Google Cloud Binary Authorization V1 Client - Class BinauthzManagementServiceV1Client (1.0.1)

Reference documentation and code samples for the Google Cloud Binary Authorization V1 Client class BinauthzManagementServiceV1Client.

Service Description: Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

This class provides the ability to make remote calls to the backing service through method calls that map to API methods.

Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.

Namespace

Google \ Cloud \ BinaryAuthorization \ V1 \ Client

Methods

__construct

Constructor.

Parameters
Name	Description
`options`	`array` Optional. Options for configuring the service API wrapper.
`↳ apiEndpoint`	`string` The address of the API remote host. May optionally include the port, formatted as "
`↳ credentials`	`string\|array\|FetchAuthTokenInterface\|CredentialsWrapper` The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored.
`↳ credentialsConfig`	`array` Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() .
`↳ disableRetries`	`bool` Determines whether or not retries defined by the client configuration should be disabled. Defaults to `false`.
`↳ clientConfig`	`string\|array` Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder.
`↳ transport`	`string\|TransportInterface` The transport used for executing network requests. May be either the string `rest` or `grpc`. Defaults to `grpc` if gRPC support is detected on the system. Advanced usage: Additionally, it is possible to pass in an already instantiated Google\ApiCore\Transport\TransportInterface object. Note that when this object is provided, any settings in $transportConfig, and any $apiEndpoint setting, will be ignored.
`↳ transportConfig`	`array` Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options.
`↳ clientCertSource`	`callable` A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS.

createAttestor

Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the attestor already exists.

The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::createAttestorAsync() .

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\CreateAttestorRequest` A request to house fields associated with the call.
`callOptions`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\BinaryAuthorization\V1\Attestor`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1\Attestor;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\CreateAttestorRequest;

/**
 * @param string $formattedParent The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor]. Please see
 *                                {@see BinauthzManagementServiceV1Client::projectName()} for help formatting this field.
 * @param string $attestorId      The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
 * @param string $attestorName    The resource name, in the format:
 *                                `projects/&#42;/attestors/*`. This field may not be updated.
 */
function create_attestor_sample(
    string $formattedParent,
    string $attestorId,
    string $attestorName
): void {
    // Create a client.
    $binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();

    // Prepare the request message.
    $attestor = (new Attestor())
        ->setName($attestorName);
    $request = (new CreateAttestorRequest())
        ->setParent($formattedParent)
        ->setAttestorId($attestorId)
        ->setAttestor($attestor);

    // Call the API and handle any network failures.
    try {
        /** @var Attestor $response */
        $response = $binauthzManagementServiceV1Client->createAttestor($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = BinauthzManagementServiceV1Client::projectName('[PROJECT]');
    $attestorId = '[ATTESTOR_ID]';
    $attestorName = '[NAME]';

    create_attestor_sample($formattedParent, $attestorId, $attestorName);
}

deleteAttestor

Deletes an attestor. Returns NOT_FOUND if the attestor does not exist.

The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::deleteAttestorAsync() .

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\DeleteAttestorRequest` A request to house fields associated with the call.
`callOptions`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Example

use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\DeleteAttestorRequest;

/**
 * @param string $formattedName The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
 *                              `projects/&#42;/attestors/*`. Please see
 *                              {@see BinauthzManagementServiceV1Client::attestorName()} for help formatting this field.
 */
function delete_attestor_sample(string $formattedName): void
{
    // Create a client.
    $binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();

    // Prepare the request message.
    $request = (new DeleteAttestorRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        $binauthzManagementServiceV1Client->deleteAttestor($request);
        printf('Call completed successfully.' . PHP_EOL);
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = BinauthzManagementServiceV1Client::attestorName('[PROJECT]', '[ATTESTOR]');

    delete_attestor_sample($formattedName);
}

getAttestor

Gets an attestor.

Returns NOT_FOUND if the attestor does not exist.

The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::getAttestorAsync() .

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\GetAttestorRequest` A request to house fields associated with the call.
`callOptions`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\BinaryAuthorization\V1\Attestor`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1\Attestor;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\GetAttestorRequest;

/**
 * @param string $formattedName The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
 *                              `projects/&#42;/attestors/*`. Please see
 *                              {@see BinauthzManagementServiceV1Client::attestorName()} for help formatting this field.
 */
function get_attestor_sample(string $formattedName): void
{
    // Create a client.
    $binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();

    // Prepare the request message.
    $request = (new GetAttestorRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        /** @var Attestor $response */
        $response = $binauthzManagementServiceV1Client->getAttestor($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = BinauthzManagementServiceV1Client::attestorName('[PROJECT]', '[ATTESTOR]');

    get_attestor_sample($formattedName);
}

getPolicy

A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image. There is at most one policy per project. All image admission requests are permitted if a project has no policy.

Gets the policy for this project. Returns a default policy if the project does not have one.

The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::getPolicyAsync() .

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\GetPolicyRequest` A request to house fields associated with the call.
`callOptions`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\BinaryAuthorization\V1\Policy`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\GetPolicyRequest;
use Google\Cloud\BinaryAuthorization\V1\Policy;

/**
 * @param string $formattedName The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
 *                              in the format `projects/&#42;/policy`. Please see
 *                              {@see BinauthzManagementServiceV1Client::policyName()} for help formatting this field.
 */
function get_policy_sample(string $formattedName): void
{
    // Create a client.
    $binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();

    // Prepare the request message.
    $request = (new GetPolicyRequest())
        ->setName($formattedName);

    // Call the API and handle any network failures.
    try {
        /** @var Policy $response */
        $response = $binauthzManagementServiceV1Client->getPolicy($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedName = BinauthzManagementServiceV1Client::policyName('[PROJECT]');

    get_policy_sample($formattedName);
}

listAttestors

Lists attestors.

Returns INVALID_ARGUMENT if the project does not exist.

The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::listAttestorsAsync() .

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\ListAttestorsRequest` A request to house fields associated with the call.
`callOptions`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\ApiCore\PagedListResponse`

Example

use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\BinaryAuthorization\V1\Attestor;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\ListAttestorsRequest;

/**
 * @param string $formattedParent The resource name of the project associated with the
 *                                [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/*`. Please see
 *                                {@see BinauthzManagementServiceV1Client::projectName()} for help formatting this field.
 */
function list_attestors_sample(string $formattedParent): void
{
    // Create a client.
    $binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();

    // Prepare the request message.
    $request = (new ListAttestorsRequest())
        ->setParent($formattedParent);

    // Call the API and handle any network failures.
    try {
        /** @var PagedListResponse $response */
        $response = $binauthzManagementServiceV1Client->listAttestors($request);

        /** @var Attestor $element */
        foreach ($response as $element) {
            printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
        }
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $formattedParent = BinauthzManagementServiceV1Client::projectName('[PROJECT]');

    list_attestors_sample($formattedParent);
}

updateAttestor

Updates an attestor.

Returns NOT_FOUND if the attestor does not exist.

The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::updateAttestorAsync() .

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\UpdateAttestorRequest` A request to house fields associated with the call.
`callOptions`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\BinaryAuthorization\V1\Attestor`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1\Attestor;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\UpdateAttestorRequest;

/**
 * @param string $attestorName The resource name, in the format:
 *                             `projects/&#42;/attestors/*`. This field may not be updated.
 */
function update_attestor_sample(string $attestorName): void
{
    // Create a client.
    $binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();

    // Prepare the request message.
    $attestor = (new Attestor())
        ->setName($attestorName);
    $request = (new UpdateAttestorRequest())
        ->setAttestor($attestor);

    // Call the API and handle any network failures.
    try {
        /** @var Attestor $response */
        $response = $binauthzManagementServiceV1Client->updateAttestor($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $attestorName = '[NAME]';

    update_attestor_sample($attestorName);
}

updatePolicy

Creates or updates a project's policy, and returns a copy of the new policy. A policy is always updated as a whole, to avoid race conditions with concurrent policy enforcement (or management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed.

The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::updatePolicyAsync() .

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\UpdatePolicyRequest` A request to house fields associated with the call.
`callOptions`	`array` Optional.
`↳ retrySettings`	`RetrySettings\|array` Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage.

Returns
Type	Description
`Google\Cloud\BinaryAuthorization\V1\Policy`

Example

use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1\AdmissionRule;
use Google\Cloud\BinaryAuthorization\V1\AdmissionRule\EnforcementMode;
use Google\Cloud\BinaryAuthorization\V1\AdmissionRule\EvaluationMode;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\Policy;
use Google\Cloud\BinaryAuthorization\V1\UpdatePolicyRequest;

/**
 * @param int $policyDefaultAdmissionRuleEvaluationMode  How this admission rule will be evaluated.
 * @param int $policyDefaultAdmissionRuleEnforcementMode The action when a pod creation is denied by the admission rule.
 */
function update_policy_sample(
    int $policyDefaultAdmissionRuleEvaluationMode,
    int $policyDefaultAdmissionRuleEnforcementMode
): void {
    // Create a client.
    $binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();

    // Prepare the request message.
    $policyDefaultAdmissionRule = (new AdmissionRule())
        ->setEvaluationMode($policyDefaultAdmissionRuleEvaluationMode)
        ->setEnforcementMode($policyDefaultAdmissionRuleEnforcementMode);
    $policy = (new Policy())
        ->setDefaultAdmissionRule($policyDefaultAdmissionRule);
    $request = (new UpdatePolicyRequest())
        ->setPolicy($policy);

    // Call the API and handle any network failures.
    try {
        /** @var Policy $response */
        $response = $binauthzManagementServiceV1Client->updatePolicy($request);
        printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
    } catch (ApiException $ex) {
        printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
    }
}

/**
 * Helper to execute the sample.
 *
 * This sample has been automatically generated and should be regarded as a code
 * template only. It will require modifications to work:
 *  - It may require correct/in-range values for request initialization.
 *  - It may require specifying regional endpoints when creating the service client,
 *    please see the apiEndpoint client configuration option for more details.
 */
function callSample(): void
{
    $policyDefaultAdmissionRuleEvaluationMode = EvaluationMode::EVALUATION_MODE_UNSPECIFIED;
    $policyDefaultAdmissionRuleEnforcementMode = EnforcementMode::ENFORCEMENT_MODE_UNSPECIFIED;

    update_policy_sample(
        $policyDefaultAdmissionRuleEvaluationMode,
        $policyDefaultAdmissionRuleEnforcementMode
    );
}

createAttestorAsync

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\CreateAttestorRequest`
`optionalArgs = []`	`array`

Returns
Type	Description
`GuzzleHttp\Promise\PromiseInterface`

deleteAttestorAsync

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\DeleteAttestorRequest`
`optionalArgs = []`	`array`

Returns
Type	Description
`GuzzleHttp\Promise\PromiseInterface`

getAttestorAsync

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\GetAttestorRequest`
`optionalArgs = []`	`array`

Returns
Type	Description
`GuzzleHttp\Promise\PromiseInterface`

getPolicyAsync

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\GetPolicyRequest`
`optionalArgs = []`	`array`

Returns
Type	Description
`GuzzleHttp\Promise\PromiseInterface`

listAttestorsAsync

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\ListAttestorsRequest`
`optionalArgs = []`	`array`

Returns
Type	Description
`GuzzleHttp\Promise\PromiseInterface`

updateAttestorAsync

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\UpdateAttestorRequest`
`optionalArgs = []`	`array`

Returns
Type	Description
`GuzzleHttp\Promise\PromiseInterface`

updatePolicyAsync

Parameters
Name	Description
`request`	`Google\Cloud\BinaryAuthorization\V1\UpdatePolicyRequest`
`optionalArgs = []`	`array`

Returns
Type	Description
`GuzzleHttp\Promise\PromiseInterface`

static::attestorName

Formats a string containing the fully-qualified path to represent a attestor resource.

Parameters
Name	Description
`project`	`string`
`attestor`	`string`

Returns
Type	Description
`string`	The formatted attestor resource.

static::locationPolicyName

Formats a string containing the fully-qualified path to represent a location_policy resource.

Parameter
Name	Description
`location`	`string`

Returns
Type	Description
`string`	The formatted location_policy resource.

static::policyName

Formats a string containing the fully-qualified path to represent a policy resource.

Parameter
Name	Description
`project`	`string`

Returns
Type	Description
`string`	The formatted policy resource.

static::projectName

Formats a string containing the fully-qualified path to represent a project resource.

Parameter
Name	Description
`project`	`string`

Returns
Type	Description
`string`	The formatted project resource.

static::projectPolicyName

Formats a string containing the fully-qualified path to represent a project_policy resource.

Parameter
Name	Description
`project`	`string`

Returns
Type	Description
`string`	The formatted project_policy resource.

static::parseName

Parses a formatted name string and returns an associative array of the components in the name.

The following name formats are supported: Template: Pattern

attestor: projects/{project}/attestors/{attestor}
locationPolicy: locations/{location}/policy
policy: projects/{project}/policy
project: projects/{project}
projectPolicy: projects/{project}/policy

The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.

Parameters
Name	Description
`formattedName`	`string` The formatted name string
`template`	`string` Optional name of template to match

Returns
Type	Description
`array`	An associative array from name component IDs to component values.