Class Resources.AdmissionRule (1.45.0)

public static final class Resources.AdmissionRule extends GeneratedMessageV3 implements Resources.AdmissionRuleOrBuilder

An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied.

Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation.

Protobuf type google.cloud.binaryauthorization.v1.AdmissionRule

Static Fields

ENFORCEMENT_MODE_FIELD_NUMBER

public static final int ENFORCEMENT_MODE_FIELD_NUMBER
Field Value
Type Description
int

EVALUATION_MODE_FIELD_NUMBER

public static final int EVALUATION_MODE_FIELD_NUMBER
Field Value
Type Description
int

REQUIRE_ATTESTATIONS_BY_FIELD_NUMBER

public static final int REQUIRE_ATTESTATIONS_BY_FIELD_NUMBER
Field Value
Type Description
int

Static Methods

getDefaultInstance()

public static Resources.AdmissionRule getDefaultInstance()
Returns
Type Description
Resources.AdmissionRule

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
Type Description
Descriptor

newBuilder()

public static Resources.AdmissionRule.Builder newBuilder()
Returns
Type Description
Resources.AdmissionRule.Builder

newBuilder(Resources.AdmissionRule prototype)

public static Resources.AdmissionRule.Builder newBuilder(Resources.AdmissionRule prototype)
Parameter
Name Description
prototype Resources.AdmissionRule
Returns
Type Description
Resources.AdmissionRule.Builder

parseDelimitedFrom(InputStream input)

public static Resources.AdmissionRule parseDelimitedFrom(InputStream input)
Parameter
Name Description
input InputStream
Returns
Type Description
Resources.AdmissionRule
Exceptions
Type Description
IOException

parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static Resources.AdmissionRule parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
input InputStream
extensionRegistry ExtensionRegistryLite
Returns
Type Description
Resources.AdmissionRule
Exceptions
Type Description
IOException

parseFrom(byte[] data)

public static Resources.AdmissionRule parseFrom(byte[] data)
Parameter
Name Description
data byte[]
Returns
Type Description
Resources.AdmissionRule
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)

public static Resources.AdmissionRule parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
data byte[]
extensionRegistry ExtensionRegistryLite
Returns
Type Description
Resources.AdmissionRule
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(ByteString data)

public static Resources.AdmissionRule parseFrom(ByteString data)
Parameter
Name Description
data ByteString
Returns
Type Description
Resources.AdmissionRule
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)

public static Resources.AdmissionRule parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
data ByteString
extensionRegistry ExtensionRegistryLite
Returns
Type Description
Resources.AdmissionRule
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(CodedInputStream input)

public static Resources.AdmissionRule parseFrom(CodedInputStream input)
Parameter
Name Description
input CodedInputStream
Returns
Type Description
Resources.AdmissionRule
Exceptions
Type Description
IOException

parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

public static Resources.AdmissionRule parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
input CodedInputStream
extensionRegistry ExtensionRegistryLite
Returns
Type Description
Resources.AdmissionRule
Exceptions
Type Description
IOException

parseFrom(InputStream input)

public static Resources.AdmissionRule parseFrom(InputStream input)
Parameter
Name Description
input InputStream
Returns
Type Description
Resources.AdmissionRule
Exceptions
Type Description
IOException

parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static Resources.AdmissionRule parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
input InputStream
extensionRegistry ExtensionRegistryLite
Returns
Type Description
Resources.AdmissionRule
Exceptions
Type Description
IOException

parseFrom(ByteBuffer data)

public static Resources.AdmissionRule parseFrom(ByteBuffer data)
Parameter
Name Description
data ByteBuffer
Returns
Type Description
Resources.AdmissionRule
Exceptions
Type Description
InvalidProtocolBufferException

parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)

public static Resources.AdmissionRule parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
Parameters
Name Description
data ByteBuffer
extensionRegistry ExtensionRegistryLite
Returns
Type Description
Resources.AdmissionRule
Exceptions
Type Description
InvalidProtocolBufferException

parser()

public static Parser<Resources.AdmissionRule> parser()
Returns
Type Description
Parser<AdmissionRule>

Methods

equals(Object obj)

public boolean equals(Object obj)
Parameter
Name Description
obj Object
Returns
Type Description
boolean
Overrides

getDefaultInstanceForType()

public Resources.AdmissionRule getDefaultInstanceForType()
Returns
Type Description
Resources.AdmissionRule

getEnforcementMode()

public Resources.AdmissionRule.EnforcementMode getEnforcementMode()

Required. The action when a pod creation is denied by the admission rule.

