API documentation for binaryauthorization_v1.types
package.
Classes
AdmissionRule
An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied.
Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.
AdmissionWhitelistPattern
An [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1.AdmissionRule].
Attestor
An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated.
AttestorPublicKey
An [attestor public key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.
CreateAttestorRequest
Request message for [BinauthzManagementService.CreateAttestor][]. .. attribute:: parent
Required. The parent of this attestor.
:type: str
DeleteAttestorRequest
Request message for [BinauthzManagementService.DeleteAttestor][]. .. attribute:: name
Required. The name of the
attestors to
delete, in the format projects/*/attestors/*
.
:type: str
GetAttestorRequest
Request message for [BinauthzManagementService.GetAttestor][]. .. attribute:: name
Required. The name of the
attestor to
retrieve, in the format projects/*/attestors/*
.
:type: str
GetPolicyRequest
Request message for [BinauthzManagementService.GetPolicy][]. .. attribute:: name
Required. The resource name of the
policy to
retrieve, in the format projects/*/policy
.
:type: str
GetSystemPolicyRequest
Request to read the current system policy. .. attribute:: name
Required. The resource name, in the format
locations/*/policy
. Note that the system policy is not
associated with a project.
:type: str
ListAttestorsRequest
Request message for [BinauthzManagementService.ListAttestors][]. .. attribute:: parent
Required. The resource name of the project associated with
the
attestors,
in the format projects/*
.
:type: str
ListAttestorsResponse
Response message for [BinauthzManagementService.ListAttestors][]. .. attribute:: attestors
The list of attestors.
:type: Sequence[google.cloud.binaryauthorization_v1.types.Attestor]
PkixPublicKey
A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.
Policy
A policy for container image binary authorization.
UpdateAttestorRequest
Request message for [BinauthzManagementService.UpdateAttestor][]. .. attribute:: attestor
Required. The updated
attestor
value. The service will overwrite the [attestor
name][google.cloud.binaryauthorization.v1.Attestor.name]
field with the resource name in the request URL, in the
format projects/*/attestors/*
.
UpdatePolicyRequest
Request message for [BinauthzManagementService.UpdatePolicy][]. .. attribute:: policy
Required. A new or updated
policy value.
The service will overwrite the [policy
name][google.cloud.binaryauthorization.v1.Policy.name] field
with the resource name in the request URL, in the format
projects/*/policy
.
UserOwnedGrafeasNote
An [user owned Grafeas note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a Grafeas Attestation.Authority Note created by the user.
ValidateAttestationOccurrenceRequest
Request message for ValidationHelperV1.ValidateAttestationOccurrence.
ValidateAttestationOccurrenceResponse
Response message for ValidationHelperV1.ValidateAttestationOccurrence.