Documentation
¶
Index ¶
- Constants
- Variables
- func RegisterBinauthzManagementServiceV1Beta1Server(s grpc.ServiceRegistrar, srv BinauthzManagementServiceV1Beta1Server)
- func RegisterSystemPolicyV1Beta1Server(s grpc.ServiceRegistrar, srv SystemPolicyV1Beta1Server)
- type AdmissionRule
- func (*AdmissionRule) Descriptor() ([]byte, []int)deprecated
- func (x *AdmissionRule) GetEnforcementMode() AdmissionRule_EnforcementMode
- func (x *AdmissionRule) GetEvaluationMode() AdmissionRule_EvaluationMode
- func (x *AdmissionRule) GetRequireAttestationsBy() []string
- func (*AdmissionRule) ProtoMessage()
- func (x *AdmissionRule) ProtoReflect() protoreflect.Message
- func (x *AdmissionRule) Reset()
- func (x *AdmissionRule) String() string
- type AdmissionRule_EnforcementMode
- func (AdmissionRule_EnforcementMode) Descriptor() protoreflect.EnumDescriptor
- func (x AdmissionRule_EnforcementMode) Enum() *AdmissionRule_EnforcementMode
- func (AdmissionRule_EnforcementMode) EnumDescriptor() ([]byte, []int)deprecated
- func (x AdmissionRule_EnforcementMode) Number() protoreflect.EnumNumber
- func (x AdmissionRule_EnforcementMode) String() string
- func (AdmissionRule_EnforcementMode) Type() protoreflect.EnumType
- type AdmissionRule_EvaluationMode
- func (AdmissionRule_EvaluationMode) Descriptor() protoreflect.EnumDescriptor
- func (x AdmissionRule_EvaluationMode) Enum() *AdmissionRule_EvaluationMode
- func (AdmissionRule_EvaluationMode) EnumDescriptor() ([]byte, []int)deprecated
- func (x AdmissionRule_EvaluationMode) Number() protoreflect.EnumNumber
- func (x AdmissionRule_EvaluationMode) String() string
- func (AdmissionRule_EvaluationMode) Type() protoreflect.EnumType
- type AdmissionWhitelistPattern
- func (*AdmissionWhitelistPattern) Descriptor() ([]byte, []int)deprecated
- func (x *AdmissionWhitelistPattern) GetNamePattern() string
- func (*AdmissionWhitelistPattern) ProtoMessage()
- func (x *AdmissionWhitelistPattern) ProtoReflect() protoreflect.Message
- func (x *AdmissionWhitelistPattern) Reset()
- func (x *AdmissionWhitelistPattern) String() string
- type Attestor
- func (*Attestor) Descriptor() ([]byte, []int)deprecated
- func (m *Attestor) GetAttestorType() isAttestor_AttestorType
- func (x *Attestor) GetDescription() string
- func (x *Attestor) GetName() string
- func (x *Attestor) GetUpdateTime() *timestamppb.Timestamp
- func (x *Attestor) GetUserOwnedDrydockNote() *UserOwnedDrydockNote
- func (*Attestor) ProtoMessage()
- func (x *Attestor) ProtoReflect() protoreflect.Message
- func (x *Attestor) Reset()
- func (x *Attestor) String() string
- type AttestorPublicKey
- func (*AttestorPublicKey) Descriptor() ([]byte, []int)deprecated
- func (x *AttestorPublicKey) GetAsciiArmoredPgpPublicKey() string
- func (x *AttestorPublicKey) GetComment() string
- func (x *AttestorPublicKey) GetId() string
- func (x *AttestorPublicKey) GetPkixPublicKey() *PkixPublicKey
- func (m *AttestorPublicKey) GetPublicKey() isAttestorPublicKey_PublicKey
- func (*AttestorPublicKey) ProtoMessage()
- func (x *AttestorPublicKey) ProtoReflect() protoreflect.Message
- func (x *AttestorPublicKey) Reset()
- func (x *AttestorPublicKey) String() string
- type AttestorPublicKey_AsciiArmoredPgpPublicKey
- type AttestorPublicKey_PkixPublicKey
- type Attestor_UserOwnedDrydockNote
- type BinauthzManagementServiceV1Beta1Client
- type BinauthzManagementServiceV1Beta1Server
- type ContinuousValidationEvent
- func (*ContinuousValidationEvent) Descriptor() ([]byte, []int)deprecated
- func (x *ContinuousValidationEvent) GetConfigErrorEvent() *ContinuousValidationEvent_ConfigErrorEvent
- func (m *ContinuousValidationEvent) GetEventType() isContinuousValidationEvent_EventType
- func (x *ContinuousValidationEvent) GetPodEvent() *ContinuousValidationEvent_ContinuousValidationPodEvent
- func (*ContinuousValidationEvent) ProtoMessage()
- func (x *ContinuousValidationEvent) ProtoReflect() protoreflect.Message
- func (x *ContinuousValidationEvent) Reset()
- func (x *ContinuousValidationEvent) String() string
- type ContinuousValidationEvent_ConfigErrorEvent
- func (*ContinuousValidationEvent_ConfigErrorEvent) Descriptor() ([]byte, []int)deprecated
- func (x *ContinuousValidationEvent_ConfigErrorEvent) GetDescription() string
- func (*ContinuousValidationEvent_ConfigErrorEvent) ProtoMessage()
- func (x *ContinuousValidationEvent_ConfigErrorEvent) ProtoReflect() protoreflect.Message
- func (x *ContinuousValidationEvent_ConfigErrorEvent) Reset()
- func (x *ContinuousValidationEvent_ConfigErrorEvent) String() string
- type ContinuousValidationEvent_ConfigErrorEvent_
- type ContinuousValidationEvent_ContinuousValidationPodEvent
- func (*ContinuousValidationEvent_ContinuousValidationPodEvent) Descriptor() ([]byte, []int)deprecated
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetDeployTime() *timestamppb.Timestamp
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetEndTime() *timestamppb.Timestamp
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetImages() []*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetPod() string
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetPodNamespace() string
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetPolicyName() string
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetVerdict() ...
- func (*ContinuousValidationEvent_ContinuousValidationPodEvent) ProtoMessage()
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) ProtoReflect() protoreflect.Message
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) Reset()
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) String() string
- type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails
- func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) Descriptor() ([]byte, []int)deprecated
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetCheckResults() ...
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetContainerName() string
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetContainerType() ...
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetDescription() string
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetImage() string
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetResult() ...
- func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) ProtoMessage()
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) ProtoReflect() protoreflect.Message
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) Reset()
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) String() string
- type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult
- func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Descriptor() protoreflect.EnumDescriptor
- func (x ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Enum() ...
- func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) EnumDescriptor() ([]byte, []int)deprecated
- func (x ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Number() protoreflect.EnumNumber
- func (x ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) String() string
- func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Type() protoreflect.EnumType
- type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult
- func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) Descriptor() ([]byte, []int)deprecated
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckIndex() string
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckName() string
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckSetIndex() string
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckSetName() string
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckSetScope() ...
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckType() string
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetExplanation() string
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetVerdict() ...
- func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) ProtoMessage()
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) ProtoReflect() protoreflect.Message
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) Reset()
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) String() string
- type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope
- func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) Descriptor() ([]byte, []int)deprecated
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) GetKubernetesNamespace() string
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) GetKubernetesServiceAccount() string
- func (m *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) GetScope() ...
- func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) ProtoMessage()
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) ProtoReflect() protoreflect.Message
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) Reset()
- func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) String() string
- type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope_KubernetesNamespace
- type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope_KubernetesServiceAccount
- type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict
- func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict) Descriptor() protoreflect.EnumDescriptor
- func (x ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict) Enum() ...
- func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict) EnumDescriptor() ([]byte, []int)deprecated
- func (x ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict) Number() protoreflect.EnumNumber
- func (x ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict) String() string
- func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict) Type() protoreflect.EnumType
- type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType
- func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType) Descriptor() protoreflect.EnumDescriptor
- func (x ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType) Enum() ...
- func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType) EnumDescriptor() ([]byte, []int)deprecated
- func (x ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType) Number() protoreflect.EnumNumber
- func (x ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType) String() string
- func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType) Type() protoreflect.EnumType
- type ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict
- func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Descriptor() protoreflect.EnumDescriptor
- func (x ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Enum() ...
