean containsKubernetesServiceAccountAdmissionRules(String key)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

getAdmissionWhitelistPatterns(int index)

public abstract AdmissionWhitelistPattern getAdmissionWhitelistPatterns(int index)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
indexint
Returns
TypeDescription
AdmissionWhitelistPattern

getAdmissionWhitelistPatternsCount()

public abstract int getAdmissionWhitelistPatternsCount()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getAdmissionWhitelistPatternsList()

public abstract List<AdmissionWhitelistPattern> getAdmissionWhitelistPatternsList()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
List<AdmissionWhitelistPattern>

getAdmissionWhitelistPatternsOrBuilder(int index)

public abstract AdmissionWhitelistPatternOrBuilder getAdmissionWhitelistPatternsOrBuilder(int index)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
indexint
Returns
TypeDescription
AdmissionWhitelistPatternOrBuilder

getAdmissionWhitelistPatternsOrBuilderList()

public abstract List<? extends AdmissionWhitelistPatternOrBuilder> getAdmissionWhitelistPatternsOrBuilderList()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
List<? extends com.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPatternOrBuilder>

getClusterAdmissionRules()

public abstract Map<String,AdmissionRule> getClusterAdmissionRules()
Returns
TypeDescription
Map<String,AdmissionRule>

getClusterAdmissionRulesCount()

public abstract int getClusterAdmissionRulesCount()

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getClusterAdmissionRulesMap()

public abstract Map<String,AdmissionRule> getClusterAdmissionRulesMap()

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Map<String,AdmissionRule>

getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

public abstract AdmissionRule getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
keyString
defaultValueAdmissionRule
Returns
TypeDescription
AdmissionRule

getClusterAdmissionRulesOrThrow(String key)

public abstract AdmissionRule getClusterAdmissionRulesOrThrow(String key)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
AdmissionRule

getDefaultAdmissionRule()

public abstract AdmissionRule getDefaultAdmissionRule()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
AdmissionRule

The defaultAdmissionRule.

getDefaultAdmissionRuleOrBuilder()

public abstract AdmissionRuleOrBuilder getDefaultAdmissionRuleOrBuilder()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
AdmissionRuleOrBuilder

getDescription()

public abstract String getDescription()

Optional. A descriptive comment.

string description = 6 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
String

The description.

getDescriptionBytes()

public abstract ByteString getDescriptionBytes()

Optional. A descriptive comment.

string description = 6 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
ByteString

The bytes for description.

getGlobalPolicyEvaluationMode()

public abstract Policy.GlobalPolicyEvaluationMode getGlobalPolicyEvaluationMode()

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Policy.GlobalPolicyEvaluationMode

The globalPolicyEvaluationMode.

getGlobalPolicyEvaluationModeValue()

public abstract int getGlobalPolicyEvaluationModeValue()

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

The enum numeric value on the wire for globalPolicyEvaluationMode.

getIstioServiceIdentityAdmissionRules()

public abstract Map<String,AdmissionRule> getIstioServiceIdentityAdmissionRules()
Returns
TypeDescription
Map<String,AdmissionRule>

getIstioServiceIdentityAdmissionRulesCount()

public abstract int getIstioServiceIdentityAdmissionRulesCount()

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getIstioServiceIdentityAdmissionRulesMap()

public abstract Map<String,AdmissionRule> getIstioServiceIdentityAdmissionRulesMap()

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Map<String,AdmissionRule>

getIstioServiceIdentityAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

public abstract AdmissionRule getIstioServiceIdentityAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
keyString
defaultValueAdmissionRule
Returns
TypeDescription
AdmissionRule

getIstioServiceIdentityAdmissionRulesOrThrow(String key)

public abstract AdmissionRule getIstioServiceIdentityAdmissionRulesOrThrow(String key)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
AdmissionRule

getKubernetesNamespaceAdmissionRules()

public abstract Map<String,AdmissionRule> getKubernetesNamespaceAdmissionRules()
Returns
TypeDescription
Map<String,AdmissionRule>

getKubernetesNamespaceAdmissionRulesCount()

public abstract int getKubernetesNamespaceAdmissionRulesCount()

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getKubernetesNamespaceAdmissionRulesMap()

public abstract Map<String,AdmissionRule> getKubernetesNamespaceAdmissionRulesMap()

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Map<String,AdmissionRule>

getKubernetesNamespaceAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

public abstract AdmissionRule getKubernetesNamespaceAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
keyString
defaultValueAdmissionRule
Returns
TypeDescription
AdmissionRule

getKubernetesNamespaceAdmissionRulesOrThrow(String key)

public abstract AdmissionRule getKubernetesNamespaceAdmissionRulesOrThrow(String key)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
AdmissionRule

getKubernetesServiceAccountAdmissionRules()

public abstract Map<String,AdmissionRule> getKubernetesServiceAccountAdmissionRules()
Returns
TypeDescription
Map<String,AdmissionRule>

getKubernetesServiceAccountAdmissionRulesCount()

public abstract int getKubernetesServiceAccountAdmissionRulesCount()

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getKubernetesServiceAccountAdmissionRulesMap()

public abstract Map<String,AdmissionRule> getKubernetesServiceAccountAdmissionRulesMap()

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
Map<String,AdmissionRule>

getKubernetesServiceAccountAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

public abstract AdmissionRule getKubernetesServiceAccountAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Parameters
NameDescription
keyString
defaultValueAdmissionRule
Returns
TypeDescription
AdmissionRule

getKubernetesServiceAccountAdmissionRulesOrThrow(String key)

public abstract AdmissionRule getKubernetesServiceAccountAdmissionRulesOrThrow(String key)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
AdmissionRule

getName()

public abstract String getName()

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
String

The name.

getNameBytes()

public abstract ByteString getNameBytes()

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
ByteString

The bytes for name.

getUpdateTime()

public abstract Timestamp getUpdateTime()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
Timestamp

The updateTime.

getUpdateTimeOrBuilder()

public abstract TimestampOrBuilder getUpdateTimeOrBuilder()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
TimestampOrBuilder

hasDefaultAdmissionRule()

public abstract boolean hasDefaultAdmissionRule()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

Returns
TypeDescription
boolean

Whether the defaultAdmissionRule field is set.

hasUpdateTime()

public abstract boolean hasUpdateTime()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

Returns
TypeDescription
boolean

Whether the updateTime field is set.