Reference documentation and code samples for the Google Cloud Binary Authorization V1 Client class BinauthzManagementServiceV1Client.
Service Description: Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.
This API implements a REST model with the following objects:
This class provides the ability to make remote calls to the backing service through method calls that map to API methods.
Many parameters require resource names to be formatted in a particular way. To assist with these names, this class includes a format method for each type of name, and additionally a parseName method to extract the individual identifiers contained within formatted names that are returned by the API.
This class is currently experimental and may be subject to changes.
Namespace
Google \ Cloud \ BinaryAuthorization \ V1 \ ClientMethods
__construct
Constructor.
Parameters | |
---|---|
Name | Description |
options |
array
Optional. Options for configuring the service API wrapper. |
↳ apiEndpoint |
string
The address of the API remote host. May optionally include the port, formatted as "
|
↳ credentials |
string|array|FetchAuthTokenInterface|CredentialsWrapper
The credentials to be used by the client to authorize API calls. This option accepts either a path to a credentials file, or a decoded credentials file as a PHP array. Advanced usage: In addition, this option can also accept a pre-constructed Google\Auth\FetchAuthTokenInterface object or Google\ApiCore\CredentialsWrapper object. Note that when one of these objects are provided, any settings in $credentialsConfig will be ignored. |
↳ credentialsConfig |
array
Options used to configure credentials, including auth token caching, for the client. For a full list of supporting configuration options, see Google\ApiCore\CredentialsWrapper::build() . |
↳ disableRetries |
bool
Determines whether or not retries defined by the client configuration should be disabled. Defaults to |
↳ clientConfig |
string|array
Client method configuration, including retry settings. This option can be either a path to a JSON file, or a PHP array containing the decoded JSON data. By default this settings points to the default client config file, which is provided in the resources folder. |
↳ transport |
string|TransportInterface
The transport used for executing network requests. May be either the string |
↳ transportConfig |
array
Configuration options that will be used to construct the transport. Options for each supported transport type should be passed in a key for that transport. For example: $transportConfig = [ 'grpc' => [...], 'rest' => [...], ]; See the Google\ApiCore\Transport\GrpcTransport::build() and Google\ApiCore\Transport\RestTransport::build() methods for the supported options. |
↳ clientCertSource |
callable
A callable which returns the client cert as a string. This can be used to provide a certificate and private key to the transport layer for mTLS. |
createAttestor
Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the attestor already exists.
The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::createAttestorAsync() .
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\CreateAttestorRequest
A request to house fields associated with the call. |
callOptions |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\BinaryAuthorization\V1\Attestor |
use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1\Attestor;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\CreateAttestorRequest;
/**
* @param string $formattedParent The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor]. Please see
* {@see BinauthzManagementServiceV1Client::projectName()} for help formatting this field.
* @param string $attestorId The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
* @param string $attestorName The resource name, in the format:
* `projects/*/attestors/*`. This field may not be updated.
*/
function create_attestor_sample(
string $formattedParent,
string $attestorId,
string $attestorName
): void {
// Create a client.
$binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();
// Prepare the request message.
$attestor = (new Attestor())
->setName($attestorName);
$request = (new CreateAttestorRequest())
->setParent($formattedParent)
->setAttestorId($attestorId)
->setAttestor($attestor);
// Call the API and handle any network failures.
try {
/** @var Attestor $response */
$response = $binauthzManagementServiceV1Client->createAttestor($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = BinauthzManagementServiceV1Client::projectName('[PROJECT]');
$attestorId = '[ATTESTOR_ID]';
$attestorName = '[NAME]';
create_attestor_sample($formattedParent, $attestorId, $attestorName);
}
deleteAttestor
Deletes an attestor. Returns NOT_FOUND if the attestor does not exist.
The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::deleteAttestorAsync() .
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\DeleteAttestorRequest
A request to house fields associated with the call. |
callOptions |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\DeleteAttestorRequest;
/**
* @param string $formattedName The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
* `projects/*/attestors/*`. Please see
* {@see BinauthzManagementServiceV1Client::attestorName()} for help formatting this field.
*/
function delete_attestor_sample(string $formattedName): void
{
// Create a client.
$binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();
// Prepare the request message.
$request = (new DeleteAttestorRequest())
->setName($formattedName);
// Call the API and handle any network failures.
try {
$binauthzManagementServiceV1Client->deleteAttestor($request);
printf('Call completed successfully.' . PHP_EOL);
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = BinauthzManagementServiceV1Client::attestorName('[PROJECT]', '[ATTESTOR]');
delete_attestor_sample($formattedName);
}
getAttestor
Gets an attestor.
Returns NOT_FOUND if the attestor does not exist.
The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::getAttestorAsync() .
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\GetAttestorRequest
A request to house fields associated with the call. |
callOptions |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\BinaryAuthorization\V1\Attestor |
use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1\Attestor;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\GetAttestorRequest;
/**
* @param string $formattedName The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
* `projects/*/attestors/*`. Please see
* {@see BinauthzManagementServiceV1Client::attestorName()} for help formatting this field.