- func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) EnumDescriptor() ([]byte, []int)deprecated
- func (x ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Number() protoreflect.EnumNumber
- func (x ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) String() string
- func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Type() protoreflect.EnumType
- type ContinuousValidationEvent_PodEvent
- type CreateAttestorRequest
- func (*CreateAttestorRequest) Descriptor() ([]byte, []int)deprecated
- func (x *CreateAttestorRequest) GetAttestor() *Attestor
- func (x *CreateAttestorRequest) GetAttestorId() string
- func (x *CreateAttestorRequest) GetParent() string
- func (*CreateAttestorRequest) ProtoMessage()
- func (x *CreateAttestorRequest) ProtoReflect() protoreflect.Message
- func (x *CreateAttestorRequest) Reset()
- func (x *CreateAttestorRequest) String() string
- type DeleteAttestorRequest
- func (*DeleteAttestorRequest) Descriptor() ([]byte, []int)deprecated
- func (x *DeleteAttestorRequest) GetName() string
- func (*DeleteAttestorRequest) ProtoMessage()
- func (x *DeleteAttestorRequest) ProtoReflect() protoreflect.Message
- func (x *DeleteAttestorRequest) Reset()
- func (x *DeleteAttestorRequest) String() string
- type GetAttestorRequest
- func (*GetAttestorRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GetAttestorRequest) GetName() string
- func (*GetAttestorRequest) ProtoMessage()
- func (x *GetAttestorRequest) ProtoReflect() protoreflect.Message
- func (x *GetAttestorRequest) Reset()
- func (x *GetAttestorRequest) String() string
- type GetPolicyRequest
- type GetSystemPolicyRequest
- func (*GetSystemPolicyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *GetSystemPolicyRequest) GetName() string
- func (*GetSystemPolicyRequest) ProtoMessage()
- func (x *GetSystemPolicyRequest) ProtoReflect() protoreflect.Message
- func (x *GetSystemPolicyRequest) Reset()
- func (x *GetSystemPolicyRequest) String() string
- type ListAttestorsRequest
- func (*ListAttestorsRequest) Descriptor() ([]byte, []int)deprecated
- func (x *ListAttestorsRequest) GetPageSize() int32
- func (x *ListAttestorsRequest) GetPageToken() string
- func (x *ListAttestorsRequest) GetParent() string
- func (*ListAttestorsRequest) ProtoMessage()
- func (x *ListAttestorsRequest) ProtoReflect() protoreflect.Message
- func (x *ListAttestorsRequest) Reset()
- func (x *ListAttestorsRequest) String() string
- type ListAttestorsResponse
- func (*ListAttestorsResponse) Descriptor() ([]byte, []int)deprecated
- func (x *ListAttestorsResponse) GetAttestors() []*Attestor
- func (x *ListAttestorsResponse) GetNextPageToken() string
- func (*ListAttestorsResponse) ProtoMessage()
- func (x *ListAttestorsResponse) ProtoReflect() protoreflect.Message
- func (x *ListAttestorsResponse) Reset()
- func (x *ListAttestorsResponse) String() string
- type PkixPublicKey
- func (*PkixPublicKey) Descriptor() ([]byte, []int)deprecated
- func (x *PkixPublicKey) GetPublicKeyPem() string
- func (x *PkixPublicKey) GetSignatureAlgorithm() PkixPublicKey_SignatureAlgorithm
- func (*PkixPublicKey) ProtoMessage()
- func (x *PkixPublicKey) ProtoReflect() protoreflect.Message
- func (x *PkixPublicKey) Reset()
- func (x *PkixPublicKey) String() string
- type PkixPublicKey_SignatureAlgorithm
- func (PkixPublicKey_SignatureAlgorithm) Descriptor() protoreflect.EnumDescriptor
- func (x PkixPublicKey_SignatureAlgorithm) Enum() *PkixPublicKey_SignatureAlgorithm
- func (PkixPublicKey_SignatureAlgorithm) EnumDescriptor() ([]byte, []int)deprecated
- func (x PkixPublicKey_SignatureAlgorithm) Number() protoreflect.EnumNumber
- func (x PkixPublicKey_SignatureAlgorithm) String() string
- func (PkixPublicKey_SignatureAlgorithm) Type() protoreflect.EnumType
- type Policy
- func (*Policy) Descriptor() ([]byte, []int)deprecated
- func (x *Policy) GetAdmissionWhitelistPatterns() []*AdmissionWhitelistPattern
- func (x *Policy) GetClusterAdmissionRules() map[string]*AdmissionRule
- func (x *Policy) GetDefaultAdmissionRule() *AdmissionRule
- func (x *Policy) GetDescription() string
- func (x *Policy) GetGlobalPolicyEvaluationMode() Policy_GlobalPolicyEvaluationMode
- func (x *Policy) GetIstioServiceIdentityAdmissionRules() map[string]*AdmissionRule
- func (x *Policy) GetKubernetesNamespaceAdmissionRules() map[string]*AdmissionRule
- func (x *Policy) GetKubernetesServiceAccountAdmissionRules() map[string]*AdmissionRule
- func (x *Policy) GetName() string
- func (x *Policy) GetUpdateTime() *timestamppb.Timestamp
- func (*Policy) ProtoMessage()
- func (x *Policy) ProtoReflect() protoreflect.Message
- func (x *Policy) Reset()
- func (x *Policy) String() string
- type Policy_GlobalPolicyEvaluationMode
- func (Policy_GlobalPolicyEvaluationMode) Descriptor() protoreflect.EnumDescriptor
- func (x Policy_GlobalPolicyEvaluationMode) Enum() *Policy_GlobalPolicyEvaluationMode
- func (Policy_GlobalPolicyEvaluationMode) EnumDescriptor() ([]byte, []int)deprecated
- func (x Policy_GlobalPolicyEvaluationMode) Number() protoreflect.EnumNumber
- func (x Policy_GlobalPolicyEvaluationMode) String() string
- func (Policy_GlobalPolicyEvaluationMode) Type() protoreflect.EnumType
- type SystemPolicyV1Beta1Client
- type SystemPolicyV1Beta1Server
- type UnimplementedBinauthzManagementServiceV1Beta1Server
- func (UnimplementedBinauthzManagementServiceV1Beta1Server) CreateAttestor(context.Context, *CreateAttestorRequest) (*Attestor, error)
- func (UnimplementedBinauthzManagementServiceV1Beta1Server) DeleteAttestor(context.Context, *DeleteAttestorRequest) (*emptypb.Empty, error)
- func (UnimplementedBinauthzManagementServiceV1Beta1Server) GetAttestor(context.Context, *GetAttestorRequest) (*Attestor, error)
- func (UnimplementedBinauthzManagementServiceV1Beta1Server) GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
- func (UnimplementedBinauthzManagementServiceV1Beta1Server) ListAttestors(context.Context, *ListAttestorsRequest) (*ListAttestorsResponse, error)
- func (UnimplementedBinauthzManagementServiceV1Beta1Server) UpdateAttestor(context.Context, *UpdateAttestorRequest) (*Attestor, error)
- func (UnimplementedBinauthzManagementServiceV1Beta1Server) UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)
- type UnimplementedSystemPolicyV1Beta1Server
- type UnsafeBinauthzManagementServiceV1Beta1Server
- type UnsafeSystemPolicyV1Beta1Server
- type UpdateAttestorRequest
- func (*UpdateAttestorRequest) Descriptor() ([]byte, []int)deprecated
- func (x *UpdateAttestorRequest) GetAttestor() *Attestor
- func (*UpdateAttestorRequest) ProtoMessage()
- func (x *UpdateAttestorRequest) ProtoReflect() protoreflect.Message
- func (x *UpdateAttestorRequest) Reset()
- func (x *UpdateAttestorRequest) String() string
- type UpdatePolicyRequest
- func (*UpdatePolicyRequest) Descriptor() ([]byte, []int)deprecated
- func (x *UpdatePolicyRequest) GetPolicy() *Policy
- func (*UpdatePolicyRequest) ProtoMessage()
- func (x *UpdatePolicyRequest) ProtoReflect() protoreflect.Message
- func (x *UpdatePolicyRequest) Reset()
- func (x *UpdatePolicyRequest) String() string
- type UserOwnedDrydockNote
- func (*UserOwnedDrydockNote) Descriptor() ([]byte, []int)deprecated
- func (x *UserOwnedDrydockNote) GetDelegationServiceAccountEmail() string
- func (x *UserOwnedDrydockNote) GetNoteReference() string
- func (x *UserOwnedDrydockNote) GetPublicKeys() []*AttestorPublicKey
- func (*UserOwnedDrydockNote) ProtoMessage()
- func (x *UserOwnedDrydockNote) ProtoReflect() protoreflect.Message
- func (x *UserOwnedDrydockNote) Reset()
- func (x *UserOwnedDrydockNote) String() string
Constants ¶
View Source
const ( BinauthzManagementServiceV1Beta1_GetPolicy_FullMethodName = "/google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1/GetPolicy" BinauthzManagementServiceV1Beta1_UpdatePolicy_FullMethodName = "/google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1/UpdatePolicy" BinauthzManagementServiceV1Beta1_CreateAttestor_FullMethodName = "/google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1/CreateAttestor" BinauthzManagementServiceV1Beta1_GetAttestor_FullMethodName = "/google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1/GetAttestor" BinauthzManagementServiceV1Beta1_UpdateAttestor_FullMethodName = "/google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1/UpdateAttestor" BinauthzManagementServiceV1Beta1_ListAttestors_FullMethodName = "/google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1/ListAttestors" BinauthzManagementServiceV1Beta1_DeleteAttestor_FullMethodName = "/google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1/DeleteAttestor" )
View Source
const (
SystemPolicyV1Beta1_GetSystemPolicy_FullMethodName = "/google.cloud.binaryauthorization.v1beta1.SystemPolicyV1Beta1/GetSystemPolicy"
)
Variables ¶
View Source
var ( ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict_name = map[int32]string{ 0: "POLICY_CONFORMANCE_VERDICT_UNSPECIFIED", 1: "VIOLATES_POLICY", } ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict_value = map[string]int32{ "POLICY_CONFORMANCE_VERDICT_UNSPECIFIED": 0, "VIOLATES_POLICY": 1, } )
Enum value maps for ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict.
View Source
var ( ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType_name = map[int32]string{ 0: "CONTAINER_TYPE_UNSPECIFIED", 1: "CONTAINER", 2: "INIT_CONTAINER", 3: "EPHEMERAL_CONTAINER", } ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType_value = map[string]int32{ "CONTAINER_TYPE_UNSPECIFIED": 0, "CONTAINER": 1, "INIT_CONTAINER": 2, "EPHEMERAL_CONTAINER": 3, } )
Enum value maps for ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType.
View Source
var ( ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult_name = map[int32]string{ 0: "AUDIT_RESULT_UNSPECIFIED", 1: "ALLOW", 2: "DENY", } ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult_value = map[string]int32{ "AUDIT_RESULT_UNSPECIFIED": 0, "ALLOW": 1, "DENY": 2, } )
Enum value maps for ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult.
View Source
var ( ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict_name = map[int32]string{ 0: "CHECK_VERDICT_UNSPECIFIED", 1: "NON_CONFORMANT", } ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict_value = map[string]int32{ "CHECK_VERDICT_UNSPECIFIED": 0, "NON_CONFORMANT": 1, } )
Enum value maps for ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict.
View Source
var ( Policy_GlobalPolicyEvaluationMode_name = map[int32]string{ 0: "GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED", 1: "ENABLE", 2: "DISABLE", } Policy_GlobalPolicyEvaluationMode_value = map[string]int32{ "GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED": 0, "ENABLE": 1, "DISABLE": 2, } )
Enum value maps for Policy_GlobalPolicyEvaluationMode.
View Source
var ( AdmissionRule_EvaluationMode_name = map[int32]string{ 0: "EVALUATION_MODE_UNSPECIFIED", 1: "ALWAYS_ALLOW", 2: "REQUIRE_ATTESTATION", 3: "ALWAYS_DENY", } AdmissionRule_EvaluationMode_value = map[string]int32{ "EVALUATION_MODE_UNSPECIFIED": 0, "ALWAYS_ALLOW": 1, "REQUIRE_ATTESTATION": 2, "ALWAYS_DENY": 3, } )
Enum value maps for AdmissionRule_EvaluationMode.
View Source
var ( AdmissionRule_EnforcementMode_name = map[int32]string{ 0: "ENFORCEMENT_MODE_UNSPECIFIED", 1: "ENFORCED_BLOCK_AND_AUDIT_LOG", 2: "DRYRUN_AUDIT_LOG_ONLY", } AdmissionRule_EnforcementMode_value = map[string]int32{ "ENFORCEMENT_MODE_UNSPECIFIED": 0, "ENFORCED_BLOCK_AND_AUDIT_LOG": 1, "DRYRUN_AUDIT_LOG_ONLY": 2, } )
Enum value maps for AdmissionRule_EnforcementMode.
