Package com.google.cloud.binaryauthorization.v1beta1

Class AdmissionRule

  • All Implemented Interfaces:
    AdmissionRuleOrBuilder, com.google.protobuf.Message, com.google.protobuf.MessageLite, com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder, Serializable
    public final class AdmissionRule
extends com.google.protobuf.GeneratedMessageV3
implements AdmissionRuleOrBuilder
     An [admission rule][google.cloud.binaryauthorization.v1beta1.AdmissionRule] specifies either that all container images
 used in a pod creation request must be attested to by one or more
 [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], that all pod creations will be allowed, or that all
 pod creations will be denied.

 Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern]
 are exempted from admission rules and will never block a pod creation.
    Protobuf type google.cloud.binaryauthorization.v1beta1.AdmissionRule
    See Also:
    Serialized Form

    • Nested Class Summary

      Nested Classes 
      Modifier and Type Class Description
      static class  AdmissionRule.Builder
      An [admission rule][google.cloud.binaryauthorization.v1beta1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied.
      static class  AdmissionRule.EnforcementMode
      Defines the possible actions when a pod creation is denied by an admission rule.
      static class  AdmissionRule.EvaluationMode
      Protobuf enum google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationMode

      • Nested classes/interfaces inherited from class com.google.protobuf.GeneratedMessageV3

        com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>,​BuilderT extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageT,​BuilderT>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable, com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter

      • Nested classes/interfaces inherited from class com.google.protobuf.AbstractMessageLite

        com.google.protobuf.AbstractMessageLite.InternalOneOfEnum

    • Field Detail

      • EVALUATION_MODE_FIELD_NUMBER

        public static final int EVALUATION_MODE_FIELD_NUMBER
        See Also:
        Constant Field Values

      • REQUIRE_ATTESTATIONS_BY_FIELD_NUMBER

        public static final int REQUIRE_ATTESTATIONS_BY_FIELD_NUMBER
        See Also:
        Constant Field Values

      • ENFORCEMENT_MODE_FIELD_NUMBER

        public static final int ENFORCEMENT_MODE_FIELD_NUMBER
        See Also:
        Constant Field Values

    • Method Detail

      • newInstance

        protected Object newInstance​(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
        Overrides:
        newInstance in class com.google.protobuf.GeneratedMessageV3

      • getDescriptor

        public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()

      • internalGetFieldAccessorTable

        protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
        Specified by:
        internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3

      • getEvaluationModeValue

        public int getEvaluationModeValue()
         Required. How this admission rule will be evaluated.
        .google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
        Specified by:
        getEvaluationModeValue in interface AdmissionRuleOrBuilder
        Returns:
        The enum numeric value on the wire for evaluationMode.

      • getEvaluationMode

        public AdmissionRule.EvaluationMode getEvaluationMode()
         Required. How this admission rule will be evaluated.
        .google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
        Specified by:
        getEvaluationMode in interface AdmissionRuleOrBuilder
        Returns:
        The evaluationMode.

      • getRequireAttestationsByList

        public com.google.protobuf.ProtocolStringList getRequireAttestationsByList()
         Optional. The resource names of the attestors that must attest to
 a container image, in the format `projects/*/attestors/*`. Each
 attestor must exist before a policy can reference it.  To add an attestor
 to a policy the principal issuing the policy change request must be able
 to read the attestor resource.

 Note: this field must be non-empty when the evaluation_mode field specifies
 REQUIRE_ATTESTATION, otherwise it must be empty.
        repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getRequireAttestationsByList in interface AdmissionRuleOrBuilder
        Returns:
        A list containing the requireAttestationsBy.

      • getRequireAttestationsByCount

        public int getRequireAttestationsByCount()
         Optional. The resource names of the attestors that must attest to
 a container image, in the format `projects/*/attestors/*`. Each
 attestor must exist before a policy can reference it.  To add an attestor
 to a policy the principal issuing the policy change request must be able
 to read the attestor resource.

 Note: this field must be non-empty when the evaluation_mode field specifies
 REQUIRE_ATTESTATION, otherwise it must be empty.
        repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getRequireAttestationsByCount in interface AdmissionRuleOrBuilder
        Returns:
        The count of requireAttestationsBy.

      • getRequireAttestationsBy

        public String getRequireAttestationsBy​(int index)
         Optional. The resource names of the attestors that must attest to
 a container image, in the format `projects/*/attestors/*`. Each
 attestor must exist before a policy can reference it.  To add an attestor
 to a policy the principal issuing the policy change request must be able
 to read the attestor resource.

