A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image. There is at most one policy per project. All image admission requests are permitted if a project has no policy.
Gets the policy for this project. Returns a default policy if the project does not have one.
HTTP request
GET https://binaryauthorization.googleapis.com/v1alpha2/{name=projects/*/policy}
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-05-30 UTC."],[[["\u003cp\u003eThis webpage details how to retrieve a project's policy, which dictates the attestors required for container image deployment.\u003c/p\u003e\n"],["\u003cp\u003eThe request to get a project's policy is a GET request to a specific URL, structured with gRPC Transcoding syntax.\u003c/p\u003e\n"],["\u003cp\u003eThe request requires a path parameter, \u003ccode\u003ename\u003c/code\u003e, which represents the policy's resource name in the format \u003ccode\u003eprojects/*/policy\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThe request body must be empty, and a successful response returns a \u003ccode\u003ePolicy\u003c/code\u003e instance.\u003c/p\u003e\n"],["\u003cp\u003eAuthorization requires the \u003ccode\u003ebinaryauthorization.policy.get\u003c/code\u003e IAM permission on the specified resource name and the \u003ccode\u003ehttps://www.googleapis.com/auth/cloud-platform\u003c/code\u003e OAuth scope.\u003c/p\u003e\n"]]],[],null,["# Method: projects.getPolicy\n\n- [HTTP request](#body.HTTP_TEMPLATE)\n- [Path parameters](#body.PATH_PARAMETERS)\n- [Request body](#body.request_body)\n- [Response body](#body.response_body)\n- [Authorization scopes](#body.aspect)\n\nA [policy](/binary-authorization/docs/reference/rest/Shared.Types/Policy) specifies the [attestors](/binary-authorization/docs/reference/rest/Shared.Types/Attestor) that must attest to a container image, before the project is allowed to deploy that image. There is at most one policy per project. All image admission requests are permitted if a project has no policy.\n\nGets the [policy](/binary-authorization/docs/reference/rest/Shared.Types/Policy) for this project. Returns a default [policy](/binary-authorization/docs/reference/rest/Shared.Types/Policy) if the project does not have one.\n\n### HTTP request\n\n`GET https://binaryauthorization.googleapis.com/v1alpha2/{name=projects/*/policy}`\n\nThe URL uses [gRPC Transcoding](https://google.aip.dev/127) syntax.\n\n### Path parameters\n\n### Request body\n\nThe request body must be empty.\n\n### Response body\n\nIf successful, the response body contains an instance of [Policy](/binary-authorization/docs/reference/rest/Shared.Types/Policy).\n\n### Authorization scopes\n\nRequires the following OAuth scope:\n\n- `https://www.googleapis.com/auth/cloud-platform`\n\nFor more information, see the [Authentication Overview](https://cloud.google.com/docs/authentication/)."]]
