Reference documentation and code samples for the Google Cloud Binary Authorization V1beta1 Client class Policy.
A policy for Binary Authorization.
Generated from protobuf message google.cloud.binaryauthorization.v1beta1.Policy
Namespace
Google \ Cloud \ BinaryAuthorization \ V1beta1Methods
__construct
Constructor.
| Parameters | |
|---|---|
| Name | Description |
data |
array
Optional. Data for populating the Message object. |
↳ name |
string
Output only. The resource name, in the format |
↳ description |
string
Optional. A descriptive comment. |
↳ global_policy_evaluation_mode |
int
Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy. |
↳ admission_whitelist_patterns |
array<Google\Cloud\BinaryAuthorization\V1beta1\AdmissionWhitelistPattern>
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies. |
↳ cluster_admission_rules |
array|Google\Protobuf\Internal\MapField
Optional. Per-cluster admission rules. Cluster spec format: |
↳ kubernetes_namespace_admission_rules |
array|Google\Protobuf\Internal\MapField
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: |
↳ kubernetes_service_account_admission_rules |
array|Google\Protobuf\Internal\MapField
Optional. Per-kubernetes-service-account admission rules. Service account spec format: |
↳ istio_service_identity_admission_rules |
array|Google\Protobuf\Internal\MapField
Optional. Per-istio-service-identity admission rules. Istio service identity spec format: |
↳ default_admission_rule |
Google\Cloud\BinaryAuthorization\V1beta1\AdmissionRule
Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule. |
↳ update_time |
Google\Protobuf\Timestamp
Output only. Time when the policy was last updated. |
getName
Output only. The resource name, in the format projects/*/policy. There is
at most one policy per project.
| Returns | |
|---|---|
| Type | Description |
string |
|
setName
Output only. The resource name, in the format projects/*/policy. There is
at most one policy per project.
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getDescription
Optional. A descriptive comment.
| Returns | |
|---|---|
| Type | Description |
string |
|
setDescription
Optional. A descriptive comment.
| Parameter | |
|---|---|
| Name | Description |
var |
string
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getGlobalPolicyEvaluationMode
Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
| Returns | |
|---|---|
| Type | Description |
int |
|
setGlobalPolicyEvaluationMode
Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
| Parameter | |
|---|---|
| Name | Description |
var |
int
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getAdmissionWhitelistPatterns
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\RepeatedField |
|
setAdmissionWhitelistPatterns
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
| Parameter | |
|---|---|
| Name | Description |
var |
array<Google\Cloud\BinaryAuthorization\V1beta1\AdmissionWhitelistPattern>
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getClusterAdmissionRules
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\MapField |
|
setClusterAdmissionRules
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
| Parameter | |
|---|---|
| Name | Description |
var |
array|Google\Protobuf\Internal\MapField
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getKubernetesNamespaceAdmissionRules
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. some-namespace
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\MapField |
|
setKubernetesNamespaceAdmissionRules
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. some-namespace
| Parameter | |
|---|---|
| Name | Description |
var |
array|Google\Protobuf\Internal\MapField
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getKubernetesServiceAccountAdmissionRules
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. test-ns:default
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\MapField |
|
setKubernetesServiceAccountAdmissionRules
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. test-ns:default
| Parameter | |
|---|---|
| Name | Description |
var |
array|Google\Protobuf\Internal\MapField
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getIstioServiceIdentityAdmissionRules
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Internal\MapField |
|
setIstioServiceIdentityAdmissionRules
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
| Parameter | |
|---|---|
| Name | Description |
var |
array|Google\Protobuf\Internal\MapField
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getDefaultAdmissionRule
Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
| Returns | |
|---|---|
| Type | Description |
Google\Cloud\BinaryAuthorization\V1beta1\AdmissionRule|null |
|
hasDefaultAdmissionRule
clearDefaultAdmissionRule
setDefaultAdmissionRule
Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
| Parameter | |
|---|---|
| Name | Description |
var |
Google\Cloud\BinaryAuthorization\V1beta1\AdmissionRule
|
| Returns | |
|---|---|
| Type | Description |
$this |
|
getUpdateTime
Output only. Time when the policy was last updated.
| Returns | |
|---|---|
| Type | Description |
Google\Protobuf\Timestamp|null |
|
hasUpdateTime
clearUpdateTime
setUpdateTime
Output only. Time when the policy was last updated.
| Parameter | |
|---|---|
| Name | Description |
var |
Google\Protobuf\Timestamp
|
| Returns | |
|---|---|
| Type | Description |
$this |
|