 Note: this field must be non-empty when the evaluation_mode field specifies
 REQUIRE_ATTESTATION, otherwise it must be empty.
        repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getRequireAttestationsBy in interface AdmissionRuleOrBuilder
        Parameters:
        index - The index of the element to return.
        Returns:
        The requireAttestationsBy at the given index.

      • getRequireAttestationsByBytes

        public com.google.protobuf.ByteString getRequireAttestationsByBytes​(int index)
         Optional. The resource names of the attestors that must attest to
 a container image, in the format `projects/*/attestors/*`. Each
 attestor must exist before a policy can reference it.  To add an attestor
 to a policy the principal issuing the policy change request must be able
 to read the attestor resource.

 Note: this field must be non-empty when the evaluation_mode field specifies
 REQUIRE_ATTESTATION, otherwise it must be empty.
        repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
        Specified by:
        getRequireAttestationsByBytes in interface AdmissionRuleOrBuilder
        Parameters:
        index - The index of the value to return.
        Returns:
        The bytes of the requireAttestationsBy at the given index.

      • getEnforcementModeValue

        public int getEnforcementModeValue()
         Required. The action when a pod creation is denied by the admission rule.
        .google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
        Specified by:
        getEnforcementModeValue in interface AdmissionRuleOrBuilder
        Returns:
        The enum numeric value on the wire for enforcementMode.

      • getEnforcementMode

        public AdmissionRule.EnforcementMode getEnforcementMode()
         Required. The action when a pod creation is denied by the admission rule.
        .google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
        Specified by:
        getEnforcementMode in interface AdmissionRuleOrBuilder
        Returns:
        The enforcementMode.

      • isInitialized

        public final boolean isInitialized()
        Specified by:
        isInitialized in interface com.google.protobuf.MessageLiteOrBuilder
        Overrides:
        isInitialized in class com.google.protobuf.GeneratedMessageV3

      • writeTo

        public void writeTo​(com.google.protobuf.CodedOutputStream output)
             throws IOException
        Specified by:
        writeTo in interface com.google.protobuf.MessageLite
        Overrides:
        writeTo in class com.google.protobuf.GeneratedMessageV3
        Throws:
        IOException

      • getSerializedSize

        public int getSerializedSize()
        Specified by:
        getSerializedSize in interface com.google.protobuf.MessageLite
        Overrides:
        getSerializedSize in class com.google.protobuf.GeneratedMessageV3

      • equals

        public boolean equals​(Object obj)
        Specified by:
        equals in interface com.google.protobuf.Message
        Overrides:
        equals in class com.google.protobuf.AbstractMessage

      • hashCode

        public int hashCode()
        Specified by:
        hashCode in interface com.google.protobuf.Message
        Overrides:
        hashCode in class com.google.protobuf.AbstractMessage

      • parseFrom

        public static AdmissionRule parseFrom​(ByteBuffer data)
                               throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static AdmissionRule parseFrom​(ByteBuffer data,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static AdmissionRule parseFrom​(com.google.protobuf.ByteString data)
                               throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static AdmissionRule parseFrom​(com.google.protobuf.ByteString data,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static AdmissionRule parseFrom​(byte[] data)
                               throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static AdmissionRule parseFrom​(byte[] data,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws com.google.protobuf.InvalidProtocolBufferException
        Throws:
        com.google.protobuf.InvalidProtocolBufferException

      • parseFrom

        public static AdmissionRule parseFrom​(com.google.protobuf.CodedInputStream input,
                                      com.google.protobuf.ExtensionRegistryLite extensionRegistry)
                               throws IOException
        Throws:
        IOException

      • newBuilderForType

        public AdmissionRule.Builder newBuilderForType()
        Specified by:
        newBuilderForType in interface com.google.protobuf.Message
        Specified by:
        newBuilderForType in interface com.google.protobuf.MessageLite

      • toBuilder

        public AdmissionRule.Builder toBuilder()
        Specified by:
        toBuilder in interface com.google.protobuf.Message
        Specified by:
        toBuilder in interface com.google.protobuf.MessageLite

      • newBuilderForType

        protected AdmissionRule.Builder newBuilderForType​(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
        Specified by:
        newBuilderForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstance

        public static AdmissionRule getDefaultInstance()

      • parser

        public static com.google.protobuf.Parser<AdmissionRule> parser()

      • getParserForType

        public com.google.protobuf.Parser<AdmissionRule> getParserForType()
        Specified by:
        getParserForType in interface com.google.protobuf.Message
        Specified by:
        getParserForType in interface com.google.protobuf.MessageLite
        Overrides:
        getParserForType in class com.google.protobuf.GeneratedMessageV3

      • getDefaultInstanceForType

        public AdmissionRule getDefaultInstanceForType()
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuilder
        Specified by:
        getDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilder