Package types (0.4.1)

API documentation for binaryauthorization_v1.types package.

Classes

AdmissionRule

An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied.

Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.

AdmissionWhitelistPattern

An [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1.AdmissionRule].

Attestor

An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

AttestorPublicKey

An [attestor public key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.

CreateAttestorRequest

Request message for [BinauthzManagementService.CreateAttestor][]. .. attribute:: parent

Required. The parent of this attestor.

:type: str

DeleteAttestorRequest

Request message for [BinauthzManagementService.DeleteAttestor][]. .. attribute:: name

Required. The name of the attestors to delete, in the format projects/*/attestors/*.

:type: str

GetAttestorRequest

Request message for [BinauthzManagementService.GetAttestor][]. .. attribute:: name

Required. The name of the attestor to retrieve, in the format projects/*/attestors/*.

:type: str

GetPolicyRequest

Request message for [BinauthzManagementService.GetPolicy][]. .. attribute:: name

Required. The resource name of the policy to retrieve, in the format projects/*/policy.

:type: str

GetSystemPolicyRequest

Request to read the current system policy. .. attribute:: name

Required. The resource name, in the format locations/*/policy. Note that the system policy is not associated with a project.

:type: str

ListAttestorsRequest

Request message for [BinauthzManagementService.ListAttestors][]. .. attribute:: parent

Required. The resource name of the project associated with the attestors, in the format projects/*.

:type: str

ListAttestorsResponse

Response message for [BinauthzManagementService.ListAttestors][]. .. attribute:: attestors

The list of attestors.

:type: Sequence[google.cloud.binaryauthorization_v1.types.Attestor]

PkixPublicKey

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

Policy

A policy for container image binary authorization.

UpdateAttestorRequest

Request message for [BinauthzManagementService.UpdateAttestor][]. .. attribute:: attestor

Required. The updated attestor value. The service will overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name in the request URL, in the format projects/*/attestors/*.

:type: google.cloud.binaryauthorization_v1.types.Attestor

UpdatePolicyRequest

Request message for [BinauthzManagementService.UpdatePolicy][]. .. attribute:: policy

Required. A new or updated policy value. The service will overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in the request URL, in the format projects/*/policy.

:type: google.cloud.binaryauthorization_v1.types.Policy

UserOwnedGrafeasNote

An [user owned Grafeas note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a Grafeas Attestation.Authority Note created by the user.

ValidateAttestationOccurrenceRequest

Request message for ValidationHelperV1.ValidateAttestationOccurrence.

ValidateAttestationOccurrenceResponse

Response message for ValidationHelperV1.ValidateAttestationOccurrence.