Classes
AdmissionRule
An [admission rule][google.cloud.binaryauthorization.v1beta1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied.
Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.
AdmissionRule.Types
Container for nested types declared in the AdmissionRule message type.
AdmissionWhitelistPattern
An [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1beta1.AdmissionRule].
Attestor
An [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] that attests to container image artifacts. An existing attestor cannot be modified except where indicated.
AttestorName
Resource name for the Attestor
resource.
AttestorPublicKey
An [attestor public key][google.cloud.binaryauthorization.v1beta1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.
BinauthzManagementServiceV1Beta1
Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.
This API implements a REST model with the following objects:
- [Policy][google.cloud.binaryauthorization.v1beta1.Policy]
- [Attestor][google.cloud.binaryauthorization.v1beta1.Attestor]
BinauthzManagementServiceV1Beta1.BinauthzManagementServiceV1Beta1Base
Base class for server-side implementations of BinauthzManagementServiceV1Beta1
BinauthzManagementServiceV1Beta1.BinauthzManagementServiceV1Beta1Client
Client for BinauthzManagementServiceV1Beta1
BinauthzManagementServiceV1Beta1Client
BinauthzManagementServiceV1Beta1 client wrapper, for convenient use.
BinauthzManagementServiceV1Beta1ClientBuilder
Builder class for BinauthzManagementServiceV1Beta1Client to provide simple configuration of credentials, endpoint etc.
BinauthzManagementServiceV1Beta1ClientImpl
BinauthzManagementServiceV1Beta1 client wrapper implementation, for convenient use.
BinauthzManagementServiceV1Beta1Settings
Settings for BinauthzManagementServiceV1Beta1Client instances.
ContinuousValidationEvent
Represents an auditing event from Continuous Validation.
ContinuousValidationEvent.Types
Container for nested types declared in the ContinuousValidationEvent message type.
ContinuousValidationEvent.Types.ConfigErrorEvent
An event describing a user-actionable configuration issue that prevents CV from auditing.
ContinuousValidationEvent.Types.ContinuousValidationPodEvent
An auditing event for one Pod.
ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types
Container for nested types declared in the ContinuousValidationPodEvent message type.
ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails
Container image with auditing details.
ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types
Container for nested types declared in the ImageDetails message type.
ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.CheckResult
ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.CheckResult.Types
Container for nested types declared in the CheckResult message type.
ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.CheckResult.Types.CheckSetScope
A scope specifier for check sets.
CreateAttestorRequest
Request message for [BinauthzManagementService.CreateAttestor][].
DeleteAttestorRequest
Request message for [BinauthzManagementService.DeleteAttestor][].
GetAttestorRequest
Request message for [BinauthzManagementService.GetAttestor][].
GetPolicyRequest
Request message for [BinauthzManagementService.GetPolicy][].
GetSystemPolicyRequest
Request to read the current system policy.
ListAttestorsRequest
Request message for [BinauthzManagementService.ListAttestors][].
ListAttestorsResponse
Response message for [BinauthzManagementService.ListAttestors][].
PkixPublicKey
A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.
PkixPublicKey.Types
Container for nested types declared in the PkixPublicKey message type.
Policy
A [policy][google.cloud.binaryauthorization.v1beta1.Policy] for Binary Authorization.
Policy.Types
Container for nested types declared in the Policy message type.
PolicyName
Resource name for the Policy
resource.
SystemPolicyV1Beta1
API for working with the system policy.
SystemPolicyV1Beta1.SystemPolicyV1Beta1Base
Base class for server-side implementations of SystemPolicyV1Beta1
SystemPolicyV1Beta1.SystemPolicyV1Beta1Client
Client for SystemPolicyV1Beta1
SystemPolicyV1Beta1Client
SystemPolicyV1Beta1 client wrapper, for convenient use.
SystemPolicyV1Beta1ClientBuilder
Builder class for SystemPolicyV1Beta1Client to provide simple configuration of credentials, endpoint etc.
SystemPolicyV1Beta1ClientImpl
SystemPolicyV1Beta1 client wrapper implementation, for convenient use.
SystemPolicyV1Beta1Settings
Settings for SystemPolicyV1Beta1Client instances.
UpdateAttestorRequest
Request message for [BinauthzManagementService.UpdateAttestor][].
UpdatePolicyRequest
Request message for [BinauthzManagementService.UpdatePolicy][].
UserOwnedDrydockNote
An [user owned drydock note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote] references a Drydock ATTESTATION_AUTHORITY Note created by the user.
Enums
AdmissionRule.Types.EnforcementMode
Defines the possible actions when a pod creation is denied by an admission rule.
AdmissionRule.Types.EvaluationMode
Attestor.AttestorTypeOneofCase
Enum of possible cases for the "attestor_type" oneof.
AttestorName.ResourceNameType
The possible contents of AttestorName.
AttestorPublicKey.PublicKeyOneofCase
Enum of possible cases for the "public_key" oneof.
ContinuousValidationEvent.EventTypeOneofCase
Enum of possible cases for the "event_type" oneof.
ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.AuditResult
Result of the audit.
ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.CheckResult.Types.CheckSetScope.ScopeOneofCase
Enum of possible cases for the "scope" oneof.
ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.CheckResult.Types.CheckVerdict
Result of evaluating one check.
ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.ImageDetails.Types.ContainerType
The container type.
ContinuousValidationEvent.Types.ContinuousValidationPodEvent.Types.PolicyConformanceVerdict
Audit time policy conformance verdict.
PkixPublicKey.Types.SignatureAlgorithm
Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS.
Policy.Types.GlobalPolicyEvaluationMode
PolicyName.ResourceNameType
The possible contents of PolicyName.