View Source
var ( PkixPublicKey_SignatureAlgorithm_name = map[int32]string{ 0: "SIGNATURE_ALGORITHM_UNSPECIFIED", 1: "RSA_PSS_2048_SHA256", 2: "RSA_PSS_3072_SHA256", 3: "RSA_PSS_4096_SHA256", 4: "RSA_PSS_4096_SHA512", 5: "RSA_SIGN_PKCS1_2048_SHA256", 6: "RSA_SIGN_PKCS1_3072_SHA256", 7: "RSA_SIGN_PKCS1_4096_SHA256", 8: "RSA_SIGN_PKCS1_4096_SHA512", 9: "ECDSA_P256_SHA256", 10: "ECDSA_P384_SHA384", 11: "ECDSA_P521_SHA512", } PkixPublicKey_SignatureAlgorithm_value = map[string]int32{ "SIGNATURE_ALGORITHM_UNSPECIFIED": 0, "RSA_PSS_2048_SHA256": 1, "RSA_PSS_3072_SHA256": 2, "RSA_PSS_4096_SHA256": 3, "RSA_PSS_4096_SHA512": 4, "RSA_SIGN_PKCS1_2048_SHA256": 5, "RSA_SIGN_PKCS1_3072_SHA256": 6, "RSA_SIGN_PKCS1_4096_SHA256": 7, "RSA_SIGN_PKCS1_4096_SHA512": 8, "ECDSA_P256_SHA256": 9, "EC_SIGN_P256_SHA256": 9, "ECDSA_P384_SHA384": 10, "EC_SIGN_P384_SHA384": 10, "ECDSA_P521_SHA512": 11, "EC_SIGN_P521_SHA512": 11, } )
Enum value maps for PkixPublicKey_SignatureAlgorithm.
View Source
var BinauthzManagementServiceV1Beta1_ServiceDesc = grpc.ServiceDesc{ ServiceName: "google.cloud.binaryauthorization.v1beta1.BinauthzManagementServiceV1Beta1", HandlerType: (*BinauthzManagementServiceV1Beta1Server)(nil), Methods: []grpc.MethodDesc{ { MethodName: "GetPolicy", Handler: _BinauthzManagementServiceV1Beta1_GetPolicy_Handler, }, { MethodName: "UpdatePolicy", Handler: _BinauthzManagementServiceV1Beta1_UpdatePolicy_Handler, }, { MethodName: "CreateAttestor", Handler: _BinauthzManagementServiceV1Beta1_CreateAttestor_Handler, }, { MethodName: "GetAttestor", Handler: _BinauthzManagementServiceV1Beta1_GetAttestor_Handler, }, { MethodName: "UpdateAttestor", Handler: _BinauthzManagementServiceV1Beta1_UpdateAttestor_Handler, }, { MethodName: "ListAttestors", Handler: _BinauthzManagementServiceV1Beta1_ListAttestors_Handler, }, { MethodName: "DeleteAttestor", Handler: _BinauthzManagementServiceV1Beta1_DeleteAttestor_Handler, }, }, Streams: []grpc.StreamDesc{}, Metadata: "google/cloud/binaryauthorization/v1beta1/service.proto", }
BinauthzManagementServiceV1Beta1_ServiceDesc is the grpc.ServiceDesc for BinauthzManagementServiceV1Beta1 service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
View Source
var SystemPolicyV1Beta1_ServiceDesc = grpc.ServiceDesc{ ServiceName: "google.cloud.binaryauthorization.v1beta1.SystemPolicyV1Beta1", HandlerType: (*SystemPolicyV1Beta1Server)(nil), Methods: []grpc.MethodDesc{ { MethodName: "GetSystemPolicy", Handler: _SystemPolicyV1Beta1_GetSystemPolicy_Handler, }, }, Streams: []grpc.StreamDesc{}, Metadata: "google/cloud/binaryauthorization/v1beta1/service.proto", }
SystemPolicyV1Beta1_ServiceDesc is the grpc.ServiceDesc for SystemPolicyV1Beta1 service. It's only intended for direct use with grpc.RegisterService, and not to be introspected or modified (even as a copy)
Functions ¶
func RegisterBinauthzManagementServiceV1Beta1Server ¶
func RegisterBinauthzManagementServiceV1Beta1Server(s grpc.ServiceRegistrar, srv BinauthzManagementServiceV1Beta1Server)
func RegisterSystemPolicyV1Beta1Server ¶
func RegisterSystemPolicyV1Beta1Server(s grpc.ServiceRegistrar, srv SystemPolicyV1Beta1Server)
Types ¶
type AdmissionRule ¶
type AdmissionRule struct {
// Required. How this admission rule will be evaluated.
EvaluationMode AdmissionRule_EvaluationMode `` /* 179-byte string literal not displayed */
// Optional. The resource names of the attestors that must attest to
// a container image, in the format `projects/*/attestors/*`. Each
// attestor must exist before a policy can reference it. To add an attestor
// to a policy the principal issuing the policy change request must be able
// to read the attestor resource.
//
// Note: this field must be non-empty when the evaluation_mode field specifies
// REQUIRE_ATTESTATION, otherwise it must be empty.
RequireAttestationsBy []string `` /* 126-byte string literal not displayed */
// Required. The action when a pod creation is denied by the admission rule.
EnforcementMode AdmissionRule_EnforcementMode `` /* 183-byte string literal not displayed */
// contains filtered or unexported fields
}
An [admission rule][google.cloud.binaryauthorization.v1beta1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied.
Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.
func (*AdmissionRule) Descriptor
deprecated
func (*AdmissionRule) Descriptor() ([]byte, []int)
Deprecated: Use AdmissionRule.ProtoReflect.Descriptor instead.
func (*AdmissionRule) GetEnforcementMode ¶
func (x *AdmissionRule) GetEnforcementMode() AdmissionRule_EnforcementMode
func (*AdmissionRule) GetEvaluationMode ¶
func (x *AdmissionRule) GetEvaluationMode() AdmissionRule_EvaluationMode
func (*AdmissionRule) GetRequireAttestationsBy ¶
func (x *AdmissionRule) GetRequireAttestationsBy() []string
func (*AdmissionRule) ProtoMessage ¶
func (*AdmissionRule) ProtoMessage()
func (*AdmissionRule) ProtoReflect ¶
func (x *AdmissionRule) ProtoReflect() protoreflect.Message
func (*AdmissionRule) Reset ¶
func (x *AdmissionRule) Reset()
func (*AdmissionRule) String ¶
func (x *AdmissionRule) String() string
type AdmissionRule_EnforcementMode ¶
type AdmissionRule_EnforcementMode int32
Defines the possible actions when a pod creation is denied by an admission rule.
const ( // Do not use. AdmissionRule_ENFORCEMENT_MODE_UNSPECIFIED AdmissionRule_EnforcementMode = 0 // Enforce the admission rule by blocking the pod creation. AdmissionRule_ENFORCED_BLOCK_AND_AUDIT_LOG AdmissionRule_EnforcementMode = 1 // Dryrun mode: Audit logging only. This will allow the pod creation as if // the admission request had specified break-glass. AdmissionRule_DRYRUN_AUDIT_LOG_ONLY AdmissionRule_EnforcementMode = 2 )
func (AdmissionRule_EnforcementMode) Descriptor ¶
func (AdmissionRule_EnforcementMode) Descriptor() protoreflect.EnumDescriptor
func (AdmissionRule_EnforcementMode) Enum ¶
func (x AdmissionRule_EnforcementMode) Enum() *AdmissionRule_EnforcementMode
func (AdmissionRule_EnforcementMode) EnumDescriptor
deprecated
func (AdmissionRule_EnforcementMode) EnumDescriptor() ([]byte, []int)
Deprecated: Use AdmissionRule_EnforcementMode.Descriptor instead.
func (AdmissionRule_EnforcementMode) Number ¶
func (x AdmissionRule_EnforcementMode) Number() protoreflect.EnumNumber
func (AdmissionRule_EnforcementMode) String ¶
func (x AdmissionRule_EnforcementMode) String() string
func (AdmissionRule_EnforcementMode) Type ¶
func (AdmissionRule_EnforcementMode) Type() protoreflect.EnumType
type AdmissionRule_EvaluationMode ¶
type AdmissionRule_EvaluationMode int32
const ( // Do not use. AdmissionRule_EVALUATION_MODE_UNSPECIFIED AdmissionRule_EvaluationMode = 0 // This rule allows all all pod creations. AdmissionRule_ALWAYS_ALLOW AdmissionRule_EvaluationMode = 1 // This rule allows a pod creation if all the attestors listed in // `require_attestations_by` have valid attestations for all of the // images in the pod spec. AdmissionRule_REQUIRE_ATTESTATION AdmissionRule_EvaluationMode = 2 // This rule denies all pod creations. AdmissionRule_ALWAYS_DENY AdmissionRule_EvaluationMode = 3 )
func (AdmissionRule_EvaluationMode) Descriptor ¶
func (AdmissionRule_EvaluationMode) Descriptor() protoreflect.EnumDescriptor
func (AdmissionRule_EvaluationMode) Enum ¶
func (x AdmissionRule_EvaluationMode) Enum() *AdmissionRule_EvaluationMode
func (AdmissionRule_EvaluationMode) EnumDescriptor
deprecated
func (AdmissionRule_EvaluationMode) EnumDescriptor() ([]byte, []int)
Deprecated: Use AdmissionRule_EvaluationMode.Descriptor instead.
func (AdmissionRule_EvaluationMode) Number ¶
func (x AdmissionRule_EvaluationMode) Number() protoreflect.EnumNumber
func (AdmissionRule_EvaluationMode) String ¶
func (x AdmissionRule_EvaluationMode) String() string
func (AdmissionRule_EvaluationMode) Type ¶
func (AdmissionRule_EvaluationMode) Type() protoreflect.EnumType
type AdmissionWhitelistPattern ¶
type AdmissionWhitelistPattern struct {
// An image name pattern to allowlist, in the form `registry/path/to/image`.
// This supports a trailing `*` as a wildcard, but this is allowed only in
// text after the `registry/` part. `*` wildcard does not match `/`, i.e.,
// `gcr.io/nginx*` matches `gcr.io/nginx@latest`, but it does not match
// `gcr.io/nginx/image`. This also supports a trailing `**` wildcard which
// matches subdirectories, i.e., `gcr.io/nginx**` matches
// `gcr.io/nginx/image`.
NamePattern string `protobuf:"bytes,1,opt,name=name_pattern,json=namePattern,proto3" json:"name_pattern,omitempty"`
// contains filtered or unexported fields
}
An [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1beta1.AdmissionRule].
func (*AdmissionWhitelistPattern) Descriptor
deprecated
func (*AdmissionWhitelistPattern) Descriptor() ([]byte, []int)
Deprecated: Use AdmissionWhitelistPattern.ProtoReflect.Descriptor instead.
func (*AdmissionWhitelistPattern) GetNamePattern ¶
func (x *AdmissionWhitelistPattern) GetNamePattern() string
func (*AdmissionWhitelistPattern) ProtoMessage ¶
func (*AdmissionWhitelistPattern) ProtoMessage()
func (*AdmissionWhitelistPattern) ProtoReflect ¶
func (x *AdmissionWhitelistPattern) ProtoReflect() protoreflect.Message
func (*AdmissionWhitelistPattern) Reset ¶
func (x *AdmissionWhitelistPattern) Reset()
func (*AdmissionWhitelistPattern) String ¶
func (x *AdmissionWhitelistPattern) String() string
type Attestor ¶
type Attestor struct {
// Required. The resource name, in the format:
// `projects/*/attestors/*`. This field may not be updated.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. A descriptive comment. This field may be updated.
// The field may be displayed in chooser dialogs.
Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
// Required. Identifies an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] that attests to a
// container image artifact. This determines how an attestation will
// be stored, and how it will be used during policy
// enforcement. Updates may not change the attestor type, but individual
// attestor fields may be updated.
//
// Types that are assignable to AttestorType:
//
// *Attestor_UserOwnedDrydockNote
AttestorType isAttestor_AttestorType `protobuf_oneof:"attestor_type"`
// Output only. Time when the attestor was last updated.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// contains filtered or unexported fields
}
An [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] that attests to container image artifacts. An existing attestor cannot be modified except where indicated.
func (*Attestor) Descriptor
deprecated
func (*Attestor) GetAttestorType ¶
func (m *Attestor) GetAttestorType() isAttestor_AttestorType
func (*Attestor) GetDescription ¶
func (*Attestor) GetUpdateTime ¶
func (x *Attestor) GetUpdateTime() *timestamppb.Timestamp
func (*Attestor) GetUserOwnedDrydockNote ¶
func (x *Attestor) GetUserOwnedDrydockNote() *UserOwnedDrydockNote
func (*Attestor) ProtoMessage ¶
func (*Attestor) ProtoMessage()
func (*Attestor) ProtoReflect ¶
func (x *Attestor) ProtoReflect() protoreflect.Message
type AttestorPublicKey ¶
type AttestorPublicKey struct {
// Optional. A descriptive comment. This field may be updated.
Comment string `protobuf:"bytes,1,opt,name=comment,proto3" json:"comment,omitempty"`
// The ID of this public key.
// Signatures verified by BinAuthz must include the ID of the public key that
// can be used to verify them, and that ID must match the contents of this
// field exactly.
// Additional restrictions on this field can be imposed based on which public
// key type is encapsulated. See the documentation on `public_key` cases below
// for details.
Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
// Required. A public key reference or serialized instance. This field may be
// updated.
//
// Types that are assignable to PublicKey:
//
// *AttestorPublicKey_AsciiArmoredPgpPublicKey
// *AttestorPublicKey_PkixPublicKey
PublicKey isAttestorPublicKey_PublicKey `protobuf_oneof:"public_key"`
// contains filtered or unexported fields
}
An [attestor public key][google.cloud.binaryauthorization.v1beta1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.
func (*AttestorPublicKey) Descriptor
deprecated
func (*AttestorPublicKey) Descriptor() ([]byte, []int)
Deprecated: Use AttestorPublicKey.ProtoReflect.Descriptor instead.
func (*AttestorPublicKey) GetAsciiArmoredPgpPublicKey ¶
func (x *AttestorPublicKey) GetAsciiArmoredPgpPublicKey() string
func (*AttestorPublicKey) GetComment ¶
func (x *AttestorPublicKey) GetComment() string
func (*AttestorPublicKey) GetId ¶
func (x *AttestorPublicKey) GetId() string
func (*AttestorPublicKey) GetPkixPublicKey ¶
func (x *AttestorPublicKey) GetPkixPublicKey() *PkixPublicKey
func (*AttestorPublicKey) GetPublicKey ¶
func (m *AttestorPublicKey) GetPublicKey() isAttestorPublicKey_PublicKey
func (*AttestorPublicKey) ProtoMessage ¶
func (*AttestorPublicKey) ProtoMessage()
func (*AttestorPublicKey) ProtoReflect ¶
func (x *AttestorPublicKey) ProtoReflect() protoreflect.Message
func (*AttestorPublicKey) Reset ¶
func (x *AttestorPublicKey) Reset()
func (*AttestorPublicKey) String ¶
func (x *AttestorPublicKey) String() string
type AttestorPublicKey_AsciiArmoredPgpPublicKey ¶
type AttestorPublicKey_AsciiArmoredPgpPublicKey struct {
// ASCII-armored representation of a PGP public key, as the entire output by
// the command `gpg --export --armor foo@example.com` (either LF or CRLF
// line endings).
// When using this field, `id` should be left blank. The BinAuthz API
// handlers will calculate the ID and fill it in automatically. BinAuthz
// computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
// upper-case hex. If `id` is provided by the caller, it will be
// overwritten by the API-calculated ID.
AsciiArmoredPgpPublicKey string `protobuf:"bytes,3,opt,name=ascii_armored_pgp_public_key,json=asciiArmoredPgpPublicKey,proto3,oneof"`
}
type AttestorPublicKey_PkixPublicKey ¶
type AttestorPublicKey_PkixPublicKey struct {
// A raw PKIX SubjectPublicKeyInfo format public key.
//
// NOTE: `id` may be explicitly provided by the caller when using this
// type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
// blank, a default one will be computed based on the digest of the DER
// encoding of the public key.
PkixPublicKey *PkixPublicKey `protobuf:"bytes,5,opt,name=pkix_public_key,json=pkixPublicKey,proto3,oneof"`
}
type Attestor_UserOwnedDrydockNote ¶
type Attestor_UserOwnedDrydockNote struct {
// A Drydock ATTESTATION_AUTHORITY Note, created by the user.
UserOwnedDrydockNote *UserOwnedDrydockNote `protobuf:"bytes,3,opt,name=user_owned_drydock_note,json=userOwnedDrydockNote,proto3,oneof"`
}
type BinauthzManagementServiceV1Beta1Client ¶
type BinauthzManagementServiceV1Beta1Client interface {
// A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to
// a container image, before the project is allowed to deploy that
// image. There is at most one policy per project. All image admission
// requests are permitted if a project has no policy.
//
// Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this project. Returns a default
// [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project does not have one.
GetPolicy(ctx context.Context, in *GetPolicyRequest, opts ...grpc.CallOption) (*Policy, error)
// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a copy of the
// new [policy][google.cloud.binaryauthorization.v1beta1.Policy]. A policy is always updated as a whole, to avoid race
// conditions with concurrent policy enforcement (or management!)
// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
// if the request is malformed.
UpdatePolicy(ctx context.Context, in *UpdatePolicyRequest, opts ...grpc.CallOption) (*Policy, error)
// Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], and returns a copy of the new
// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the project does not exist,
// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already exists.
CreateAttestor(ctx context.Context, in *CreateAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
// Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
GetAttestor(ctx context.Context, in *GetAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
// Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
UpdateAttestor(ctx context.Context, in *UpdateAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
// Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
// Returns INVALID_ARGUMENT if the project does not exist.
ListAttestors(ctx context.Context, in *ListAttestorsRequest, opts ...grpc.CallOption) (*ListAttestorsResponse, error)
// Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the
// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
DeleteAttestor(ctx context.Context, in *DeleteAttestorRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
}
BinauthzManagementServiceV1Beta1Client is the client API for BinauthzManagementServiceV1Beta1 service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
func NewBinauthzManagementServiceV1Beta1Client ¶
func NewBinauthzManagementServiceV1Beta1Client(cc grpc.ClientConnInterface) BinauthzManagementServiceV1Beta1Client
type BinauthzManagementServiceV1Beta1Server ¶
type BinauthzManagementServiceV1Beta1Server interface {
// A [policy][google.cloud.binaryauthorization.v1beta1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] that must attest to
// a container image, before the project is allowed to deploy that
// image. There is at most one policy per project. All image admission
// requests are permitted if a project has no policy.
//
// Gets the [policy][google.cloud.binaryauthorization.v1beta1.Policy] for this project. Returns a default
// [policy][google.cloud.binaryauthorization.v1beta1.Policy] if the project does not have one.
GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1beta1.Policy], and returns a copy of the
// new [policy][google.cloud.binaryauthorization.v1beta1.Policy]. A policy is always updated as a whole, to avoid race
// conditions with concurrent policy enforcement (or management!)
// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
// if the request is malformed.
UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)
// Creates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor], and returns a copy of the new
// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the project does not exist,
// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] already exists.
CreateAttestor(context.Context, *CreateAttestorRequest) (*Attestor, error)
// Gets an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
GetAttestor(context.Context, *GetAttestorRequest) (*Attestor, error)
// Updates an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
UpdateAttestor(context.Context, *UpdateAttestorRequest) (*Attestor, error)
// Lists [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
// Returns INVALID_ARGUMENT if the project does not exist.
ListAttestors(context.Context, *ListAttestorsRequest) (*ListAttestorsResponse, error)
// Deletes an [attestor][google.cloud.binaryauthorization.v1beta1.Attestor]. Returns NOT_FOUND if the
// [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] does not exist.
DeleteAttestor(context.Context, *DeleteAttestorRequest) (*emptypb.Empty, error)
}
BinauthzManagementServiceV1Beta1Server is the server API for BinauthzManagementServiceV1Beta1 service. All implementations should embed UnimplementedBinauthzManagementServiceV1Beta1Server for forward compatibility
type ContinuousValidationEvent ¶
type ContinuousValidationEvent struct {
// Type of CV event.
//
// Types that are assignable to EventType:
//
// *ContinuousValidationEvent_PodEvent
// *ContinuousValidationEvent_ConfigErrorEvent_
EventType isContinuousValidationEvent_EventType `protobuf_oneof:"event_type"`
// contains filtered or unexported fields
}
Represents an auditing event from Continuous Validation.
func (*ContinuousValidationEvent) Descriptor
deprecated
func (*ContinuousValidationEvent) Descriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent.ProtoReflect.Descriptor instead.
func (*ContinuousValidationEvent) GetConfigErrorEvent ¶ added in v1.7.0
func (x *ContinuousValidationEvent) GetConfigErrorEvent() *ContinuousValidationEvent_ConfigErrorEvent
func (*ContinuousValidationEvent) GetEventType ¶
func (m *ContinuousValidationEvent) GetEventType() isContinuousValidationEvent_EventType
func (*ContinuousValidationEvent) GetPodEvent ¶
func (x *ContinuousValidationEvent) GetPodEvent() *ContinuousValidationEvent_ContinuousValidationPodEvent
func (*ContinuousValidationEvent) ProtoMessage ¶
func (*ContinuousValidationEvent) ProtoMessage()
func (*ContinuousValidationEvent) ProtoReflect ¶
func (x *ContinuousValidationEvent) ProtoReflect() protoreflect.Message
func (*ContinuousValidationEvent) Reset ¶
func (x *ContinuousValidationEvent) Reset()
func (*ContinuousValidationEvent) String ¶
func (x *ContinuousValidationEvent) String() string
type ContinuousValidationEvent_ConfigErrorEvent ¶ added in v1.7.0
type ContinuousValidationEvent_ConfigErrorEvent struct {
// A description of the issue.
Description string `protobuf:"bytes,1,opt,name=description,proto3" json:"description,omitempty"`
// contains filtered or unexported fields
}
An event describing a user-actionable configuration issue that prevents CV from auditing.
func (*ContinuousValidationEvent_ConfigErrorEvent) Descriptor
deprecated
added in
v1.7.0
func (*ContinuousValidationEvent_ConfigErrorEvent) Descriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_ConfigErrorEvent.ProtoReflect.Descriptor instead.
func (*ContinuousValidationEvent_ConfigErrorEvent) GetDescription ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ConfigErrorEvent) GetDescription() string
func (*ContinuousValidationEvent_ConfigErrorEvent) ProtoMessage ¶ added in v1.7.0
func (*ContinuousValidationEvent_ConfigErrorEvent) ProtoMessage()
func (*ContinuousValidationEvent_ConfigErrorEvent) ProtoReflect ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ConfigErrorEvent) ProtoReflect() protoreflect.Message
func (*ContinuousValidationEvent_ConfigErrorEvent) Reset ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ConfigErrorEvent) Reset()
func (*ContinuousValidationEvent_ConfigErrorEvent) String ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ConfigErrorEvent) String() string
type ContinuousValidationEvent_ConfigErrorEvent_ ¶ added in v1.7.0
type ContinuousValidationEvent_ConfigErrorEvent_ struct {
// Config error event.
ConfigErrorEvent *ContinuousValidationEvent_ConfigErrorEvent `protobuf:"bytes,4,opt,name=config_error_event,json=configErrorEvent,proto3,oneof"`
}
type ContinuousValidationEvent_ContinuousValidationPodEvent ¶
type ContinuousValidationEvent_ContinuousValidationPodEvent struct {
// The k8s namespace of the Pod.
PodNamespace string `protobuf:"bytes,7,opt,name=pod_namespace,json=podNamespace,proto3" json:"pod_namespace,omitempty"`
// The name of the Pod.
Pod string `protobuf:"bytes,1,opt,name=pod,proto3" json:"pod,omitempty"`
// The name of the policy.
PolicyName string `protobuf:"bytes,8,opt,name=policy_name,json=policyName,proto3" json:"policy_name,omitempty"`
// Deploy time of the Pod from k8s.
DeployTime *timestamppb.Timestamp `protobuf:"bytes,2,opt,name=deploy_time,json=deployTime,proto3" json:"deploy_time,omitempty"`
// Termination time of the Pod from k8s, or nothing if still running.
EndTime *timestamppb.Timestamp `protobuf:"bytes,3,opt,name=end_time,json=endTime,proto3" json:"end_time,omitempty"`
// Auditing verdict for this Pod.
Verdict ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict `` /* 194-byte string literal not displayed */
// List of images with auditing details.
Images []*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails `protobuf:"bytes,5,rep,name=images,proto3" json:"images,omitempty"`
// contains filtered or unexported fields
}
An auditing event for one Pod.
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) Descriptor
deprecated
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) Descriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent.ProtoReflect.Descriptor instead.
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetDeployTime ¶
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetDeployTime() *timestamppb.Timestamp
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetEndTime ¶
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetEndTime() *timestamppb.Timestamp
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetPod ¶
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetPod() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetPodNamespace ¶
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetPodNamespace() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetPolicyName ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) GetPolicyName() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) GetVerdict ¶
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) ProtoMessage ¶
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) ProtoMessage()
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) ProtoReflect ¶
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) ProtoReflect() protoreflect.Message
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) Reset ¶
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) Reset()
func (*ContinuousValidationEvent_ContinuousValidationPodEvent) String ¶
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent) String() string
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails ¶
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails struct {
// The name of the image.
Image string `protobuf:"bytes,1,opt,name=image,proto3" json:"image,omitempty"`
// The name of the container.
ContainerName string `protobuf:"bytes,5,opt,name=container_name,json=containerName,proto3" json:"container_name,omitempty"`
// The container type that this image belongs to.
ContainerType ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType `` /* 229-byte string literal not displayed */
// The result of the audit for this image.
Result ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult `` /* 192-byte string literal not displayed */
// Description of the above result.
Description string `protobuf:"bytes,3,opt,name=description,proto3" json:"description,omitempty"`
// List of check results.
CheckResults []*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult `protobuf:"bytes,4,rep,name=check_results,json=checkResults,proto3" json:"check_results,omitempty"`
// contains filtered or unexported fields
}
Container image with auditing details.
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) Descriptor
deprecated
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) Descriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails.ProtoReflect.Descriptor instead.
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetCheckResults ¶ added in v1.7.0
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetContainerName ¶ added in v1.8.0
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetContainerName() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetContainerType ¶ added in v1.8.0
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetDescription ¶
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetDescription() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetImage ¶
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) GetImage() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) ProtoMessage ¶
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) ProtoMessage()
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) ProtoReflect ¶
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) ProtoReflect() protoreflect.Message
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) Reset ¶
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) Reset()
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) String ¶
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails) String() string
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult ¶
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult int32
Result of the audit.
const ( // Unspecified result. This is an error. ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AUDIT_RESULT_UNSPECIFIED ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult = 0 // Image is allowed. ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ALLOW ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult = 1 // Image is denied. ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_DENY ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult = 2 )
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) Descriptor ¶
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) EnumDescriptor
deprecated
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult) EnumDescriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_AuditResult.Descriptor instead.
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult ¶ added in v1.7.0
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult struct {
// The index of the check set.
CheckSetIndex string `protobuf:"bytes,1,opt,name=check_set_index,json=checkSetIndex,proto3" json:"check_set_index,omitempty"`
// The name of the check set.
CheckSetName string `protobuf:"bytes,2,opt,name=check_set_name,json=checkSetName,proto3" json:"check_set_name,omitempty"`
// The scope of the check set.
CheckSetScope *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope `protobuf:"bytes,3,opt,name=check_set_scope,json=checkSetScope,proto3" json:"check_set_scope,omitempty"`
// The index of the check.
CheckIndex string `protobuf:"bytes,4,opt,name=check_index,json=checkIndex,proto3" json:"check_index,omitempty"`
// The name of the check.
CheckName string `protobuf:"bytes,5,opt,name=check_name,json=checkName,proto3" json:"check_name,omitempty"`
// The type of the check.
CheckType string `protobuf:"bytes,6,opt,name=check_type,json=checkType,proto3" json:"check_type,omitempty"`
// The verdict of this check.
Verdict ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict `` /* 207-byte string literal not displayed */
// User-friendly explanation of this check result.
Explanation string `protobuf:"bytes,8,opt,name=explanation,proto3" json:"explanation,omitempty"`
// contains filtered or unexported fields
}
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) Descriptor
deprecated
added in
v1.7.0
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) Descriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult.ProtoReflect.Descriptor instead.
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckIndex ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckIndex() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckName ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckName() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckSetIndex ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckSetIndex() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckSetName ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckSetName() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckSetScope ¶ added in v1.7.0
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckType ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetCheckType() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetExplanation ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetExplanation() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) GetVerdict ¶ added in v1.7.0
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) ProtoMessage ¶ added in v1.7.0
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) ProtoMessage()
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) ProtoReflect ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) ProtoReflect() protoreflect.Message
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult) Reset ¶ added in v1.7.0
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope ¶ added in v1.7.0
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope struct {
// Types that are assignable to Scope:
//
// *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope_KubernetesServiceAccount
// *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope_KubernetesNamespace
Scope isContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope_Scope `protobuf_oneof:"scope"`
// contains filtered or unexported fields
}
A scope specifier for check sets.
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) Descriptor
deprecated
added in
v1.7.0
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) Descriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope.ProtoReflect.Descriptor instead.
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) GetKubernetesNamespace ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) GetKubernetesNamespace() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) GetKubernetesServiceAccount ¶ added in v1.7.0
func (x *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) GetKubernetesServiceAccount() string
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) GetScope ¶ added in v1.7.0
func (m *ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) GetScope() isContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope_Scope
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) ProtoMessage ¶ added in v1.7.0
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) ProtoReflect ¶ added in v1.7.0
func (*ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope) Reset ¶ added in v1.7.0
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope_KubernetesNamespace ¶ added in v1.7.0
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope_KubernetesNamespace struct {
// Matches all Kubernetes service accounts in the provided
// namespace, unless a more specific `kubernetes_service_account`
// scope already matched.
KubernetesNamespace string `protobuf:"bytes,2,opt,name=kubernetes_namespace,json=kubernetesNamespace,proto3,oneof"`
}
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope_KubernetesServiceAccount ¶ added in v1.7.0
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckSetScope_KubernetesServiceAccount struct {
// Matches a single Kubernetes service account, e.g.
// 'my-namespace:my-service-account'.
// `kubernetes_service_account` scope is always more specific than
// `kubernetes_namespace` scope for the same namespace.