.google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];

Returns
Type Description
Resources.AdmissionRule.EnforcementMode

The enforcementMode.

getEnforcementModeValue()

public int getEnforcementModeValue()

Required. The action when a pod creation is denied by the admission rule.

.google.cloud.binaryauthorization.v1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];

Returns
Type Description
int

The enum numeric value on the wire for enforcementMode.

getEvaluationMode()

public Resources.AdmissionRule.EvaluationMode getEvaluationMode()

Required. How this admission rule will be evaluated.

.google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
Type Description
Resources.AdmissionRule.EvaluationMode

The evaluationMode.

getEvaluationModeValue()

public int getEvaluationModeValue()

Required. How this admission rule will be evaluated.

.google.cloud.binaryauthorization.v1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];

Returns
Type Description
int

The enum numeric value on the wire for evaluationMode.

getParserForType()

public Parser<Resources.AdmissionRule> getParserForType()
Returns
Type Description
Parser<AdmissionRule>
Overrides

getRequireAttestationsBy(int index)

public String getRequireAttestationsBy(int index)

Optional. The resource names of the attestors that must attest to a container image, in the format projects/*/attestors/*. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource.

Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.

repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
Name Description
index int

The index of the element to return.

Returns
Type Description
String

The requireAttestationsBy at the given index.

getRequireAttestationsByBytes(int index)

public ByteString getRequireAttestationsByBytes(int index)

Optional. The resource names of the attestors that must attest to a container image, in the format projects/*/attestors/*. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource.

Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.

repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
Name Description
index int

The index of the value to return.

Returns
Type Description
ByteString

The bytes of the requireAttestationsBy at the given index.

getRequireAttestationsByCount()

public int getRequireAttestationsByCount()

Optional. The resource names of the attestors that must attest to a container image, in the format projects/*/attestors/*. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource.

Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.

repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
Type Description
int

The count of requireAttestationsBy.

getRequireAttestationsByList()

public ProtocolStringList getRequireAttestationsByList()

Optional. The resource names of the attestors that must attest to a container image, in the format projects/*/attestors/*. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource.

Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.

repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
Type Description
ProtocolStringList

A list containing the requireAttestationsBy.

getSerializedSize()

public int getSerializedSize()
Returns
Type Description
int
Overrides

hashCode()

public int hashCode()
Returns
Type Description
int
Overrides

internalGetFieldAccessorTable()

protected GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
Returns
Type Description
FieldAccessorTable
Overrides

isInitialized()

public final boolean isInitialized()
Returns
Type Description
boolean
Overrides

newBuilderForType()

public Resources.AdmissionRule.Builder newBuilderForType()
Returns
Type Description
Resources.AdmissionRule.Builder

newBuilderForType(GeneratedMessageV3.BuilderParent parent)

protected Resources.AdmissionRule.Builder newBuilderForType(GeneratedMessageV3.BuilderParent parent)
Parameter
Name Description
parent BuilderParent
Returns
Type Description
Resources.AdmissionRule.Builder
Overrides

newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)

protected Object newInstance(GeneratedMessageV3.UnusedPrivateParameter unused)
Parameter
Name Description
unused UnusedPrivateParameter
Returns
Type Description
Object
Overrides

toBuilder()

public Resources.AdmissionRule.Builder toBuilder()
Returns
Type Description
Resources.AdmissionRule.Builder

writeTo(CodedOutputStream output)

public void writeTo(CodedOutputStream output)
Parameter
Name Description
output CodedOutputStream
Overrides
Exceptions
Type Description
IOException