Package Classes (1.10.4)

Summary of entries of Classes for binaryauthorization.

Classes

BinauthzManagementServiceV1AsyncClient

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

  • Policy
  • Attestor

BinauthzManagementServiceV1Client

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

  • Policy
  • Attestor

ListAttestorsAsyncPager

A pager for iterating through list_attestors requests.

This class thinly wraps an initial ListAttestorsResponse object, and provides an __aiter__ method to iterate through its attestors field.

If there are more pages, the __aiter__ method will make additional ListAttestors requests and continue to iterate through the attestors field on the corresponding responses.

All the usual ListAttestorsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListAttestorsPager

A pager for iterating through list_attestors requests.

This class thinly wraps an initial ListAttestorsResponse object, and provides an __iter__ method to iterate through its attestors field.

If there are more pages, the __iter__ method will make additional ListAttestors requests and continue to iterate through the attestors field on the corresponding responses.

All the usual ListAttestorsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

SystemPolicyV1AsyncClient

API for working with the system policy.

SystemPolicyV1Client

API for working with the system policy.

ValidationHelperV1AsyncClient

BinAuthz Attestor verification

ValidationHelperV1Client

BinAuthz Attestor verification

AdmissionRule

An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied.

Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.

EnforcementMode

Defines the possible actions when a pod creation is denied by an admission rule.

EvaluationMode

AdmissionWhitelistPattern

An [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1.AdmissionRule].

Attestor

An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

AttestorPublicKey

An [attestor public key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

CreateAttestorRequest

Request message for [BinauthzManagementService.CreateAttestor][].

DeleteAttestorRequest

Request message for [BinauthzManagementService.DeleteAttestor][].

GetAttestorRequest

Request message for [BinauthzManagementService.GetAttestor][].

GetPolicyRequest

Request message for [BinauthzManagementService.GetPolicy][].

GetSystemPolicyRequest

Request to read the current system policy.

ListAttestorsRequest

Request message for [BinauthzManagementService.ListAttestors][].

ListAttestorsResponse

Response message for [BinauthzManagementService.ListAttestors][].

PkixPublicKey

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

SignatureAlgorithm

Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS.

Policy

A policy for container image binary authorization.

ClusterAdmissionRulesEntry

The abstract base class for a message.

GlobalPolicyEvaluationMode

IstioServiceIdentityAdmissionRulesEntry

The abstract base class for a message.

KubernetesNamespaceAdmissionRulesEntry

The abstract base class for a message.

KubernetesServiceAccountAdmissionRulesEntry

The abstract base class for a message.

UpdateAttestorRequest

Request message for [BinauthzManagementService.UpdateAttestor][].

UpdatePolicyRequest

Request message for [BinauthzManagementService.UpdatePolicy][].

UserOwnedGrafeasNote

An [user owned Grafeas note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a Grafeas Attestation.Authority Note created by the user.

ValidateAttestationOccurrenceRequest

Request message for ValidationHelperV1.ValidateAttestationOccurrence.

ValidateAttestationOccurrenceResponse

Response message for ValidationHelperV1.ValidateAttestationOccurrence.

Result

The enum returned in the "result" field.

BinauthzManagementServiceV1Beta1AsyncClient

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

  • Policy
  • Attestor

BinauthzManagementServiceV1Beta1Client

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

  • Policy
  • Attestor

ListAttestorsAsyncPager

A pager for iterating through list_attestors requests.

This class thinly wraps an initial ListAttestorsResponse object, and provides an __aiter__ method to iterate through its attestors field.

If there are more pages, the __aiter__ method will make additional ListAttestors requests and continue to iterate through the attestors field on the corresponding responses.

All the usual ListAttestorsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

ListAttestorsPager

A pager for iterating through list_attestors requests.

This class thinly wraps an initial ListAttestorsResponse object, and provides an __iter__ method to iterate through its attestors field.

If there are more pages, the __iter__ method will make additional ListAttestors requests and continue to iterate through the attestors field on the corresponding responses.

All the usual ListAttestorsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

SystemPolicyV1Beta1AsyncClient

API for working with the system policy.

SystemPolicyV1Beta1Client

API for working with the system policy.

AdmissionRule

An [admission rule][google.cloud.binaryauthorization.v1beta1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied.

Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.

EnforcementMode

Defines the possible actions when a pod creation is denied by an admission rule.

EvaluationMode

AdmissionWhitelistPattern

An [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1beta1.AdmissionRule].

Attestor

An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

AttestorPublicKey

An [attestor public key][google.cloud.binaryauthorization.v1beta1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

ContinuousValidationEvent

Represents an auditing event from Continuous Validation.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

ConfigErrorEvent

An event describing a user-actionable configuration issue that prevents CV from auditing.

ContinuousValidationPodEvent

An auditing event for one Pod.

ImageDetails

Container image with auditing details.

AuditResult

Result of the audit.

CheckResult

CheckSetScope

A scope specifier for check sets.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

CheckVerdict

Result of evaluating one check.

ContainerType

The container type.

PolicyConformanceVerdict

Audit time policy conformance verdict.

CreateAttestorRequest

Request message for [BinauthzManagementService.CreateAttestor][].

DeleteAttestorRequest

Request message for [BinauthzManagementService.DeleteAttestor][].

GetAttestorRequest

Request message for [BinauthzManagementService.GetAttestor][].

GetPolicyRequest

Request message for [BinauthzManagementService.GetPolicy][].

GetSystemPolicyRequest

Request to read the current system policy.

ListAttestorsRequest

Request message for [BinauthzManagementService.ListAttestors][].

ListAttestorsResponse

Response message for [BinauthzManagementService.ListAttestors][].

PkixPublicKey

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

SignatureAlgorithm

Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS.

Policy

A policy for Binary Authorization.

ClusterAdmissionRulesEntry

The abstract base class for a message.

GlobalPolicyEvaluationMode

IstioServiceIdentityAdmissionRulesEntry

The abstract base class for a message.

KubernetesNamespaceAdmissionRulesEntry

The abstract base class for a message.

KubernetesServiceAccountAdmissionRulesEntry

The abstract base class for a message.

UpdateAttestorRequest

Request message for [BinauthzManagementService.UpdateAttestor][].

UpdatePolicyRequest

Request message for [BinauthzManagementService.UpdatePolicy][].

UserOwnedDrydockNote

An [user owned drydock note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote] references a Drydock ATTESTATION_AUTHORITY Note created by the user.

Modules

pagers

API documentation for binaryauthorization_v1.services.binauthz_management_service_v1.pagers module.

pagers

API documentation for binaryauthorization_v1beta1.services.binauthz_management_service_v1_beta1.pagers module.