Package Classes (1.11.0)

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

• Policy
• Attestor

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

• Policy
• Attestor

A pager for iterating through list_attestors requests.

This class thinly wraps an initial ListAttestorsResponse object, and provides an __aiter__ method to iterate through its attestors field.

If there are more pages, the __aiter__ method will make additional ListAttestors requests and continue to iterate through the attestors field on the corresponding responses.

All the usual ListAttestorsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_attestors requests.

This class thinly wraps an initial ListAttestorsResponse object, and provides an __iter__ method to iterate through its attestors field.

If there are more pages, the __iter__ method will make additional ListAttestors requests and continue to iterate through the attestors field on the corresponding responses.

All the usual ListAttestorsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

API for working with the system policy.

API for working with the system policy.

BinAuthz Attestor verification

BinAuthz Attestor verification

An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied.

Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.

Defines the possible actions when a pod creation is denied by an admission rule.

An [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1.AdmissionRule].

An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

An [attestor public key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Request message for [BinauthzManagementService.CreateAttestor][].

Request message for [BinauthzManagementService.DeleteAttestor][].

Request message for [BinauthzManagementService.GetAttestor][].

Request message for [BinauthzManagementService.GetPolicy][].

Request to read the current system policy.

Request message for [BinauthzManagementService.ListAttestors][].

Response message for [BinauthzManagementService.ListAttestors][].

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS.

A policy for container image binary authorization.

The abstract base class for a message.

The abstract base class for a message.

The abstract base class for a message.

The abstract base class for a message.

Request message for [BinauthzManagementService.UpdateAttestor][].

Request message for [BinauthzManagementService.UpdatePolicy][].

An [user owned Grafeas note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a Grafeas Attestation.Authority Note created by the user.

Request message for ValidationHelperV1.ValidateAttestationOccurrence.

Response message for ValidationHelperV1.ValidateAttestationOccurrence.

The enum returned in the "result" field.

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

• Policy
• Attestor

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

• Policy
• Attestor

A pager for iterating through list_attestors requests.

This class thinly wraps an initial ListAttestorsResponse object, and provides an __aiter__ method to iterate through its attestors field.

If there are more pages, the __aiter__ method will make additional ListAttestors requests and continue to iterate through the attestors field on the corresponding responses.

All the usual ListAttestorsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

A pager for iterating through list_attestors requests.

This class thinly wraps an initial ListAttestorsResponse object, and provides an __iter__ method to iterate through its attestors field.

If there are more pages, the __iter__ method will make additional ListAttestors requests and continue to iterate through the attestors field on the corresponding responses.

All the usual ListAttestorsResponse attributes are available on the pager. If multiple requests are made, only the most recent response is retained, and thus used for attribute lookup.

API for working with the system policy.

API for working with the system policy.

An [admission rule][google.cloud.binaryauthorization.v1beta1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied.

Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.

Defines the possible actions when a pod creation is denied by an admission rule.

An [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1beta1.AdmissionRule].

An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

An [attestor public key][google.cloud.binaryauthorization.v1beta1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Represents an auditing event from Continuous Validation.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

An event describing a user-actionable configuration issue that prevents CV from auditing.

An auditing event for one Pod.

Container image with auditing details.

Result of the audit.

A scope specifier for check sets.

This message has oneof_ fields (mutually exclusive fields). For each oneof, at most one member field can be set at the same time. Setting any member of the oneof automatically clears all other members.

.. _oneof: https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Result of evaluating one check.

The container type.

Audit time policy conformance verdict.

Request message for [BinauthzManagementService.CreateAttestor][].

Request message for [BinauthzManagementService.DeleteAttestor][].

Request message for [BinauthzManagementService.GetAttestor][].

Request message for [BinauthzManagementService.GetPolicy][].

Request to read the current system policy.

Request message for [BinauthzManagementService.ListAttestors][].

Response message for [BinauthzManagementService.ListAttestors][].

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS.

A policy for Binary Authorization.

The abstract base class for a message.

The abstract base class for a message.

The abstract base class for a message.

The abstract base class for a message.

Request message for [BinauthzManagementService.UpdateAttestor][].

Request message for [BinauthzManagementService.UpdatePolicy][].

An [user owned drydock note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote] references a Drydock ATTESTATION_AUTHORITY Note created by the user.

API documentation for binaryauthorization_v1.services.binauthz_management_service_v1.pagers module.

API documentation for binaryauthorization_v1beta1.services.binauthz_management_service_v1_beta1.pagers module.