Package com.google.cloud.binaryauthorization.v1beta1

Interface PolicyOrBuilder

  • All Superinterfaces:
    com.google.protobuf.MessageLiteOrBuilder, com.google.protobuf.MessageOrBuilder
    All Known Implementing Classes:
    Policy, Policy.Builder
    public interface PolicyOrBuilder
extends com.google.protobuf.MessageOrBuilder

    • Method Detail

      • getName

        String getName()
         Output only. The resource name, in the format `projects/*/policy`. There is
 at most one policy per project.
        string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
        Returns:
        The name.

      • getNameBytes

        com.google.protobuf.ByteString getNameBytes()
         Output only. The resource name, in the format `projects/*/policy`. There is
 at most one policy per project.
        string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
        Returns:
        The bytes for name.

      • getDescription

        String getDescription()
         Optional. A descriptive comment.
        string description = 6 [(.google.api.field_behavior) = OPTIONAL];
        Returns:
        The description.

      • getDescriptionBytes

        com.google.protobuf.ByteString getDescriptionBytes()
         Optional. A descriptive comment.
        string description = 6 [(.google.api.field_behavior) = OPTIONAL];
        Returns:
        The bytes for description.

      • getGlobalPolicyEvaluationModeValue

        int getGlobalPolicyEvaluationModeValue()
         Optional. Controls the evaluation of a Google-maintained global admission
 policy for common system-level images. Images not covered by the global
 policy will be subject to the project admission policy. This setting
 has no effect when specified inside a global admission policy.
        .google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
        Returns:
        The enum numeric value on the wire for globalPolicyEvaluationMode.

      • getGlobalPolicyEvaluationMode

        Policy.GlobalPolicyEvaluationMode getGlobalPolicyEvaluationMode()
         Optional. Controls the evaluation of a Google-maintained global admission
 policy for common system-level images. Images not covered by the global
 policy will be subject to the project admission policy. This setting
 has no effect when specified inside a global admission policy.
        .google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
        Returns:
        The globalPolicyEvaluationMode.

      • getAdmissionWhitelistPatternsList

        List<AdmissionWhitelistPattern> getAdmissionWhitelistPatternsList()
         Optional. Admission policy allowlisting. A matching admission request will
 always be permitted. This feature is typically used to exclude Google or
 third-party infrastructure images from Binary Authorization policies.
        repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

      • getAdmissionWhitelistPatterns

        AdmissionWhitelistPattern getAdmissionWhitelistPatterns​(int index)
         Optional. Admission policy allowlisting. A matching admission request will
 always be permitted. This feature is typically used to exclude Google or
 third-party infrastructure images from Binary Authorization policies.
        repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

      • getAdmissionWhitelistPatternsCount

        int getAdmissionWhitelistPatternsCount()
         Optional. Admission policy allowlisting. A matching admission request will
 always be permitted. This feature is typically used to exclude Google or
 third-party infrastructure images from Binary Authorization policies.
        repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

      • getAdmissionWhitelistPatternsOrBuilderList

        List<? extends AdmissionWhitelistPatternOrBuilder> getAdmissionWhitelistPatternsOrBuilderList()
         Optional. Admission policy allowlisting. A matching admission request will
 always be permitted. This feature is typically used to exclude Google or
 third-party infrastructure images from Binary Authorization policies.
        repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

      • getAdmissionWhitelistPatternsOrBuilder

        AdmissionWhitelistPatternOrBuilder getAdmissionWhitelistPatternsOrBuilder​(int index)
         Optional. Admission policy allowlisting. A matching admission request will
 always be permitted. This feature is typically used to exclude Google or
 third-party infrastructure images from Binary Authorization policies.
        repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

      • getClusterAdmissionRulesCount

        int getClusterAdmissionRulesCount()
         Optional. Per-cluster admission rules. Cluster spec format:
 `location.clusterId`. There can be at most one admission rule per cluster
 spec.
 A `location` is either a compute zone (e.g. us-central1-a) or a region
 (e.g. us-central1).
 For `clusterId` syntax restrictions see
 https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

