Class Resources.Policy (1.23.0)

public static final class Resources.Policy extends GeneratedMessageV3 implements Resources.PolicyOrBuilder

A policy for container image binary authorization.

Protobuf type google.cloud.binaryauthorization.v1.Policy

Static Fields

ADMISSION_WHITELIST_PATTERNS_FIELD_NUMBER

public static final int ADMISSION_WHITELIST_PATTERNS_FIELD_NUMBER
Field Value
TypeDescription
int

CLUSTER_ADMISSION_RULES_FIELD_NUMBER

public static final int CLUSTER_ADMISSION_RULES_FIELD_NUMBER
Field Value
TypeDescription
int

DEFAULT_ADMISSION_RULE_FIELD_NUMBER

public static final int DEFAULT_ADMISSION_RULE_FIELD_NUMBER
Field Value
TypeDescription
int

DESCRIPTION_FIELD_NUMBER

public static final int DESCRIPTION_FIELD_NUMBER
Field Value
TypeDescription
int

GLOBAL_POLICY_EVALUATION_MODE_FIELD_NUMBER

public static final int GLOBAL_POLICY_EVALUATION_MODE_FIELD_NUMBER
Field Value
TypeDescription
int

ISTIO_SERVICE_IDENTITY_ADMISSION_RULES_FIELD_NUMBER

public static final int ISTIO_SERVICE_IDENTITY_ADMISSION_RULES_FIELD_NUMBER
Field Value
TypeDescription
int

KUBERNETES_NAMESPACE_ADMISSION_RULES_FIELD_NUMBER

public static final int KUBERNETES_NAMESPACE_ADMISSION_RULES_FIELD_NUMBER
Field Value
TypeDescription
int

KUBERNETES_SERVICE_ACCOUNT_ADMISSION_RULES_FIELD_NUMBER

public static final int KUBERNETES_SERVICE_ACCOUNT_ADMISSION_RULES_FIELD_NUMBER
Field Value
TypeDescription
int

NAME_FIELD_NUMBER

public static final int NAME_FIELD_NUMBER
Field Value
TypeDescription
int

UPDATE_TIME_FIELD_NUMBER

public static final int UPDATE_TIME_FIELD_NUMBER
Field Value
TypeDescription
int

Static Methods

getDefaultInstance()

public static Resources.Policy getDefaultInstance()
Returns
TypeDescription
Resources.Policy

getDescriptor()

public static final Descriptors.Descriptor getDescriptor()
Returns
TypeDescription
Descriptor

newBuilder()

public static Resources.Policy.Builder newBuilder()
Returns
TypeDescription
Resources.Policy.Builder

newBuilder(Resources.Policy prototype)

public static Resources.Policy.Builder newBuilder(Resources.Policy prototype)
Parameter
NameDescription
prototypeResources.Policy
Returns
TypeDescription
Resources.Policy.Builder

parseDelimitedFrom(InputStream input)

public static Resources.Policy parseDelimitedFrom(InputStream input)
Parameter
NameDescription
inputInputStream
Returns
TypeDescription
Resources.Policy
Exceptions
TypeDescription
IOException

parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static Resources.Policy parseDelimitedFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
Resources.Policy
Exceptions
TypeDescription
IOException

parseFrom(byte[] data)

public static Resources.Policy parseFrom(byte[] data)
Parameter
NameDescription
databyte[]
Returns
TypeDescription
Resources.Policy
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)

public static Resources.Policy parseFrom(byte[] data, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
databyte[]
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
Resources.Policy
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(ByteString data)

public static Resources.Policy parseFrom(ByteString data)
Parameter
NameDescription
dataByteString
Returns
TypeDescription
Resources.Policy
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)

public static Resources.Policy parseFrom(ByteString data, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
dataByteString
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
Resources.Policy
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(CodedInputStream input)

public static Resources.Policy parseFrom(CodedInputStream input)
Parameter
NameDescription
inputCodedInputStream
Returns
TypeDescription
Resources.Policy
Exceptions
TypeDescription
IOException

parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

public static Resources.Policy parseFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputCodedInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
Resources.Policy
Exceptions
TypeDescription
IOException

parseFrom(InputStream input)

public static Resources.Policy parseFrom(InputStream input)
Parameter
NameDescription
inputInputStream
Returns
TypeDescription
Resources.Policy
Exceptions
TypeDescription
IOException

parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)

public static Resources.Policy parseFrom(InputStream input, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
inputInputStream
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
Resources.Policy
Exceptions
TypeDescription
IOException

parseFrom(ByteBuffer data)

public static Resources.Policy parseFrom(ByteBuffer data)
Parameter
NameDescription
dataByteBuffer
Returns
TypeDescription
Resources.Policy
Exceptions
TypeDescription
InvalidProtocolBufferException

parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)

public static Resources.Policy parseFrom(ByteBuffer data, ExtensionRegistryLite extensionRegistry)
Parameters
NameDescription
dataByteBuffer
extensionRegistryExtensionRegistryLite
Returns
TypeDescription
Resources.Policy
Exceptions
TypeDescription
InvalidProtocolBufferException

parser()

public static Parser<Resources.Policy> parser()
Returns
TypeDescription
Parser<Policy>

Methods

containsClusterAdmissionRules(String key)

public boolean containsClusterAdmissionRules(String key)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

containsIstioServiceIdentityAdmissionRules(String key)

public boolean containsIstioServiceIdentityAdmissionRules(String key)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

containsKubernetesNamespaceAdmissionRules(String key)

public boolean containsKubernetesNamespaceAdmissionRules(String key)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace'

map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

containsKubernetesServiceAccountAdmissionRules(String key)

public boolean containsKubernetesServiceAccountAdmissionRules(String key)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. 'test-ns:default'

map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
keyString
Returns
TypeDescription
boolean

equals(Object obj)

public boolean equals(Object obj)
Parameter
NameDescription
objObject
Returns
TypeDescription
boolean
Overrides

getAdmissionWhitelistPatterns(int index)

public Resources.AdmissionWhitelistPattern getAdmissionWhitelistPatterns(int index)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
indexint
Returns
TypeDescription
Resources.AdmissionWhitelistPattern

getAdmissionWhitelistPatternsCount()

public int getAdmissionWhitelistPatternsCount()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getAdmissionWhitelistPatternsList()

public List<Resources.AdmissionWhitelistPattern> getAdmissionWhitelistPatternsList()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
List<AdmissionWhitelistPattern>

getAdmissionWhitelistPatternsOrBuilder(int index)

public Resources.AdmissionWhitelistPatternOrBuilder getAdmissionWhitelistPatternsOrBuilder(int index)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Parameter
NameDescription
indexint
Returns
TypeDescription
Resources.AdmissionWhitelistPatternOrBuilder

getAdmissionWhitelistPatternsOrBuilderList()

public List<? extends Resources.AdmissionWhitelistPatternOrBuilder> getAdmissionWhitelistPatternsOrBuilderList()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
List<? extends com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPatternOrBuilder>

getClusterAdmissionRules()

public Map<String,Resources.AdmissionRule> getClusterAdmissionRules()
Returns
TypeDescription
Map<String,AdmissionRule>

getClusterAdmissionRulesCount()

public int getClusterAdmissionRulesCount()

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

Returns
TypeDescription
int

getClusterAdmissionRulesMap()

public Map<String,Resources.AdmissionRule> getClusterAdmissionRulesMap()

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster