Namespace Google.Cloud.BinaryAuthorization.V1 (2.0.0)

An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied.

Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.

Container for nested types declared in the AdmissionRule message type.

An [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1.AdmissionRule].

An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

Resource name for the Attestor resource.

An [attestor public key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

• [Policy][google.cloud.binaryauthorization.v1.Policy]
• [Attestor][google.cloud.binaryauthorization.v1.Attestor]

Base class for server-side implementations of BinauthzManagementServiceV1

Client for BinauthzManagementServiceV1

BinauthzManagementServiceV1 client wrapper, for convenient use.

Builder class for BinauthzManagementServiceV1Client to provide simple configuration of credentials, endpoint etc.

BinauthzManagementServiceV1 client wrapper implementation, for convenient use.

Settings for BinauthzManagementServiceV1Client instances.

Request message for [BinauthzManagementService.CreateAttestor][].

Request message for [BinauthzManagementService.DeleteAttestor][].

Request message for [BinauthzManagementService.GetAttestor][].

Request message for [BinauthzManagementService.GetPolicy][].

Request to read the current system policy.

Request message for [BinauthzManagementService.ListAttestors][].

Response message for [BinauthzManagementService.ListAttestors][].

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

Container for nested types declared in the PkixPublicKey message type.

A [policy][google.cloud.binaryauthorization.v1.Policy] for container image binary authorization.

Container for nested types declared in the Policy message type.

Resource name for the Policy resource.

API for working with the system policy.

Base class for server-side implementations of SystemPolicyV1

Client for SystemPolicyV1

SystemPolicyV1 client wrapper, for convenient use.

Builder class for SystemPolicyV1Client to provide simple configuration of credentials, endpoint etc.

SystemPolicyV1 client wrapper implementation, for convenient use.

Settings for SystemPolicyV1Client instances.

Request message for [BinauthzManagementService.UpdateAttestor][].

Request message for [BinauthzManagementService.UpdatePolicy][].

An [user owned Grafeas note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a Grafeas Attestation.Authority Note created by the user.

Request message for [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].

Response message for [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].

Container for nested types declared in the ValidateAttestationOccurrenceResponse message type.

BinAuthz Attestor verification

Base class for server-side implementations of ValidationHelperV1

Client for ValidationHelperV1

ValidationHelperV1 client wrapper, for convenient use.

Builder class for ValidationHelperV1Client to provide simple configuration of credentials, endpoint etc.

ValidationHelperV1 client wrapper implementation, for convenient use.

Settings for ValidationHelperV1Client instances.

Defines the possible actions when a pod creation is denied by an admission rule.

Enum of possible cases for the "attestor_type" oneof.

The possible contents of AttestorName.

Enum of possible cases for the "public_key" oneof.

Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS.

The possible contents of PolicyName.

The enum returned in the "result" field.