Binary Authorization V1beta1 API - Class Google::Cloud::BinaryAuthorization::V1beta1::Policy (v0.13.1)

Reference documentation and code samples for the Binary Authorization V1beta1 API class Google::Cloud::BinaryAuthorization::V1beta1::Policy.

A policy for Binary Authorization.

Inherits

  • Object

Extended By

  • Google::Protobuf::MessageExts::ClassMethods

Includes

  • Google::Protobuf::MessageExts

Methods

#admission_whitelist_patterns

def admission_whitelist_patterns() -> ::Array<::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern>
Returns

#admission_whitelist_patterns=

def admission_whitelist_patterns=(value) -> ::Array<::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionWhitelistPattern>
Parameter
Returns

#cluster_admission_rules

def cluster_admission_rules() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}) — Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

#cluster_admission_rules=

def cluster_admission_rules=(value) -> ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}
Parameter
  • value (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}) — Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}) — Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

#default_admission_rule

def default_admission_rule() -> ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule
Returns

#default_admission_rule=

def default_admission_rule=(value) -> ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule
Parameter
Returns

#description

def description() -> ::String
Returns
  • (::String) — Optional. A descriptive comment.

#description=

def description=(value) -> ::String
Parameter
  • value (::String) — Optional. A descriptive comment.
Returns
  • (::String) — Optional. A descriptive comment.

#global_policy_evaluation_mode

def global_policy_evaluation_mode() -> ::Google::Cloud::BinaryAuthorization::V1beta1::Policy::GlobalPolicyEvaluationMode
Returns

#global_policy_evaluation_mode=

def global_policy_evaluation_mode=(value) -> ::Google::Cloud::BinaryAuthorization::V1beta1::Policy::GlobalPolicyEvaluationMode
Parameter
Returns

#istio_service_identity_admission_rules

def istio_service_identity_admission_rules() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}) — Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

#istio_service_identity_admission_rules=

def istio_service_identity_admission_rules=(value) -> ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}
Parameter
  • value (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}) — Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}) — Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

#kubernetes_namespace_admission_rules

def kubernetes_namespace_admission_rules() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}) — Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

#kubernetes_namespace_admission_rules=

def kubernetes_namespace_admission_rules=(value) -> ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}
Parameter
  • value (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}) — Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}) — Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

#kubernetes_service_account_admission_rules

def kubernetes_service_account_admission_rules() -> ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}) — Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

#kubernetes_service_account_admission_rules=

def kubernetes_service_account_admission_rules=(value) -> ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}
Parameter
  • value (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}) — Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default
Returns
  • (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1beta1::AdmissionRule}) — Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

#name

def name() -> ::String
Returns
  • (::String) — Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

#update_time

def update_time() -> ::Google::Protobuf::Timestamp
Returns