Policy

google_cloud_binaryauthorization_v1::model

Struct Policy 

Source 
#[non_exhaustive]
pub struct Policy {
    pub name: String,
    pub description: String,
    pub global_policy_evaluation_mode: GlobalPolicyEvaluationMode,
    pub admission_whitelist_patterns: Vec<AdmissionWhitelistPattern>,
    pub cluster_admission_rules: HashMap<String, AdmissionRule>,
    pub kubernetes_namespace_admission_rules: HashMap<String, AdmissionRule>,
    pub kubernetes_service_account_admission_rules: HashMap<String, AdmissionRule>,
    pub istio_service_identity_admission_rules: HashMap<String, AdmissionRule>,
    pub default_admission_rule: Option<AdmissionRule>,
    pub update_time: Option<Timestamp>,
    /* private fields */
}
Expand description

A policy for container image binary authorization.

Fields (Non-exhaustive)§

This struct is marked as non-exhaustive
Non-exhaustive structs could have additional fields added in future. Therefore, non-exhaustive structs cannot be constructed in external crates using the traditional Struct { .. } syntax; cannot be matched against without a wildcard ..; and struct update syntax will not work.
§name: String

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

§description: String

Optional. A descriptive comment.

§global_policy_evaluation_mode: GlobalPolicyEvaluationMode

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

§admission_whitelist_patterns: Vec<AdmissionWhitelistPattern>

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

§cluster_admission_rules: HashMap<String, AdmissionRule>

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

§kubernetes_namespace_admission_rules: HashMap<String, AdmissionRule>

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. ‘some-namespace’

§kubernetes_service_account_admission_rules: HashMap<String, AdmissionRule>

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. ‘test-ns:default’

§istio_service_identity_admission_rules: HashMap<String, AdmissionRule>

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

§default_admission_rule: Option<AdmissionRule>

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

§update_time: Option<Timestamp>

Output only. Time when the policy was last updated.

Implementations§

Source§

impl Policy

Source

pub fn new() -> Self

Source

pub fn set_name<T: Into<String>>(self, v: T) -> Self

Sets the value of name.

Source

pub fn set_description<T: Into<String>>(self, v: T) -> Self

Sets the value of description.

Source

pub fn set_global_policy_evaluation_mode<T: Into<GlobalPolicyEvaluationMode>>( self, v: T, ) -> Self

Sets the value of global_policy_evaluation_mode.

Source

pub fn set_admission_whitelist_patterns<T, V>(self, v: T) -> Self
where T: IntoIterator<Item = V>, V: Into<AdmissionWhitelistPattern>,

Sets the value of admission_whitelist_patterns.

Source

pub fn set_cluster_admission_rules<T, K, V>(self, v: T) -> Self
where T: IntoIterator<Item = (K, V)>, K: Into<String>, V: Into<AdmissionRule>,

Sets the value of cluster_admission_rules.

Source

pub fn set_kubernetes_namespace_admission_rules<T, K, V>(self, v: T) -> Self
where T: IntoIterator<Item = (K, V)>, K: Into<String>, V: Into<AdmissionRule>,

Sets the value of kubernetes_namespace_admission_rules.

Source

pub fn set_kubernetes_service_account_admission_rules<T, K, V>( self, v: T, ) -> Self
where T: IntoIterator<Item = (K, V)>, K: Into<String>, V: Into<AdmissionRule>,

Sets the value of kubernetes_service_account_admission_rules.

Source

pub fn set_istio_service_identity_admission_rules<T, K, V>(self, v: T) -> Self
where T: IntoIterator<Item = (K, V)>, K: Into<String>, V: Into<AdmissionRule>,

Sets the value of istio_service_identity_admission_rules.

Source

pub fn set_default_admission_rule<T>(self, v: T) -> Self
where T: Into<AdmissionRule>,

Sets the value of default_admission_rule.

Source

pub fn set_or_clear_default_admission_rule<T>(self, v: Option<T>) -> Self
where T: Into<AdmissionRule>,

Sets or clears the value of default_admission_rule.

Source

pub fn set_update_time<T>(self, v: T) -> Self
where T: Into<Timestamp>,

Sets the value of update_time.

Source

pub fn set_or_clear_update_time<T>(self, v: Option<T>) -> Self
where T: Into<Timestamp>,

Sets or clears the value of update_time.

Trait Implementations§

Source§

impl Clone for Policy

Source§

fn clone(&self) -> Policy

Returns a duplicate of the value. Read more
1.0.0 · Source§

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source. Read more
Source§

impl Debug for Policy

Source§

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter. Read more
Source§

impl Default for Policy

Source§

fn default() -> Policy

Returns the “default value” for a type. Read more
Source§

impl Message for Policy

Source§

fn typename() -> &'static str

The typename of this message.
Source§

impl PartialEq for Policy

Source§

fn eq(&self, other: &Policy) -> bool

Tests for self and other values to be equal, and is used by ==.
1.0.0 · Source§

fn ne(&self, other: &Rhs) -> bool

Tests for !=. The default implementation is almost always sufficient, and should not be overridden without very good reason.
Source§

impl StructuralPartialEq for Policy

Auto Trait Implementations§

§

impl Freeze for Policy

§

impl RefUnwindSafe for Policy

§

impl Send for Policy

§

impl Sync for Policy

§

impl Unpin for Policy

§

impl UnwindSafe for Policy

Blanket Implementations§

Source§

impl<T> Any for T
where T: 'static + ?Sized,

Source§

fn type_id(&self) -> TypeId

Gets the TypeId of self. Read more
Source§

impl<T> Borrow<T> for T
where T: ?Sized,

Source§

fn borrow(&self) -> &T

Immutably borrows from an owned value. Read more
Source§

impl<T> BorrowMut<T> for T
where T: ?Sized,

Source§

fn borrow_mut(&mut self) -> &mut T

Mutably borrows from an owned value. Read more
Source§

impl<T> CloneToUninit for T
where T: Clone,

Source§

unsafe fn clone_to_uninit(&self, dest: *mut u8)

🔬This is a nightly-only experimental API. (clone_to_uninit)
Performs copy-assignment from self to dest. Read more
Source§

impl<T> From<T> for T

Source§

fn from(t: T) -> T

Returns the argument unchanged.

Source§

impl<T> Instrument for T

Source§

fn instrument(self, span: Span) -> Instrumented<Self>

Instruments this type with the provided Span, returning an Instrumented wrapper. Read more
Source§

fn in_current_span(self) -> Instrumented<Self>

Instruments this type with the current Span, returning an Instrumented wrapper. Read more
Source§

impl<T, U> Into<U> for T
where U: From<T>,

Source§

fn into(self) -> U

Calls U::from(self).

That is, this conversion is whatever the implementation of From<T> for U chooses to do.

Source§

impl<T> PolicyExt for T
where T: ?Sized,

Source§

fn and<P, B, E>(self, other: P) -> And<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow only if self and other return Action::Follow. Read more
Source§

fn or<P, B, E>(self, other: P) -> Or<T, P>
where T: Policy<B, E>, P: Policy<B, E>,

Create a new Policy that returns Action::Follow if either self or other returns Action::Follow. Read more
Source§

impl<T> ToOwned for T
where T: Clone,

Source§

type Owned = T

The resulting type after obtaining ownership.
Source§

fn to_owned(&self) -> T

Creates owned data from borrowed data, usually by cloning. Read more
Source§

fn clone_into(&self, target: &mut T)

Uses borrowed data to replace owned data, usually by cloning. Read more
Source§

impl<T, U> TryFrom<U> for T
where U: Into<T>,

Source§

type Error = Infallible

The type returned in the event of a conversion error.
Source§

fn try_from(value: U) -> Result<T, <T as TryFrom<U>>::Error>

Performs the conversion.
Source§

impl<T, U> TryInto<U> for T
where U: TryFrom<T>,

Source§

type Error = <U as TryFrom<T>>::Error

The type returned in the event of a conversion error.
Source§

fn try_into(self) -> Result<U, <U as TryFrom<T>>::Error>

Performs the conversion.
Source§

impl<V, T> VZip<V> for T
where V: MultiLane<T>,

Source§

fn vzip(self) -> V

Source§

impl<T> WithSubscriber for T

Source§

fn with_subscriber<S>(self, subscriber: S) -> WithDispatch<Self>
where S: Into<Dispatch>,

Attaches the provided Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

fn with_current_subscriber(self) -> WithDispatch<Self>

Attaches the current default Subscriber to this type, returning a WithDispatch wrapper. Read more
Source§

impl<T> DeserializeOwned for T
where T: for<'de> Deserialize<'de>,

Source§

impl<T> ErasedDestructor for T
where T: 'static,