public static final class Resources.Policy extends GeneratedMessageV3 implements Resources.PolicyOrBuilder
A policy for container image binary authorization.
Protobuf type google.cloud.binaryauthorization.v1.Policy
Inherited Members
com.google.protobuf.GeneratedMessageV3.<ListT>makeMutableCopy(ListT)
Static Fields
ADMISSION_WHITELIST_PATTERNS_FIELD_NUMBER
public static final int ADMISSION_WHITELIST_PATTERNS_FIELD_NUMBER
| Field Value |
|---|
| Type | Description |
int | |
CLUSTER_ADMISSION_RULES_FIELD_NUMBER
public static final int CLUSTER_ADMISSION_RULES_FIELD_NUMBER
| Field Value |
|---|
| Type | Description |
int | |
DEFAULT_ADMISSION_RULE_FIELD_NUMBER
public static final int DEFAULT_ADMISSION_RULE_FIELD_NUMBER
| Field Value |
|---|
| Type | Description |
int | |
DESCRIPTION_FIELD_NUMBER
public static final int DESCRIPTION_FIELD_NUMBER
| Field Value |
|---|
| Type | Description |
int | |
GLOBAL_POLICY_EVALUATION_MODE_FIELD_NUMBER
public static final int GLOBAL_POLICY_EVALUATION_MODE_FIELD_NUMBER
| Field Value |
|---|
| Type | Description |
int | |
ISTIO_SERVICE_IDENTITY_ADMISSION_RULES_FIELD_NUMBER
public static final int ISTIO_SERVICE_IDENTITY_ADMISSION_RULES_FIELD_NUMBER
| Field Value |
|---|
| Type | Description |
int | |
KUBERNETES_NAMESPACE_ADMISSION_RULES_FIELD_NUMBER
public static final int KUBERNETES_NAMESPACE_ADMISSION_RULES_FIELD_NUMBER
| Field Value |
|---|
| Type | Description |
int | |
KUBERNETES_SERVICE_ACCOUNT_ADMISSION_RULES_FIELD_NUMBER
public static final int KUBERNETES_SERVICE_ACCOUNT_ADMISSION_RULES_FIELD_NUMBER
| Field Value |
|---|
| Type | Description |
int | |
NAME_FIELD_NUMBER
public static final int NAME_FIELD_NUMBER
| Field Value |
|---|
| Type | Description |
int | |
UPDATE_TIME_FIELD_NUMBER
public static final int UPDATE_TIME_FIELD_NUMBER
| Field Value |
|---|
| Type | Description |
int | |
Static Methods
getDefaultInstance()
public static Resources.Policy getDefaultInstance()
getDescriptor()
public static final Descriptors.Descriptor getDescriptor()
newBuilder()
public static Resources.Policy.Builder newBuilder()
newBuilder(Resources.Policy prototype)
public static Resources.Policy.Builder newBuilder(Resources.Policy prototype)
public static Resources.Policy parseDelimitedFrom(InputStream input)
public static Resources.Policy parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
parseFrom(byte[] data)
public static Resources.Policy parseFrom(byte[] data)
| Parameter |
|---|
| Name | Description |
data | byte[]
|
parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
public static Resources.Policy parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
parseFrom(ByteString data)
public static Resources.Policy parseFrom(ByteString data)
parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static Resources.Policy parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
public static Resources.Policy parseFrom(CodedInputStream input)
public static Resources.Policy parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
public static Resources.Policy parseFrom(InputStream input)
public static Resources.Policy parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
parseFrom(ByteBuffer data)
public static Resources.Policy parseFrom(ByteBuffer data)
parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
public static Resources.Policy parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
parser()
public static Parser<Resources.Policy> parser()
Methods
containsClusterAdmissionRules(String key)
public boolean containsClusterAdmissionRules(String key)
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
| Parameter |
|---|
| Name | Description |
key | String
|
containsIstioServiceIdentityAdmissionRules(String key)
public boolean containsIstioServiceIdentityAdmissionRules(String key)
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
| Parameter |
|---|
| Name | Description |
key | String
|
containsKubernetesNamespaceAdmissionRules(String key)
public boolean containsKubernetesNamespaceAdmissionRules(String key)
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
| Parameter |
|---|
| Name | Description |
key | String
|
containsKubernetesServiceAccountAdmissionRules(String key)
public boolean containsKubernetesServiceAccountAdmissionRules(String key)
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
| Parameter |
|---|
| Name | Description |
key | String
|
equals(Object obj)
public boolean equals(Object obj)
| Parameter |
|---|
| Name | Description |
obj | Object
|
Overrides
getAdmissionWhitelistPatterns(int index)
public Resources.AdmissionWhitelistPattern getAdmissionWhitelistPatterns(int index)
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
| Parameter |
|---|
| Name | Description |
index | int
|
getAdmissionWhitelistPatternsCount()
public int getAdmissionWhitelistPatternsCount()
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
| Returns |
|---|
| Type | Description |
int | |
getAdmissionWhitelistPatternsList()
public List<Resources.AdmissionWhitelistPattern> getAdmissionWhitelistPatternsList()
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
getAdmissionWhitelistPatternsOrBuilder(int index)
public Resources.AdmissionWhitelistPatternOrBuilder getAdmissionWhitelistPatternsOrBuilder(int index)
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
| Parameter |
|---|
| Name | Description |
index | int
|
getAdmissionWhitelistPatternsOrBuilderList()
public List<? extends Resources.AdmissionWhitelistPatternOrBuilder> getAdmissionWhitelistPatternsOrBuilderList()
Optional. Admission policy allowlisting. A matching admission request will
always be permitted. This feature is typically used to exclude Google or
third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
| Returns |
|---|
| Type | Description |
List<? extends com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPatternOrBuilder> | |
getClusterAdmissionRules()
public Map<String,Resources.AdmissionRule> getClusterAdmissionRules()
getClusterAdmissionRulesCount()
public int getClusterAdmissionRulesCount()
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
| Returns |
|---|
| Type | Description |
int | |
getClusterAdmissionRulesMap()
public Map<String,Resources.AdmissionRule> getClusterAdmissionRulesMap()
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster
