Module google_binaryauthorization1_beta1::api [−][src]
Structs
AdmissionRule | An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. Images matching an admission allowlist pattern are exempted from admission rules and will never block a pod creation. |
AdmissionWhitelistPattern | An admission allowlist pattern exempts images from checks by admission rules. |
AttestationOccurrence | Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. |
Attestor | An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated. |
AttestorPublicKey | An attestor public key that will be used to verify attestations signed by this attestor. |
BinaryAuthorization | Central instance to access all BinaryAuthorization related resource activities |
Binding | Associates |
Empty | A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs. A typical example is to use it as the request or the response type of an API method. For instance: service Foo { rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); } The JSON representation for |
Expr | Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: “Summary size limit” description: “Determines if a summary is less than 100 chars” expression: “document.summary.size() < 100” Example (Equality): title: “Requestor is owner” description: “Determines if requestor is the document owner” expression: “document.owner == request.auth.claims.email” Example (Logic): title: “Public documents” description: “Determine whether the document should be publicly visible” expression: “document.type != ‘private’ && document.type != ‘internal’” Example (Data Manipulation): title: “Notification string” description: “Create a notification string with a timestamp.” expression: “’New message received at ’ + string(document.create_time)” The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information. |
IamPolicy | An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A |
Jwt | There is no detailed description. |
ListAttestorsResponse | Response message for BinauthzManagementService.ListAttestors. |
PkixPublicKey | A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format. |
Policy | A policy for container image binary authorization. |
ProjectAttestorCreateCall | Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the attestor already exists. |
ProjectAttestorDeleteCall | Deletes an attestor. Returns NOT_FOUND if the attestor does not exist. |
ProjectAttestorGetCall | Gets an attestor. Returns NOT_FOUND if the attestor does not exist. |
ProjectAttestorGetIamPolicyCall | Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set. |
ProjectAttestorListCall | Lists attestors. Returns INVALID_ARGUMENT if the project does not exist. |
ProjectAttestorSetIamPolicyCall | Sets the access control policy on the specified resource. Replaces any existing policy. Can return |
ProjectAttestorTestIamPermissionCall | Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a |
ProjectAttestorUpdateCall | Updates an attestor. Returns NOT_FOUND if the attestor does not exist. |
ProjectAttestorValidateAttestationOccurrenceCall | Returns whether the given Attestation for the given image URI was signed by the given Attestor |
ProjectGetPolicyCall | A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image. There is at most one policy per project. All image admission requests are permitted if a project has no policy. Gets the policy for this project. Returns a default policy if the project does not have one. |
ProjectMethods | A builder providing access to all methods supported on project resources.
It is not used directly, but through the |
ProjectPolicyGetIamPolicyCall | Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set. |
ProjectPolicySetIamPolicyCall | Sets the access control policy on the specified resource. Replaces any existing policy. Can return |
ProjectPolicyTestIamPermissionCall | Returns permissions that a caller has on the specified resource. If the resource does not exist, this will return an empty set of permissions, not a |
ProjectUpdatePolicyCall | Creates or updates a project’s policy, and returns a copy of the new policy. A policy is always updated as a whole, to avoid race conditions with concurrent policy enforcement (or management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed. |
SetIamPolicyRequest | Request message for |
Signature | Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy). Typically this means that the verifier has been configured with a map from |
SystempolicyGetPolicyCall | Gets the current system policy in the specified location. |
SystempolicyMethods | A builder providing access to all methods supported on systempolicy resources.
It is not used directly, but through the |
TestIamPermissionsRequest | Request message for |
TestIamPermissionsResponse | Response message for |
UserOwnedDrydockNote | An user owned drydock note references a Drydock ATTESTATION_AUTHORITY Note created by the user. |
ValidateAttestationOccurrenceRequest | Request message for ValidationHelperV1.ValidateAttestationOccurrence. |
ValidateAttestationOccurrenceResponse | Response message for ValidationHelperV1.ValidateAttestationOccurrence. |
Enums
Scope | Identifies the an OAuth2 authorization scope. A scope is needed when requesting an authorization token. |