Binary Authorization v1 API - Class AdmissionRule (2.2.0)

public sealed class AdmissionRule : IMessage<AdmissionRule>, IEquatable<AdmissionRule>, IDeepCloneable<AdmissionRule>, IBufferMessage, IMessage

Reference documentation and code samples for the Binary Authorization v1 API class AdmissionRule.

An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied.

Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.

Inheritance

object > AdmissionRule

Namespace

Google.Cloud.BinaryAuthorization.V1

Assembly

Google.Cloud.BinaryAuthorization.V1.dll

Constructors

AdmissionRule()

public AdmissionRule()

AdmissionRule(AdmissionRule)

public AdmissionRule(AdmissionRule other)
Parameter
NameDescription
otherAdmissionRule

Properties

EnforcementMode

public AdmissionRule.Types.EnforcementMode EnforcementMode { get; set; }

Required. The action when a pod creation is denied by the admission rule.

Property Value
TypeDescription
AdmissionRuleTypesEnforcementMode

EvaluationMode

public AdmissionRule.Types.EvaluationMode EvaluationMode { get; set; }

Required. How this admission rule will be evaluated.

Property Value
TypeDescription
AdmissionRuleTypesEvaluationMode

RequireAttestationsBy

public RepeatedField<string> RequireAttestationsBy { get; }

Optional. The resource names of the attestors that must attest to a container image, in the format projects/*/attestors/*. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource.

Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.

Property Value
TypeDescription
RepeatedFieldstring