*/
function get_attestor_sample(string $formattedName): void
{
// Create a client.
$binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();
// Prepare the request message.
$request = (new GetAttestorRequest())
->setName($formattedName);
// Call the API and handle any network failures.
try {
/** @var Attestor $response */
$response = $binauthzManagementServiceV1Client->getAttestor($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = BinauthzManagementServiceV1Client::attestorName('[PROJECT]', '[ATTESTOR]');
get_attestor_sample($formattedName);
}
getPolicy
A policy specifies the attestors that must attest to a container image, before the project is allowed to deploy that image. There is at most one policy per project. All image admission requests are permitted if a project has no policy.
Gets the policy for this project. Returns a default policy if the project does not have one.
The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::getPolicyAsync() .
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\GetPolicyRequest
A request to house fields associated with the call. |
callOptions |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\BinaryAuthorization\V1\Policy |
use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\GetPolicyRequest;
use Google\Cloud\BinaryAuthorization\V1\Policy;
/**
* @param string $formattedName The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
* in the format `projects/*/policy`. Please see
* {@see BinauthzManagementServiceV1Client::policyName()} for help formatting this field.
*/
function get_policy_sample(string $formattedName): void
{
// Create a client.
$binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();
// Prepare the request message.
$request = (new GetPolicyRequest())
->setName($formattedName);
// Call the API and handle any network failures.
try {
/** @var Policy $response */
$response = $binauthzManagementServiceV1Client->getPolicy($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedName = BinauthzManagementServiceV1Client::policyName('[PROJECT]');
get_policy_sample($formattedName);
}
listAttestors
Lists attestors.
Returns INVALID_ARGUMENT if the project does not exist.
The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::listAttestorsAsync() .
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\ListAttestorsRequest
A request to house fields associated with the call. |
callOptions |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\ApiCore\PagedListResponse |
use Google\ApiCore\ApiException;
use Google\ApiCore\PagedListResponse;
use Google\Cloud\BinaryAuthorization\V1\Attestor;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\ListAttestorsRequest;
/**
* @param string $formattedParent The resource name of the project associated with the
* [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/*`. Please see
* {@see BinauthzManagementServiceV1Client::projectName()} for help formatting this field.
*/
function list_attestors_sample(string $formattedParent): void
{
// Create a client.
$binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();
// Prepare the request message.
$request = (new ListAttestorsRequest())
->setParent($formattedParent);
// Call the API and handle any network failures.
try {
/** @var PagedListResponse $response */
$response = $binauthzManagementServiceV1Client->listAttestors($request);
/** @var Attestor $element */
foreach ($response as $element) {
printf('Element data: %s' . PHP_EOL, $element->serializeToJsonString());
}
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$formattedParent = BinauthzManagementServiceV1Client::projectName('[PROJECT]');
list_attestors_sample($formattedParent);
}
updateAttestor
Updates an attestor.
Returns NOT_FOUND if the attestor does not exist.
The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::updateAttestorAsync() .
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\UpdateAttestorRequest
A request to house fields associated with the call. |
callOptions |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\BinaryAuthorization\V1\Attestor |
use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1\Attestor;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\UpdateAttestorRequest;
/**
* @param string $attestorName The resource name, in the format:
* `projects/*/attestors/*`. This field may not be updated.
*/
function update_attestor_sample(string $attestorName): void
{
// Create a client.
$binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();
// Prepare the request message.
$attestor = (new Attestor())
->setName($attestorName);
$request = (new UpdateAttestorRequest())
->setAttestor($attestor);
// Call the API and handle any network failures.
try {
/** @var Attestor $response */
$response = $binauthzManagementServiceV1Client->updateAttestor($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$attestorName = '[NAME]';
update_attestor_sample($attestorName);
}
updatePolicy
Creates or updates a project's policy, and returns a copy of the new policy. A policy is always updated as a whole, to avoid race conditions with concurrent policy enforcement (or management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed.
The async variant is Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client::updatePolicyAsync() .
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\UpdatePolicyRequest
A request to house fields associated with the call. |
callOptions |
array
Optional. |
↳ retrySettings |
RetrySettings|array
Retry settings to use for this call. Can be a Google\ApiCore\RetrySettings object, or an associative array of retry settings parameters. See the documentation on Google\ApiCore\RetrySettings for example usage. |
Returns | |
---|---|
Type | Description |
Google\Cloud\BinaryAuthorization\V1\Policy |
use Google\ApiCore\ApiException;
use Google\Cloud\BinaryAuthorization\V1\AdmissionRule;
use Google\Cloud\BinaryAuthorization\V1\AdmissionRule\EnforcementMode;
use Google\Cloud\BinaryAuthorization\V1\AdmissionRule\EvaluationMode;
use Google\Cloud\BinaryAuthorization\V1\Client\BinauthzManagementServiceV1Client;
use Google\Cloud\BinaryAuthorization\V1\Policy;
use Google\Cloud\BinaryAuthorization\V1\UpdatePolicyRequest;
/**
* @param int $policyDefaultAdmissionRuleEvaluationMode How this admission rule will be evaluated.