      • containsClusterAdmissionRules

        boolean containsClusterAdmissionRules​(String key)
         Optional. Per-cluster admission rules. Cluster spec format:
 `location.clusterId`. There can be at most one admission rule per cluster
 spec.
 A `location` is either a compute zone (e.g. us-central1-a) or a region
 (e.g. us-central1).
 For `clusterId` syntax restrictions see
 https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

      • getClusterAdmissionRulesMap

        Map<String,​AdmissionRule> getClusterAdmissionRulesMap()
         Optional. Per-cluster admission rules. Cluster spec format:
 `location.clusterId`. There can be at most one admission rule per cluster
 spec.
 A `location` is either a compute zone (e.g. us-central1-a) or a region
 (e.g. us-central1).
 For `clusterId` syntax restrictions see
 https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

      • getClusterAdmissionRulesOrDefault

        AdmissionRule getClusterAdmissionRulesOrDefault​(String key,
                                                AdmissionRule defaultValue)
         Optional. Per-cluster admission rules. Cluster spec format:
 `location.clusterId`. There can be at most one admission rule per cluster
 spec.
 A `location` is either a compute zone (e.g. us-central1-a) or a region
 (e.g. us-central1).
 For `clusterId` syntax restrictions see
 https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

      • getClusterAdmissionRulesOrThrow

        AdmissionRule getClusterAdmissionRulesOrThrow​(String key)
         Optional. Per-cluster admission rules. Cluster spec format:
 `location.clusterId`. There can be at most one admission rule per cluster
 spec.
 A `location` is either a compute zone (e.g. us-central1-a) or a region
 (e.g. us-central1).
 For `clusterId` syntax restrictions see
 https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

      • getKubernetesNamespaceAdmissionRulesCount

        int getKubernetesNamespaceAdmissionRulesCount()
         Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
   `[a-z.-]+`, e.g. `some-namespace`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

      • containsKubernetesNamespaceAdmissionRules

        boolean containsKubernetesNamespaceAdmissionRules​(String key)
         Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
   `[a-z.-]+`, e.g. `some-namespace`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

      • getKubernetesNamespaceAdmissionRulesMap

        Map<String,​AdmissionRule> getKubernetesNamespaceAdmissionRulesMap()
         Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
   `[a-z.-]+`, e.g. `some-namespace`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

      • getKubernetesNamespaceAdmissionRulesOrDefault

        AdmissionRule getKubernetesNamespaceAdmissionRulesOrDefault​(String key,
                                                            AdmissionRule defaultValue)
         Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
   `[a-z.-]+`, e.g. `some-namespace`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

      • getKubernetesNamespaceAdmissionRulesOrThrow

        AdmissionRule getKubernetesNamespaceAdmissionRulesOrThrow​(String key)
         Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
   `[a-z.-]+`, e.g. `some-namespace`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

      • getKubernetesServiceAccountAdmissionRulesCount

        int getKubernetesServiceAccountAdmissionRulesCount()
         Optional. Per-kubernetes-service-account admission rules. Service account
 spec format: `namespace:serviceaccount`. e.g. `test-ns:default`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

      • containsKubernetesServiceAccountAdmissionRules

        boolean containsKubernetesServiceAccountAdmissionRules​(String key)
         Optional. Per-kubernetes-service-account admission rules. Service account
 spec format: `namespace:serviceaccount`. e.g. `test-ns:default`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

      • getKubernetesServiceAccountAdmissionRulesMap

        Map<String,​AdmissionRule> getKubernetesServiceAccountAdmissionRulesMap()
         Optional. Per-kubernetes-service-account admission rules. Service account
 spec format: `namespace:serviceaccount`. e.g. `test-ns:default`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

      • getKubernetesServiceAccountAdmissionRulesOrDefault

        AdmissionRule getKubernetesServiceAccountAdmissionRulesOrDefault​(String key,
                                                                 AdmissionRule defaultValue)
         Optional. Per-kubernetes-service-account admission rules. Service account
 spec format: `namespace:serviceaccount`. e.g. `test-ns:default`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

      • getKubernetesServiceAccountAdmissionRulesOrThrow

        AdmissionRule getKubernetesServiceAccountAdmissionRulesOrThrow​(String key)
         Optional. Per-kubernetes-service-account admission rules. Service account
 spec format: `namespace:serviceaccount`. e.g. `test-ns:default`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

      • getIstioServiceIdentityAdmissionRulesCount

        int getIstioServiceIdentityAdmissionRulesCount()
         Optional. Per-istio-service-identity admission rules. Istio service
 identity spec format:
 `spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>` or
 `<domain>/ns/<namespace>/sa/<serviceaccount>`
 e.g. `spiffe://example.com/ns/test-ns/sa/default`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

      • containsIstioServiceIdentityAdmissionRules

        boolean containsIstioServiceIdentityAdmissionRules​(String key)
         Optional. Per-istio-service-identity admission rules. Istio service
 identity spec format:
 `spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>` or
 `<domain>/ns/<namespace>/sa/<serviceaccount>`
 e.g. `spiffe://example.com/ns/test-ns/sa/default`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

      • getIstioServiceIdentityAdmissionRulesMap

        Map<String,​AdmissionRule> getIstioServiceIdentityAdmissionRulesMap()
         Optional. Per-istio-service-identity admission rules. Istio service
 identity spec format:
 `spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>` or
 `<domain>/ns/<namespace>/sa/<serviceaccount>`
 e.g. `spiffe://example.com/ns/test-ns/sa/default`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

      • getIstioServiceIdentityAdmissionRulesOrDefault

        AdmissionRule getIstioServiceIdentityAdmissionRulesOrDefault​(String key,
                                                             AdmissionRule defaultValue)
         Optional. Per-istio-service-identity admission rules. Istio service
 identity spec format:
 `spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>` or
 `<domain>/ns/<namespace>/sa/<serviceaccount>`
 e.g. `spiffe://example.com/ns/test-ns/sa/default`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

      • getIstioServiceIdentityAdmissionRulesOrThrow

        AdmissionRule getIstioServiceIdentityAdmissionRulesOrThrow​(String key)
         Optional. Per-istio-service-identity admission rules. Istio service
 identity spec format:
 `spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>` or
 `<domain>/ns/<namespace>/sa/<serviceaccount>`
 e.g. `spiffe://example.com/ns/test-ns/sa/default`
        map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

      • hasDefaultAdmissionRule

        boolean hasDefaultAdmissionRule()
         Required. Default admission rule for a cluster without a per-cluster, per-
 kubernetes-service-account, or per-istio-service-identity admission rule.
        .google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
        Returns:
        Whether the defaultAdmissionRule field is set.

      • getDefaultAdmissionRule

        AdmissionRule getDefaultAdmissionRule()
         Required. Default admission rule for a cluster without a per-cluster, per-
 kubernetes-service-account, or per-istio-service-identity admission rule.
        .google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
        Returns:
        The defaultAdmissionRule.

      • getDefaultAdmissionRuleOrBuilder

        AdmissionRuleOrBuilder getDefaultAdmissionRuleOrBuilder()
         Required. Default admission rule for a cluster without a per-cluster, per-
 kubernetes-service-account, or per-istio-service-identity admission rule.
        .google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

      • hasUpdateTime

        boolean hasUpdateTime()
         Output only. Time when the policy was last updated.
        .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
        Returns:
        Whether the updateTime field is set.

      • getUpdateTime

        com.google.protobuf.Timestamp getUpdateTime()
         Output only. Time when the policy was last updated.
        .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
        Returns:
        The updateTime.

      • getUpdateTimeOrBuilder

        com.google.protobuf.TimestampOrBuilder getUpdateTimeOrBuilder()
         Output only. Time when the policy was last updated.
        .google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];