Binary Authorization v1beta1 API - Namespace Google.Cloud.BinaryAuthorization.V1Beta1 (2.0.0-beta07)

Classes

AdmissionRule

An [admission rule][google.cloud.binaryauthorization.v1beta1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied.

Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.

AdmissionRule.Types

Container for nested types declared in the AdmissionRule message type.

AdmissionWhitelistPattern

An [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1beta1.AdmissionRule].

Attestor

An [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

AttestorName

Resource name for the Attestor resource.

AttestorPublicKey

An [attestor public key][google.cloud.binaryauthorization.v1beta1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.

BinauthzManagementServiceV1Beta1

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

  • [Policy][google.cloud.binaryauthorization.v1beta1.Policy]
  • [Attestor][google.cloud.binaryauthorization.v1beta1.Attestor]

BinauthzManagementServiceV1Beta1.BinauthzManagementServiceV1Beta1Base

Base class for server-side implementations of BinauthzManagementServiceV1Beta1

BinauthzManagementServiceV1Beta1.BinauthzManagementServiceV1Beta1Client

Client for BinauthzManagementServiceV1Beta1

BinauthzManagementServiceV1Beta1Client

BinauthzManagementServiceV1Beta1 client wrapper, for convenient use.

BinauthzManagementServiceV1Beta1ClientBuilder

Builder class for BinauthzManagementServiceV1Beta1Client to provide simple configuration of credentials, endpoint etc.

BinauthzManagementServiceV1Beta1ClientImpl

BinauthzManagementServiceV1Beta1 client wrapper implementation, for convenient use.

BinauthzManagementServiceV1Beta1Settings

Settings for BinauthzManagementServiceV1Beta1Client instances.

ContinuousValidationEvent

Represents an auditing event from Continuous Validation.

ContinuousValidationEvent.Types

Container for nested types declared in the ContinuousValidationEvent message type.

ContinuousValidationEvent.Types.ConfigErrorEvent

An event describing a user-actionable configuration issue that prevents CV from auditing.

ContinuousValidationEvent.Types.ContinuousValidationPodEvent

An auditing event for one Pod.

ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types

Container for nested types declared in the ContinuousValidationPodEvent message type.

ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails

Container image with auditing details.

ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types

Container for nested types declared in the ImageDetails message type.

ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.CheckResult

ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.CheckResult.Types

Container for nested types declared in the CheckResult message type.

ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.CheckResult.Types.CheckSetScope

A scope specifier for check sets.

CreateAttestorRequest

Request message for [BinauthzManagementService.CreateAttestor][].

DeleteAttestorRequest

Request message for [BinauthzManagementService.DeleteAttestor][].

GetAttestorRequest

Request message for [BinauthzManagementService.GetAttestor][].

GetPolicyRequest

Request message for [BinauthzManagementService.GetPolicy][].

GetSystemPolicyRequest

Request to read the current system policy.

ListAttestorsRequest

Request message for [BinauthzManagementService.ListAttestors][].

ListAttestorsResponse

Response message for [BinauthzManagementService.ListAttestors][].

PkixPublicKey

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

PkixPublicKey.Types

Container for nested types declared in the PkixPublicKey message type.

Policy

A [policy][google.cloud.binaryauthorization.v1beta1.Policy] for Binary Authorization.

Policy.Types

Container for nested types declared in the Policy message type.

PolicyName

Resource name for the Policy resource.

SystemPolicyV1Beta1

API for working with the system policy.

SystemPolicyV1Beta1.SystemPolicyV1Beta1Base

Base class for server-side implementations of SystemPolicyV1Beta1

SystemPolicyV1Beta1.SystemPolicyV1Beta1Client

Client for SystemPolicyV1Beta1

SystemPolicyV1Beta1Client

SystemPolicyV1Beta1 client wrapper, for convenient use.

SystemPolicyV1Beta1ClientBuilder

Builder class for SystemPolicyV1Beta1Client to provide simple configuration of credentials, endpoint etc.

SystemPolicyV1Beta1ClientImpl

SystemPolicyV1Beta1 client wrapper implementation, for convenient use.

SystemPolicyV1Beta1Settings

Settings for SystemPolicyV1Beta1Client instances.

UpdateAttestorRequest

Request message for [BinauthzManagementService.UpdateAttestor][].

UpdatePolicyRequest

Request message for [BinauthzManagementService.UpdatePolicy][].

UserOwnedDrydockNote

An [user owned drydock note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote] references a Drydock ATTESTATION_AUTHORITY Note created by the user.

Enums

AdmissionRule.Types.EnforcementMode

Defines the possible actions when a pod creation is denied by an admission rule.

AdmissionRule.Types.EvaluationMode

Attestor.AttestorTypeOneofCase

Enum of possible cases for the "attestor_type" oneof.

AttestorName.ResourceNameType

The possible contents of AttestorName.

AttestorPublicKey.PublicKeyOneofCase

Enum of possible cases for the "public_key" oneof.

ContinuousValidationEvent.EventTypeOneofCase

Enum of possible cases for the "event_type" oneof.

ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.AuditResult

Result of the audit.

ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.CheckResult.Types.CheckSetScope.ScopeOneofCase

Enum of possible cases for the "scope" oneof.

ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.CheckResult.Types.CheckVerdict

Result of evaluating one check.

ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.ContainerType

The container type.

ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.PolicyConformanceVerdict

Audit time policy conformance verdict.

PkixPublicKey.Types.SignatureAlgorithm

Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS.

Policy.Types.GlobalPolicyEvaluationMode

PolicyName.ResourceNameType

The possible contents of PolicyName.