* @param int $policyDefaultAdmissionRuleEnforcementMode The action when a pod creation is denied by the admission rule.
*/
function update_policy_sample(
int $policyDefaultAdmissionRuleEvaluationMode,
int $policyDefaultAdmissionRuleEnforcementMode
): void {
// Create a client.
$binauthzManagementServiceV1Client = new BinauthzManagementServiceV1Client();
// Prepare the request message.
$policyDefaultAdmissionRule = (new AdmissionRule())
->setEvaluationMode($policyDefaultAdmissionRuleEvaluationMode)
->setEnforcementMode($policyDefaultAdmissionRuleEnforcementMode);
$policy = (new Policy())
->setDefaultAdmissionRule($policyDefaultAdmissionRule);
$request = (new UpdatePolicyRequest())
->setPolicy($policy);
// Call the API and handle any network failures.
try {
/** @var Policy $response */
$response = $binauthzManagementServiceV1Client->updatePolicy($request);
printf('Response data: %s' . PHP_EOL, $response->serializeToJsonString());
} catch (ApiException $ex) {
printf('Call failed with message: %s' . PHP_EOL, $ex->getMessage());
}
}
/**
* Helper to execute the sample.
*
* This sample has been automatically generated and should be regarded as a code
* template only. It will require modifications to work:
* - It may require correct/in-range values for request initialization.
* - It may require specifying regional endpoints when creating the service client,
* please see the apiEndpoint client configuration option for more details.
*/
function callSample(): void
{
$policyDefaultAdmissionRuleEvaluationMode = EvaluationMode::EVALUATION_MODE_UNSPECIFIED;
$policyDefaultAdmissionRuleEnforcementMode = EnforcementMode::ENFORCEMENT_MODE_UNSPECIFIED;
update_policy_sample(
$policyDefaultAdmissionRuleEvaluationMode,
$policyDefaultAdmissionRuleEnforcementMode
);
}
createAttestorAsync
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\CreateAttestorRequest
|
optionalArgs = [] |
array
|
Returns | |
---|---|
Type | Description |
GuzzleHttp\Promise\PromiseInterface |
deleteAttestorAsync
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\DeleteAttestorRequest
|
optionalArgs = [] |
array
|
Returns | |
---|---|
Type | Description |
GuzzleHttp\Promise\PromiseInterface |
getAttestorAsync
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\GetAttestorRequest
|
optionalArgs = [] |
array
|
Returns | |
---|---|
Type | Description |
GuzzleHttp\Promise\PromiseInterface |
getPolicyAsync
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\GetPolicyRequest
|
optionalArgs = [] |
array
|
Returns | |
---|---|
Type | Description |
GuzzleHttp\Promise\PromiseInterface |
listAttestorsAsync
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\ListAttestorsRequest
|
optionalArgs = [] |
array
|
Returns | |
---|---|
Type | Description |
GuzzleHttp\Promise\PromiseInterface |
updateAttestorAsync
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\UpdateAttestorRequest
|
optionalArgs = [] |
array
|
Returns | |
---|---|
Type | Description |
GuzzleHttp\Promise\PromiseInterface |
updatePolicyAsync
Parameters | |
---|---|
Name | Description |
request |
Google\Cloud\BinaryAuthorization\V1\UpdatePolicyRequest
|
optionalArgs = [] |
array
|
Returns | |
---|---|
Type | Description |
GuzzleHttp\Promise\PromiseInterface |
static::attestorName
Formats a string containing the fully-qualified path to represent a attestor resource.
Parameters | |
---|---|
Name | Description |
project |
string
|
attestor |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted attestor resource. |
static::locationPolicyName
Formats a string containing the fully-qualified path to represent a location_policy resource.
Parameter | |
---|---|
Name | Description |
location |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted location_policy resource. |
static::policyName
Formats a string containing the fully-qualified path to represent a policy resource.
Parameter | |
---|---|
Name | Description |
project |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted policy resource. |
static::projectName
Formats a string containing the fully-qualified path to represent a project resource.
Parameter | |
---|---|
Name | Description |
project |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted project resource. |
static::projectPolicyName
Formats a string containing the fully-qualified path to represent a project_policy resource.
Parameter | |
---|---|
Name | Description |
project |
string
|
Returns | |
---|---|
Type | Description |
string | The formatted project_policy resource. |
static::parseName
Parses a formatted name string and returns an associative array of the components in the name.
The following name formats are supported: Template: Pattern
- attestor: projects/{project}/attestors/{attestor}
- locationPolicy: locations/{location}/policy
- policy: projects/{project}/policy
- project: projects/{project}
- projectPolicy: projects/{project}/policy
The optional $template argument can be supplied to specify a particular pattern, and must match one of the templates listed above. If no $template argument is provided, or if the $template argument does not match one of the templates listed, then parseName will check each of the supported templates, and return the first match.
Parameters | |
---|---|
Name | Description |
formattedName |
string
The formatted name string |
template |
string
Optional name of template to match |
Returns | |
---|---|
Type | Description |
array | An associative array from name component IDs to component values. |