KubernetesServiceAccount string `protobuf:"bytes,1,opt,name=kubernetes_service_account,json=kubernetesServiceAccount,proto3,oneof"`
}
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict ¶ added in v1.7.0
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict int32
Result of evaluating one check.
const ( // We should always have a verdict. This is an error. ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CHECK_VERDICT_UNSPECIFIED ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict = 0 // The check was successfully evaluated and the image did not satisfy // the check. ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_NON_CONFORMANT ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict = 1 )
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict) Descriptor ¶ added in v1.7.0
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict) Enum ¶ added in v1.7.0
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict) EnumDescriptor
deprecated
added in
v1.7.0
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict) EnumDescriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict.Descriptor instead.
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict) Number ¶ added in v1.7.0
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CheckResult_CheckVerdict) String ¶ added in v1.7.0
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType ¶ added in v1.8.0
type ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType int32
The container type.
const ( // The container type should always be specified. This is an error. ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CONTAINER_TYPE_UNSPECIFIED ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType = 0 // A regular deployment. ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_CONTAINER ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType = 1 // Init container defined as specified at // https://kubernetes.io/docs/concepts/workloads/pods/init-containers/ ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_INIT_CONTAINER ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType = 2 // Ephemeral container defined as specified at // https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/ ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_EPHEMERAL_CONTAINER ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType = 3 )
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType) Descriptor ¶ added in v1.8.0
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType) Enum ¶ added in v1.8.0
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType) EnumDescriptor
deprecated
added in
v1.8.0
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType) EnumDescriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType.Descriptor instead.
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType) Number ¶ added in v1.8.0
func (ContinuousValidationEvent_ContinuousValidationPodEvent_ImageDetails_ContainerType) String ¶ added in v1.8.0
type ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict ¶
type ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict int32
Audit time policy conformance verdict.
const ( // We should always have a verdict. This is an error. ContinuousValidationEvent_ContinuousValidationPodEvent_POLICY_CONFORMANCE_VERDICT_UNSPECIFIED ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict = 0 // The pod violates the policy. ContinuousValidationEvent_ContinuousValidationPodEvent_VIOLATES_POLICY ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict = 1 )
func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) Descriptor ¶
func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) EnumDescriptor
deprecated
func (ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict) EnumDescriptor() ([]byte, []int)
Deprecated: Use ContinuousValidationEvent_ContinuousValidationPodEvent_PolicyConformanceVerdict.Descriptor instead.
type ContinuousValidationEvent_PodEvent ¶
type ContinuousValidationEvent_PodEvent struct {
// Pod event.
PodEvent *ContinuousValidationEvent_ContinuousValidationPodEvent `protobuf:"bytes,1,opt,name=pod_event,json=podEvent,proto3,oneof"`
}
type CreateAttestorRequest ¶
type CreateAttestorRequest struct {
// Required. The parent of this [attestor][google.cloud.binaryauthorization.v1beta1.Attestor].
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Required. The [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] ID.
AttestorId string `protobuf:"bytes,2,opt,name=attestor_id,json=attestorId,proto3" json:"attestor_id,omitempty"`
// Required. The initial [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] value. The service will
// overwrite the [attestor name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with the resource name,
// in the format `projects/*/attestors/*`.
Attestor *Attestor `protobuf:"bytes,3,opt,name=attestor,proto3" json:"attestor,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.CreateAttestor][].
func (*CreateAttestorRequest) Descriptor
deprecated
func (*CreateAttestorRequest) Descriptor() ([]byte, []int)
Deprecated: Use CreateAttestorRequest.ProtoReflect.Descriptor instead.
func (*CreateAttestorRequest) GetAttestor ¶
func (x *CreateAttestorRequest) GetAttestor() *Attestor
func (*CreateAttestorRequest) GetAttestorId ¶
func (x *CreateAttestorRequest) GetAttestorId() string
func (*CreateAttestorRequest) GetParent ¶
func (x *CreateAttestorRequest) GetParent() string
func (*CreateAttestorRequest) ProtoMessage ¶
func (*CreateAttestorRequest) ProtoMessage()
func (*CreateAttestorRequest) ProtoReflect ¶
func (x *CreateAttestorRequest) ProtoReflect() protoreflect.Message
func (*CreateAttestorRequest) Reset ¶
func (x *CreateAttestorRequest) Reset()
func (*CreateAttestorRequest) String ¶
func (x *CreateAttestorRequest) String() string
type DeleteAttestorRequest ¶
type DeleteAttestorRequest struct {
// Required. The name of the [attestors][google.cloud.binaryauthorization.v1beta1.Attestor] to delete, in the format
// `projects/*/attestors/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.DeleteAttestor][].
func (*DeleteAttestorRequest) Descriptor
deprecated
func (*DeleteAttestorRequest) Descriptor() ([]byte, []int)
Deprecated: Use DeleteAttestorRequest.ProtoReflect.Descriptor instead.
func (*DeleteAttestorRequest) GetName ¶
func (x *DeleteAttestorRequest) GetName() string
func (*DeleteAttestorRequest) ProtoMessage ¶
func (*DeleteAttestorRequest) ProtoMessage()
func (*DeleteAttestorRequest) ProtoReflect ¶
func (x *DeleteAttestorRequest) ProtoReflect() protoreflect.Message
func (*DeleteAttestorRequest) Reset ¶
func (x *DeleteAttestorRequest) Reset()
func (*DeleteAttestorRequest) String ¶
func (x *DeleteAttestorRequest) String() string
type GetAttestorRequest ¶
type GetAttestorRequest struct {
// Required. The name of the [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] to retrieve, in the format
// `projects/*/attestors/*`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.GetAttestor][].
func (*GetAttestorRequest) Descriptor
deprecated
func (*GetAttestorRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetAttestorRequest.ProtoReflect.Descriptor instead.
func (*GetAttestorRequest) GetName ¶
func (x *GetAttestorRequest) GetName() string
func (*GetAttestorRequest) ProtoMessage ¶
func (*GetAttestorRequest) ProtoMessage()
func (*GetAttestorRequest) ProtoReflect ¶
func (x *GetAttestorRequest) ProtoReflect() protoreflect.Message
func (*GetAttestorRequest) Reset ¶
func (x *GetAttestorRequest) Reset()
func (*GetAttestorRequest) String ¶
func (x *GetAttestorRequest) String() string
type GetPolicyRequest ¶
type GetPolicyRequest struct {
// Required. The resource name of the [policy][google.cloud.binaryauthorization.v1beta1.Policy] to retrieve,
// in the format `projects/*/policy`.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.GetPolicy][].
func (*GetPolicyRequest) Descriptor
deprecated
func (*GetPolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetPolicyRequest.ProtoReflect.Descriptor instead.
func (*GetPolicyRequest) GetName ¶
func (x *GetPolicyRequest) GetName() string
func (*GetPolicyRequest) ProtoMessage ¶
func (*GetPolicyRequest) ProtoMessage()
func (*GetPolicyRequest) ProtoReflect ¶
func (x *GetPolicyRequest) ProtoReflect() protoreflect.Message
func (*GetPolicyRequest) Reset ¶
func (x *GetPolicyRequest) Reset()
func (*GetPolicyRequest) String ¶
func (x *GetPolicyRequest) String() string
type GetSystemPolicyRequest ¶
type GetSystemPolicyRequest struct {
// Required. The resource name, in the format `locations/*/policy`.
// Note that the system policy is not associated with a project.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// contains filtered or unexported fields
}
Request to read the current system policy.
func (*GetSystemPolicyRequest) Descriptor
deprecated
func (*GetSystemPolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use GetSystemPolicyRequest.ProtoReflect.Descriptor instead.
func (*GetSystemPolicyRequest) GetName ¶
func (x *GetSystemPolicyRequest) GetName() string
func (*GetSystemPolicyRequest) ProtoMessage ¶
func (*GetSystemPolicyRequest) ProtoMessage()
func (*GetSystemPolicyRequest) ProtoReflect ¶
func (x *GetSystemPolicyRequest) ProtoReflect() protoreflect.Message
func (*GetSystemPolicyRequest) Reset ¶
func (x *GetSystemPolicyRequest) Reset()
func (*GetSystemPolicyRequest) String ¶
func (x *GetSystemPolicyRequest) String() string
type ListAttestorsRequest ¶
type ListAttestorsRequest struct {
// Required. The resource name of the project associated with the
// [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], in the format `projects/*`.
Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
// Requested page size. The server may return fewer results than requested. If
// unspecified, the server will pick an appropriate default.
PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
// A token identifying a page of results the server should return. Typically,
// this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1beta1.ListAttestorsResponse.next_page_token] returned
// from the previous call to the `ListAttestors` method.
PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.ListAttestors][].
func (*ListAttestorsRequest) Descriptor
deprecated
func (*ListAttestorsRequest) Descriptor() ([]byte, []int)
Deprecated: Use ListAttestorsRequest.ProtoReflect.Descriptor instead.
func (*ListAttestorsRequest) GetPageSize ¶
func (x *ListAttestorsRequest) GetPageSize() int32
func (*ListAttestorsRequest) GetPageToken ¶
func (x *ListAttestorsRequest) GetPageToken() string
func (*ListAttestorsRequest) GetParent ¶
func (x *ListAttestorsRequest) GetParent() string
func (*ListAttestorsRequest) ProtoMessage ¶
func (*ListAttestorsRequest) ProtoMessage()
func (*ListAttestorsRequest) ProtoReflect ¶
func (x *ListAttestorsRequest) ProtoReflect() protoreflect.Message
func (*ListAttestorsRequest) Reset ¶
func (x *ListAttestorsRequest) Reset()
func (*ListAttestorsRequest) String ¶
func (x *ListAttestorsRequest) String() string
type ListAttestorsResponse ¶
type ListAttestorsResponse struct {
// The list of [attestors][google.cloud.binaryauthorization.v1beta1.Attestor].
Attestors []*Attestor `protobuf:"bytes,1,rep,name=attestors,proto3" json:"attestors,omitempty"`
// A token to retrieve the next page of results. Pass this value in the
// [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1beta1.ListAttestorsRequest.page_token] field in the subsequent call to the
// `ListAttestors` method to retrieve the next page of results.
NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
// contains filtered or unexported fields
}
Response message for [BinauthzManagementService.ListAttestors][].
func (*ListAttestorsResponse) Descriptor
deprecated
func (*ListAttestorsResponse) Descriptor() ([]byte, []int)
Deprecated: Use ListAttestorsResponse.ProtoReflect.Descriptor instead.
func (*ListAttestorsResponse) GetAttestors ¶
func (x *ListAttestorsResponse) GetAttestors() []*Attestor
func (*ListAttestorsResponse) GetNextPageToken ¶
func (x *ListAttestorsResponse) GetNextPageToken() string
func (*ListAttestorsResponse) ProtoMessage ¶
func (*ListAttestorsResponse) ProtoMessage()
func (*ListAttestorsResponse) ProtoReflect ¶
func (x *ListAttestorsResponse) ProtoReflect() protoreflect.Message
func (*ListAttestorsResponse) Reset ¶
func (x *ListAttestorsResponse) Reset()
func (*ListAttestorsResponse) String ¶
func (x *ListAttestorsResponse) String() string
type PkixPublicKey ¶
type PkixPublicKey struct {
// A PEM-encoded public key, as described in
// https://tools.ietf.org/html/rfc7468#section-13
PublicKeyPem string `protobuf:"bytes,1,opt,name=public_key_pem,json=publicKeyPem,proto3" json:"public_key_pem,omitempty"`
// The signature algorithm used to verify a message against a signature using
// this key.
// These signature algorithm must match the structure and any object
// identifiers encoded in `public_key_pem` (i.e. this algorithm must match
// that of the public key).
SignatureAlgorithm PkixPublicKey_SignatureAlgorithm `` /* 195-byte string literal not displayed */
// contains filtered or unexported fields
}
A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.
func (*PkixPublicKey) Descriptor
deprecated
func (*PkixPublicKey) Descriptor() ([]byte, []int)
Deprecated: Use PkixPublicKey.ProtoReflect.Descriptor instead.
func (*PkixPublicKey) GetPublicKeyPem ¶
func (x *PkixPublicKey) GetPublicKeyPem() string
func (*PkixPublicKey) GetSignatureAlgorithm ¶
func (x *PkixPublicKey) GetSignatureAlgorithm() PkixPublicKey_SignatureAlgorithm
func (*PkixPublicKey) ProtoMessage ¶
func (*PkixPublicKey) ProtoMessage()
func (*PkixPublicKey) ProtoReflect ¶
func (x *PkixPublicKey) ProtoReflect() protoreflect.Message
func (*PkixPublicKey) Reset ¶
func (x *PkixPublicKey) Reset()
func (*PkixPublicKey) String ¶
func (x *PkixPublicKey) String() string
type PkixPublicKey_SignatureAlgorithm ¶
type PkixPublicKey_SignatureAlgorithm int32
Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS.
const ( // Not specified. PkixPublicKey_SIGNATURE_ALGORITHM_UNSPECIFIED PkixPublicKey_SignatureAlgorithm = 0 // RSASSA-PSS 2048 bit key with a SHA256 digest. PkixPublicKey_RSA_PSS_2048_SHA256 PkixPublicKey_SignatureAlgorithm = 1 // RSASSA-PSS 3072 bit key with a SHA256 digest. PkixPublicKey_RSA_PSS_3072_SHA256 PkixPublicKey_SignatureAlgorithm = 2 // RSASSA-PSS 4096 bit key with a SHA256 digest. PkixPublicKey_RSA_PSS_4096_SHA256 PkixPublicKey_SignatureAlgorithm = 3 // RSASSA-PSS 4096 bit key with a SHA512 digest. PkixPublicKey_RSA_PSS_4096_SHA512 PkixPublicKey_SignatureAlgorithm = 4 // RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest. PkixPublicKey_RSA_SIGN_PKCS1_2048_SHA256 PkixPublicKey_SignatureAlgorithm = 5 // RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest. PkixPublicKey_RSA_SIGN_PKCS1_3072_SHA256 PkixPublicKey_SignatureAlgorithm = 6 // RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest. PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA256 PkixPublicKey_SignatureAlgorithm = 7 // RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest. PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA512 PkixPublicKey_SignatureAlgorithm = 8 // ECDSA on the NIST P-256 curve with a SHA256 digest. PkixPublicKey_ECDSA_P256_SHA256 PkixPublicKey_SignatureAlgorithm = 9 // ECDSA on the NIST P-256 curve with a SHA256 digest. PkixPublicKey_EC_SIGN_P256_SHA256 PkixPublicKey_SignatureAlgorithm = 9 // ECDSA on the NIST P-384 curve with a SHA384 digest. PkixPublicKey_ECDSA_P384_SHA384 PkixPublicKey_SignatureAlgorithm = 10 // ECDSA on the NIST P-384 curve with a SHA384 digest. PkixPublicKey_EC_SIGN_P384_SHA384 PkixPublicKey_SignatureAlgorithm = 10 // ECDSA on the NIST P-521 curve with a SHA512 digest. PkixPublicKey_ECDSA_P521_SHA512 PkixPublicKey_SignatureAlgorithm = 11 // ECDSA on the NIST P-521 curve with a SHA512 digest. PkixPublicKey_EC_SIGN_P521_SHA512 PkixPublicKey_SignatureAlgorithm = 11 )
func (PkixPublicKey_SignatureAlgorithm) Descriptor ¶
func (PkixPublicKey_SignatureAlgorithm) Descriptor() protoreflect.EnumDescriptor
func (PkixPublicKey_SignatureAlgorithm) Enum ¶
func (x PkixPublicKey_SignatureAlgorithm) Enum() *PkixPublicKey_SignatureAlgorithm
func (PkixPublicKey_SignatureAlgorithm) EnumDescriptor
deprecated
func (PkixPublicKey_SignatureAlgorithm) EnumDescriptor() ([]byte, []int)
Deprecated: Use PkixPublicKey_SignatureAlgorithm.Descriptor instead.
func (PkixPublicKey_SignatureAlgorithm) Number ¶
func (x PkixPublicKey_SignatureAlgorithm) Number() protoreflect.EnumNumber
func (PkixPublicKey_SignatureAlgorithm) String ¶
func (x PkixPublicKey_SignatureAlgorithm) String() string
func (PkixPublicKey_SignatureAlgorithm) Type ¶
func (PkixPublicKey_SignatureAlgorithm) Type() protoreflect.EnumType
type Policy ¶
type Policy struct {
// Output only. The resource name, in the format `projects/*/policy`. There is
// at most one policy per project.
Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
// Optional. A descriptive comment.
Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
// Optional. Controls the evaluation of a Google-maintained global admission
// policy for common system-level images. Images not covered by the global
// policy will be subject to the project admission policy. This setting
// has no effect when specified inside a global admission policy.
GlobalPolicyEvaluationMode Policy_GlobalPolicyEvaluationMode `` /* 224-byte string literal not displayed */
// Optional. Admission policy allowlisting. A matching admission request will
// always be permitted. This feature is typically used to exclude Google or
// third-party infrastructure images from Binary Authorization policies.
AdmissionWhitelistPatterns []*AdmissionWhitelistPattern `` /* 141-byte string literal not displayed */
// Optional. Per-cluster admission rules. Cluster spec format:
// `location.clusterId`. There can be at most one admission rule per cluster
// spec.
// A `location` is either a compute zone (e.g. us-central1-a) or a region
// (e.g. us-central1).
// For `clusterId` syntax restrictions see
// https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
ClusterAdmissionRules map[string]*AdmissionRule `` /* 214-byte string literal not displayed */
// Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
//
// `[a-z.-]+`, e.g. `some-namespace`
KubernetesNamespaceAdmissionRules map[string]*AdmissionRule `` /* 253-byte string literal not displayed */
// Optional. Per-kubernetes-service-account admission rules. Service account
// spec format: `namespace:serviceaccount`. e.g. `test-ns:default`
KubernetesServiceAccountAdmissionRules map[string]*AdmissionRule `` /* 269-byte string literal not displayed */
// Optional. Per-istio-service-identity admission rules. Istio service
// identity spec format:
// `spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>` or
// `<domain>/ns/<namespace>/sa/<serviceaccount>`
// e.g. `spiffe://example.com/ns/test-ns/sa/default`
IstioServiceIdentityAdmissionRules map[string]*AdmissionRule `` /* 257-byte string literal not displayed */
// Required. Default admission rule for a cluster without a per-cluster, per-
// kubernetes-service-account, or per-istio-service-identity admission rule.
DefaultAdmissionRule *AdmissionRule `protobuf:"bytes,4,opt,name=default_admission_rule,json=defaultAdmissionRule,proto3" json:"default_admission_rule,omitempty"`
// Output only. Time when the policy was last updated.
UpdateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
// contains filtered or unexported fields
}
A [policy][google.cloud.binaryauthorization.v1beta1.Policy] for Binary Authorization.
func (*Policy) Descriptor
deprecated
func (*Policy) GetAdmissionWhitelistPatterns ¶
func (x *Policy) GetAdmissionWhitelistPatterns() []*AdmissionWhitelistPattern
func (*Policy) GetClusterAdmissionRules ¶
func (x *Policy) GetClusterAdmissionRules() map[string]*AdmissionRule
func (*Policy) GetDefaultAdmissionRule ¶
func (x *Policy) GetDefaultAdmissionRule() *AdmissionRule
func (*Policy) GetDescription ¶
func (*Policy) GetGlobalPolicyEvaluationMode ¶
func (x *Policy) GetGlobalPolicyEvaluationMode() Policy_GlobalPolicyEvaluationMode
func (*Policy) GetIstioServiceIdentityAdmissionRules ¶
func (x *Policy) GetIstioServiceIdentityAdmissionRules() map[string]*AdmissionRule
func (*Policy) GetKubernetesNamespaceAdmissionRules ¶
func (x *Policy) GetKubernetesNamespaceAdmissionRules() map[string]*AdmissionRule
func (*Policy) GetKubernetesServiceAccountAdmissionRules ¶
func (x *Policy) GetKubernetesServiceAccountAdmissionRules() map[string]*AdmissionRule
func (*Policy) GetUpdateTime ¶
func (x *Policy) GetUpdateTime() *timestamppb.Timestamp
func (*Policy) ProtoMessage ¶
func (*Policy) ProtoMessage()
func (*Policy) ProtoReflect ¶
func (x *Policy) ProtoReflect() protoreflect.Message
type Policy_GlobalPolicyEvaluationMode ¶
type Policy_GlobalPolicyEvaluationMode int32
const ( // Not specified: DISABLE is assumed. Policy_GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED Policy_GlobalPolicyEvaluationMode = 0 // Enables system policy evaluation. Policy_ENABLE Policy_GlobalPolicyEvaluationMode = 1 // Disables system policy evaluation. Policy_DISABLE Policy_GlobalPolicyEvaluationMode = 2 )
func (Policy_GlobalPolicyEvaluationMode) Descriptor ¶
func (Policy_GlobalPolicyEvaluationMode) Descriptor() protoreflect.EnumDescriptor
func (Policy_GlobalPolicyEvaluationMode) Enum ¶
func (x Policy_GlobalPolicyEvaluationMode) Enum() *Policy_GlobalPolicyEvaluationMode
func (Policy_GlobalPolicyEvaluationMode) EnumDescriptor
deprecated
func (Policy_GlobalPolicyEvaluationMode) EnumDescriptor() ([]byte, []int)
Deprecated: Use Policy_GlobalPolicyEvaluationMode.Descriptor instead.
func (Policy_GlobalPolicyEvaluationMode) Number ¶
func (x Policy_GlobalPolicyEvaluationMode) Number() protoreflect.EnumNumber
func (Policy_GlobalPolicyEvaluationMode) String ¶
func (x Policy_GlobalPolicyEvaluationMode) String() string
func (Policy_GlobalPolicyEvaluationMode) Type ¶
func (Policy_GlobalPolicyEvaluationMode) Type() protoreflect.EnumType
type SystemPolicyV1Beta1Client ¶
type SystemPolicyV1Beta1Client interface {
// Gets the current system policy in the specified location.
