Reference documentation and code samples for the Google Cloud Binary Authorization V1beta1 Client class BinauthzManagementServiceV1Beta1Client.
Service Description: Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.
This API implements a REST model with the following objects:
This class provides the ability to make remote calls to the backing service through method calls that map to API methods. Sample code to get started:
$binauthzManagementServiceV1Beta1Client = new BinauthzManagementServiceV1Beta1Client();
try {
$formattedParent = $binauthzManagementServiceV1Beta1Client->projectName('[PROJECT]');
$attestorId = 'attestor_id';
$attestor = new Attestor();
$response = $binauthzManagementServiceV1Beta1Client->createAttestor($formattedParent, $attestorId, $attestor);
} finally {
$binauthzManagementServiceV1Beta1Client->close();
}
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.
Namespace
Google \ Cloud \ BinaryAuthorization \ V1beta1Methods
__construct
Constructor.
Parameters | |
---|---|
Name | Description |
options |
array
Optional. Options for configuring the service API wrapper. |
↳ apiEndpoint |
string
The address of the API remote host. May optionally include the port, formatted as "
|
↳ credentials |
string|array|FetchAuthTokenInterface|CredentialsWrapper
The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored. |
↳ credentialsConfig |
array
Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() . |
↳ disableRetries |
bool
Determines whether or not retries defined by the client configuration should be disabled. Defaults to |
↳ clientConfig |
string|array
Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder. |
↳ transport |
string|TransportInterface
The transport used for executing network requests. May be either the string |
↳ transportConfig |
array
Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options. |
↳ clientCertSource |
callable
A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS. |
createAttestor
Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the attestor already exists.
Parameters | |
---|---|
Name | Description |
parent |
string
Required. The parent of this attestor. |
attestorId |
string
Required. The attestors ID. |
attestor |
Google\Cloud\BinaryAuthorization\V1beta1\Attestor
Required. The initial attestor value. The service will
overwrite the attestor name field with the resource name,
in the format |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\BinaryAuthorization\V1beta1\Attestor |
use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1beta1\Attestor;
use Google\Cloud\BinaryAuthorization\V1beta1\BinauthzManagementServiceV1Beta1Client;
/**
* @param string $formattedParent The parent of this [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Please see
* {@see BinauthzManagementServiceV1Beta1Client::projectName()} for help formatting this field.
* @param string $attestorId The [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] ID.
* @param string $attestorName The resource name, in the format:
* `projects/*/attestors/*`. This field may not be updated.
*/
function create_attestor_sample(
string $formattedParent,
string $attestorId,
string $attestorName
): void {
// Create a client.
$binauthzManagementServiceV1Beta1Client = new BinauthzManagementServiceV1Beta1Client();
// Prepare any non-scalar elements to be passed along with the request.
$attestor = (new Attestor())
->setName($attestorName);
// Call the API and handle any network failures.
try {
/** @var Attestor $response */
$response = $binauthzManagementServiceV1Beta1Client->createAttestor(
$formattedParent,
$attestorId,
$attestor
);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = BinauthzManagementServiceV1Beta1Client::projectName('[PROJECT]');
$attestorId = '[ATTESTOR_ID]';
$attestorName = '[NAME]';
create_attestor_sample($formattedParent, $attestorId, $attestorName);
}
deleteAttestor
Deletes an attestor. Returns NOT_FOUND if the attestor does not exist.
Parameters | |
---|---|
Name | Description |
name |
string
Required. The name of the attestors to delete, in the format
|
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1beta1\BinauthzManagementServiceV1Beta1Client;
/**
* @param string $formattedName The name of the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] to delete, in the format
* `projects/*/attestors/*`. Please see
* {@see BinauthzManagementServiceV1Beta1Client::attestorName()} for help formatting this field.
*/
function delete_attestor_sample(string $formattedName): void
{
// Create a client.
$binauthzManagementServiceV1Beta1Client = new BinauthzManagementServiceV1Beta1Client();
// Call the API and handle any network failures.
try {
$binauthzManagementServiceV1Beta1Client->deleteAttestor($formattedName);
printf('Call completed successfully.' . PHP_EOL);
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = BinauthzManagementServiceV1Beta1Client::attestorName('[PROJECT]', '[ATTESTOR]');
delete_attestor_sample($formattedName);
}
getAttestor
Gets an attestor.
Returns NOT_FOUND if the attestor does not exist.
Parameters | |
---|---|
Name | Description |
name |
string
Required. The name of the attestor to retrieve, in the format
|
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\BinaryAuthorization\V1beta1\Attestor |
use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1beta1\Attestor;
use Google\Cloud\BinaryAuthorization\V1beta1\BinauthzManagementServiceV1Beta1Client;
/**
* @param string $formattedName The name of the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] to retrieve, in the format
* `projects/*/attestors/*`. Please see
* {@see BinauthzManagementServiceV1Beta1Client::attestorName()} for help formatting this field.
*/
function get_attestor_sample(string $formattedName): void
{
// Create a client.
$binauthzManagementServiceV1Beta1Client = new BinauthzManagementServiceV1Beta1Client();
// Call the API and handle any network failures.
try {
/** @var Attestor $response */
$response = $binauthzManagementServiceV1Beta1Client->getAttestor($formattedName);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = BinauthzManagementServiceV1Beta1Client::attestorName('[PROJECT]', '[ATTESTOR]');
get_attestor_sample($formattedName);
}
getPolicy
A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image. There is at most one policy per project. All image admission requests are permitted if a project has no policy.
Gets the policy for this project. Returns a default policy if the project does not have one.
Parameters | |
---|---|
Name | Description |
name |
string
Required. The resource name of the policy to retrieve,
in the format |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\BinaryAuthorization\V1beta1\Policy |
use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1beta1\BinauthzManagementServiceV1Beta1Client;
use Google\Cloud\BinaryAuthorization\V1beta1\Policy;
/**
* @param string $formattedName The resource name of the [policy][google.cloud.binaryauthorization.v1beta1.Policy] to retrieve,
* in the format `projects/*/policy`. Please see
* {@see BinauthzManagementServiceV1Beta1Client::policyName()} for help formatting this field.
*/
function get_policy_sample(string $formattedName): void
{
// Create a client.
$binauthzManagementServiceV1Beta1Client = new BinauthzManagementServiceV1Beta1Client();
// Call the API and handle any network failures.
try {
/** @var Policy $response */
$response = $binauthzManagementServiceV1Beta1Client->getPolicy($formattedName);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = BinauthzManagementServiceV1Beta1Client::policyName('[PROJECT]');
get_policy_sample($formattedName);
}
listAttestors
Lists attestors.
Returns INVALID_ARGUMENT if the project does not exist.
Parameters | |
---|---|
Name | Description |
parent |
string
Required. The resource name of the project associated with the
attestors, in the format |
optionalArgs |
array
Optional. |
↳ pageSize |
int
The maximum number of resources contained in the underlying API response. The API may return fewer values in a page, even if there are additional values to be retrieved. |
↳ pageToken |
string
A page token is used to specify a page of values to be returned. If no page token is specified (the default), the first page of values will be returned. Any page token used here must have been generated by a previous call to the API. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\ApiCore\PagedListResponse |
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\BinaryAuthorization\V1beta1\Attestor;
use Google\Cloud\BinaryAuthorization\V1beta1\BinauthzManagementServiceV1Beta1Client;
/**
* @param string $formattedParent The resource name of the project associated with the
* [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], in the format `projects/*`. Please see
* {@see BinauthzManagementServiceV1Beta1Client::projectName()} for help formatting this field.
*/
function list_attestors_sample(string $formattedParent): void
{
// Create a client.
$binauthzManagementServiceV1Beta1Client = new BinauthzManagementServiceV1Beta1Client();
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $binauthzManagementServiceV1Beta1Client->listAttestors($formattedParent);
/** @var Attestor $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = BinauthzManagementServiceV1Beta1Client::projectName('[PROJECT]');
list_attestors_sample($formattedParent);
}
updateAttestor
Updates an attestor.
Returns NOT_FOUND if the attestor does not exist.
Parameters | |
---|---|
Name | Description |
attestor |
Google\Cloud\BinaryAuthorization\V1beta1\Attestor
Required. The updated attestor value. The service will
overwrite the attestor name field with the resource name
in the request URL, in the format |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\BinaryAuthorization\V1beta1\Attestor |
use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1beta1\Attestor;
use Google\Cloud\BinaryAuthorization\V1beta1\BinauthzManagementServiceV1Beta1Client;
/**
* @param string $attestorName The resource name, in the format:
* `projects/*/attestors/*`. This field may not be updated.
*/
function update_attestor_sample(string $attestorName): void
{
// Create a client.
$binauthzManagementServiceV1Beta1Client = new BinauthzManagementServiceV1Beta1Client();
// Prepare any non-scalar elements to be passed along with the request.
$attestor = (new Attestor())
->setName($attestorName);
// Call the API and handle any network failures.
try {
/** @var Attestor $response */
$response = $binauthzManagementServiceV1Beta1Client->updateAttestor($attestor);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$attestorName = '[NAME]';
update_attestor_sample($attestorName);
}
updatePolicy
Creates or updates a project's policy, and returns a copy of the new policy. A policy is always updated as a whole, to avoid race conditions with concurrent policy enforcement (or management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed.
Parameters | |
---|---|
Name | Description |
policy |
Google\Cloud\BinaryAuthorization\V1beta1\Policy
Required. A new or updated policy value. The service will
overwrite the policy name field with the resource name in
the request URL, in the format |
optionalArgs |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\BinaryAuthorization\V1beta1\Policy |
use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1beta1\AdmissionRule;
use Google\Cloud\BinaryAuthorization\V1beta1\AdmissionRule\EnforcementMode;
use Google\Cloud\BinaryAuthorization\V1beta1\AdmissionRule\EvaluationMode;
use Google\Cloud\BinaryAuthorization\V1beta1\BinauthzManagementServiceV1Beta1Client;
use Google\Cloud\BinaryAuthorization\V1beta1\Policy;
/**
* @param int $policyDefaultAdmissionRuleEvaluationMode How this admission rule will be evaluated.
* @param int $policyDefaultAdmissionRuleEnforcementMode The action when a pod creation is denied by the admission rule.
*/
function update_policy_sample(
int $policyDefaultAdmissionRuleEvaluationMode,
int $policyDefaultAdmissionRuleEnforcementMode
): void {
// Create a client.
$binauthzManagementServiceV1Beta1Client = new BinauthzManagementServiceV1Beta1Client();
// Prepare any non-scalar elements to be passed along with the request.
$policyDefaultAdmissionRule = (new AdmissionRule())
->setEvaluationMode($policyDefaultAdmissionRuleEvaluationMode)
->setEnforcementMode($policyDefaultAdmissionRuleEnforcementMode);
$policy = (new Policy())
->setDefaultAdmissionRule($policyDefaultAdmissionRule);
// Call the API and handle any network failures.
try {
/** @var Policy $response */
$response = $binauthzManagementServiceV1Beta1Client->updatePolicy($policy);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$policyDefaultAdmissionRuleEvaluationMode = EvaluationMode::EVALUATION_MODE_UNSPECIFIED;
$policyDefaultAdmissionRuleEnforcementMode = EnforcementMode::ENFORCEMENT_MODE_UNSPECIFIED;
update_policy_sample(
$policyDefaultAdmissionRuleEvaluationMode,
$policyDefaultAdmissionRuleEnforcementMode
);
}
static::attestorName
Formats a string containing the fully-qualified path to represent a attestor resource.
Parameters | |
---|---|
Name | Description |
project |
string
|
attestor |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted attestor resource. |
static::locationPolicyName
Formats a string containing the fully-qualified path to represent a location_policy resource.
Parameter | |
---|---|
Name | Description |
location |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted location_policy resource. |
static::policyName
Formats a string containing the fully-qualified path to represent a policy resource.
Parameter | |
---|---|
Name | Description |
project |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted policy resource. |
static::projectName
Formats a string containing the fully-qualified path to represent a project resource.
Parameter | |
---|---|
Name | Description |
project |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted project resource. |
static::projectPolicyName
Formats a string containing the fully-qualified path to represent a project_policy resource.
Parameter | |
---|---|
Name | Description |
project |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted project_policy resource. |
static::parseName
Parses a formatted name string and returns an associative array of the components in the name.
The following name formats are supported: Template: Pattern
- attestor: projects/{project}/attestors/{attestor}
- locationPolicy: locations/{location}/policy
- policy: projects/{project}/policy
- project: projects/{project}
- projectPolicy: projects/{project}/policy
The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.
Parameters | |
---|---|
Name | Description |
formattedName |
string
The formatted name string |
template |
string
Optional name of template to match |
Returns | |
---|---|
Type | Description |
array | An associative array from name component IDs to component values. |
Constants
SERVICE_NAME
Value: 'google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1'
The name of the service.
SERVICE_ADDRESS
Value: 'binaryauthorization.googleapis.com'
The default address of the service.
DEFAULT_SERVICE_PORT
Value: 443
The default port of the service.
CODEGEN_NAME
Value: 'gapic'
The name of the code generator, to be included in the agent header.