GetSystemPolicy(ctx context.Context, in *GetSystemPolicyRequest, opts ...grpc.CallOption) (*Policy, error)
}
SystemPolicyV1Beta1Client is the client API for SystemPolicyV1Beta1 service.
For semantics around ctx use and closing/ending streaming RPCs, please refer to https://pkg.go.dev/google.golang.org/grpc/?tab=doc#ClientConn.NewStream.
func NewSystemPolicyV1Beta1Client ¶
func NewSystemPolicyV1Beta1Client(cc grpc.ClientConnInterface) SystemPolicyV1Beta1Client
type SystemPolicyV1Beta1Server ¶
type SystemPolicyV1Beta1Server interface {
// Gets the current system policy in the specified location.
GetSystemPolicy(context.Context, *GetSystemPolicyRequest) (*Policy, error)
}
SystemPolicyV1Beta1Server is the server API for SystemPolicyV1Beta1 service. All implementations should embed UnimplementedSystemPolicyV1Beta1Server for forward compatibility
type UnimplementedBinauthzManagementServiceV1Beta1Server ¶
type UnimplementedBinauthzManagementServiceV1Beta1Server struct {
}
UnimplementedBinauthzManagementServiceV1Beta1Server should be embedded to have forward compatible implementations.
func (UnimplementedBinauthzManagementServiceV1Beta1Server) CreateAttestor ¶
func (UnimplementedBinauthzManagementServiceV1Beta1Server) CreateAttestor(context.Context, *CreateAttestorRequest) (*Attestor, error)
func (UnimplementedBinauthzManagementServiceV1Beta1Server) DeleteAttestor ¶
func (UnimplementedBinauthzManagementServiceV1Beta1Server) DeleteAttestor(context.Context, *DeleteAttestorRequest) (*emptypb.Empty, error)
func (UnimplementedBinauthzManagementServiceV1Beta1Server) GetAttestor ¶
func (UnimplementedBinauthzManagementServiceV1Beta1Server) GetAttestor(context.Context, *GetAttestorRequest) (*Attestor, error)
func (UnimplementedBinauthzManagementServiceV1Beta1Server) GetPolicy ¶
func (UnimplementedBinauthzManagementServiceV1Beta1Server) GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
func (UnimplementedBinauthzManagementServiceV1Beta1Server) ListAttestors ¶
func (UnimplementedBinauthzManagementServiceV1Beta1Server) ListAttestors(context.Context, *ListAttestorsRequest) (*ListAttestorsResponse, error)
func (UnimplementedBinauthzManagementServiceV1Beta1Server) UpdateAttestor ¶
func (UnimplementedBinauthzManagementServiceV1Beta1Server) UpdateAttestor(context.Context, *UpdateAttestorRequest) (*Attestor, error)
func (UnimplementedBinauthzManagementServiceV1Beta1Server) UpdatePolicy ¶
func (UnimplementedBinauthzManagementServiceV1Beta1Server) UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)
type UnimplementedSystemPolicyV1Beta1Server ¶
type UnimplementedSystemPolicyV1Beta1Server struct {
}
UnimplementedSystemPolicyV1Beta1Server should be embedded to have forward compatible implementations.
func (UnimplementedSystemPolicyV1Beta1Server) GetSystemPolicy ¶
func (UnimplementedSystemPolicyV1Beta1Server) GetSystemPolicy(context.Context, *GetSystemPolicyRequest) (*Policy, error)
type UnsafeBinauthzManagementServiceV1Beta1Server ¶ added in v1.10.0
type UnsafeBinauthzManagementServiceV1Beta1Server interface {
// contains filtered or unexported methods
}
UnsafeBinauthzManagementServiceV1Beta1Server may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to BinauthzManagementServiceV1Beta1Server will result in compilation errors.
type UnsafeSystemPolicyV1Beta1Server ¶ added in v1.10.0
type UnsafeSystemPolicyV1Beta1Server interface {
// contains filtered or unexported methods
}
UnsafeSystemPolicyV1Beta1Server may be embedded to opt out of forward compatibility for this service. Use of this interface is not recommended, as added methods to SystemPolicyV1Beta1Server will result in compilation errors.
type UpdateAttestorRequest ¶
type UpdateAttestorRequest struct {
// Required. The updated [attestor][google.cloud.binaryauthorization.v1beta1.Attestor] value. The service will
// overwrite the [attestor name][google.cloud.binaryauthorization.v1beta1.Attestor.name] field with the resource name
// in the request URL, in the format `projects/*/attestors/*`.
Attestor *Attestor `protobuf:"bytes,1,opt,name=attestor,proto3" json:"attestor,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.UpdateAttestor][].
func (*UpdateAttestorRequest) Descriptor
deprecated
func (*UpdateAttestorRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdateAttestorRequest.ProtoReflect.Descriptor instead.
func (*UpdateAttestorRequest) GetAttestor ¶
func (x *UpdateAttestorRequest) GetAttestor() *Attestor
func (*UpdateAttestorRequest) ProtoMessage ¶
func (*UpdateAttestorRequest) ProtoMessage()
func (*UpdateAttestorRequest) ProtoReflect ¶
func (x *UpdateAttestorRequest) ProtoReflect() protoreflect.Message
func (*UpdateAttestorRequest) Reset ¶
func (x *UpdateAttestorRequest) Reset()
func (*UpdateAttestorRequest) String ¶
func (x *UpdateAttestorRequest) String() string
type UpdatePolicyRequest ¶
type UpdatePolicyRequest struct {
// Required. A new or updated [policy][google.cloud.binaryauthorization.v1beta1.Policy] value. The service will
// overwrite the [policy name][google.cloud.binaryauthorization.v1beta1.Policy.name] field with the resource name in
// the request URL, in the format `projects/*/policy`.
Policy *Policy `protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty"`
// contains filtered or unexported fields
}
Request message for [BinauthzManagementService.UpdatePolicy][].
func (*UpdatePolicyRequest) Descriptor
deprecated
func (*UpdatePolicyRequest) Descriptor() ([]byte, []int)
Deprecated: Use UpdatePolicyRequest.ProtoReflect.Descriptor instead.
func (*UpdatePolicyRequest) GetPolicy ¶
func (x *UpdatePolicyRequest) GetPolicy() *Policy
func (*UpdatePolicyRequest) ProtoMessage ¶
func (*UpdatePolicyRequest) ProtoMessage()
func (*UpdatePolicyRequest) ProtoReflect ¶
func (x *UpdatePolicyRequest) ProtoReflect() protoreflect.Message
func (*UpdatePolicyRequest) Reset ¶
func (x *UpdatePolicyRequest) Reset()
func (*UpdatePolicyRequest) String ¶
func (x *UpdatePolicyRequest) String() string
type UserOwnedDrydockNote ¶
type UserOwnedDrydockNote struct {
// Required. The Drydock resource name of a ATTESTATION_AUTHORITY Note,
// created by the user, in the format: `projects/*/notes/*` (or the legacy
// `providers/*/notes/*`). This field may not be updated.
//
// An attestation by this attestor is stored as a Drydock
// ATTESTATION_AUTHORITY Occurrence that names a container image and that
// links to this Note. Drydock is an external dependency.
NoteReference string `protobuf:"bytes,1,opt,name=note_reference,json=noteReference,proto3" json:"note_reference,omitempty"`
// Optional. Public keys that verify attestations signed by this
// attestor. This field may be updated.
//
// If this field is non-empty, one of the specified public keys must
// verify that an attestation was signed by this attestor for the
// image specified in the admission request.
//
// If this field is empty, this attestor always returns that no
// valid attestations exist.
PublicKeys []*AttestorPublicKey `protobuf:"bytes,2,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"`
// Output only. This field will contain the service account email address
// that this Attestor will use as the principal when querying Container
// Analysis. Attestor administrators must grant this service account the
// IAM role needed to read attestations from the [note_reference][Note] in
// Container Analysis (`containeranalysis.notes.occurrences.viewer`).
//
// This email address is fixed for the lifetime of the Attestor, but callers
// should not make any other assumptions about the service account email;
// future versions may use an email based on a different naming pattern.
DelegationServiceAccountEmail string `` /* 152-byte string literal not displayed */
// contains filtered or unexported fields
}
An [user owned drydock note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote] references a Drydock ATTESTATION_AUTHORITY Note created by the user.
func (*UserOwnedDrydockNote) Descriptor
deprecated
func (*UserOwnedDrydockNote) Descriptor() ([]byte, []int)
Deprecated: Use UserOwnedDrydockNote.ProtoReflect.Descriptor instead.
func (*UserOwnedDrydockNote) GetDelegationServiceAccountEmail ¶
func (x *UserOwnedDrydockNote) GetDelegationServiceAccountEmail() string
func (*UserOwnedDrydockNote) GetNoteReference ¶
func (x *UserOwnedDrydockNote) GetNoteReference() string
func (*UserOwnedDrydockNote) GetPublicKeys ¶
func (x *UserOwnedDrydockNote) GetPublicKeys() []*AttestorPublicKey
func (*UserOwnedDrydockNote) ProtoMessage ¶
func (*UserOwnedDrydockNote) ProtoMessage()
func (*UserOwnedDrydockNote) ProtoReflect ¶
func (x *UserOwnedDrydockNote) ProtoReflect() protoreflect.Message
func (*UserOwnedDrydockNote) Reset ¶
func (x *UserOwnedDrydockNote) Reset()
func (*UserOwnedDrydockNote) String ¶
func (x *UserOwnedDrydockNote) String() string
Source Files
Click to show internal directories.
Click to hide internal directories.