king
/
v811_spc009
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'main'
${ noResults }
v811_spc009/external/python/google-api-python-client/docs/dyn/binaryauthorization_v1beta1...

349 lines
16 KiB
Raw Permalink Blame History

<html><body>
<style>
body, h1, h2, h3, div, span, p, pre, a {
margin: 0;
padding: 0;
border: 0;
font-weight: inherit;
font-style: inherit;
font-size: 100%;
font-family: inherit;
vertical-align: baseline;
}
body {
font-size: 13px;
padding: 1em;
}
h1 {
font-size: 26px;
margin-bottom: 1em;
}
h2 {
font-size: 24px;
margin-bottom: 1em;
}
h3 {
font-size: 20px;
margin-bottom: 1em;
margin-top: 1em;
}
pre, code {
line-height: 1.5;
font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
}
pre {
margin-top: 0.5em;
}
h1, h2, h3, p {
font-family: Arial, sans serif;
}
h1, h2, h3 {
border-bottom: solid #CCC 1px;
}
.toc_element {
margin-top: 0.5em;
}
.firstline {
margin-left: 2 em;
}
.method {
margin-top: 1em;
border: solid 1px #CCC;
padding: 1em;
background: #EEE;
}
.details {
font-weight: bold;
font-size: 14px;
}
</style>
<h1><a href="binaryauthorization_v1beta1.html">Binary Authorization API</a> . <a href="binaryauthorization_v1beta1.projects.html">projects</a></h1>
<h2>Instance Methods</h2>
<p class="toc_element">
<code><a href="binaryauthorization_v1beta1.projects.attestors.html">attestors()</a></code>
</p>
<p class="firstline">Returns the attestors Resource.</p>
<p class="toc_element">
<code><a href="binaryauthorization_v1beta1.projects.policy.html">policy()</a></code>
</p>
<p class="firstline">Returns the policy Resource.</p>
<p class="toc_element">
<code><a href="#getPolicy">getPolicy(name, x__xgafv=None)</a></code></p>
<p class="firstline">A policy specifies the attestors that must attest to</p>
<p class="toc_element">
<code><a href="#updatePolicy">updatePolicy(name, body, x__xgafv=None)</a></code></p>
<p class="firstline">Creates or updates a project's policy, and returns a copy of the</p>
<h3>Method Details</h3>
<div class="method">
<code class="details" id="getPolicy">getPolicy(name, x__xgafv=None)</code>
<pre>A policy specifies the attestors that must attest to
a container image, before the project is allowed to deploy that
image. There is at most one policy per project. All image admission
requests are permitted if a project has no policy.
Gets the policy for this project. Returns a default
policy if the project does not have one.
Args:
name: string, Required. The resource name of the policy to retrieve,
in the format `projects/*/policy`. (required)
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A policy for container image binary authorization.
"updateTime": "A String", # Output only. Time when the policy was last updated.
"description": "A String", # Optional. A descriptive comment.
"defaultAdmissionRule": { # An admission rule specifies either that all container images # Required. Default admission rule for a cluster without a per-cluster, per-
# kubernetes-service-account, or per-istio-service-identity admission rule.
# used in a pod creation request must be attested to by one or more
# attestors, that all pod creations will be allowed, or that all
# pod creations will be denied.
#
# Images matching an admission whitelist pattern
# are exempted from admission rules and will never block a pod creation.
"enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule.
"requireAttestationsBy": [ # Optional. The resource names of the attestors that must attest to
# a container image, in the format `projects/*/attestors/*`. Each
# attestor must exist before a policy can reference it. To add an attestor
# to a policy the principal issuing the policy change request must be able
# to read the attestor resource.
#
# Note: this field must be non-empty when the evaluation_mode field specifies
# REQUIRE_ATTESTATION, otherwise it must be empty.
"A String",
],
"evaluationMode": "A String", # Required. How this admission rule will be evaluated.
},
"admissionWhitelistPatterns": [ # Optional. Admission policy whitelisting. A matching admission request will
# always be permitted. This feature is typically used to exclude Google or
# third-party infrastructure images from Binary Authorization policies.
{ # An admission whitelist pattern exempts images
# from checks by admission rules.
"namePattern": "A String", # An image name pattern to whitelist, in the form `registry/path/to/image`.
# This supports a trailing `*` as a wildcard, but this is allowed only in
# text after the `registry/` part.
},
],
"globalPolicyEvaluationMode": "A String", # Optional. Controls the evaluation of a Google-maintained global admission
# policy for common system-level images. Images not covered by the global
# policy will be subject to the project admission policy. This setting
# has no effect when specified inside a global admission policy.
"clusterAdmissionRules": { # Optional. Per-cluster admission rules. Cluster spec format:
# `location.clusterId`. There can be at most one admission rule per cluster
# spec.
# A `location` is either a compute zone (e.g. us-central1-a) or a region
# (e.g. us-central1).
# For `clusterId` syntax restrictions see
# https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
"a_key": { # An admission rule specifies either that all container images
# used in a pod creation request must be attested to by one or more
# attestors, that all pod creations will be allowed, or that all
# pod creations will be denied.
#
# Images matching an admission whitelist pattern
# are exempted from admission rules and will never block a pod creation.
"enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule.
"requireAttestationsBy": [ # Optional. The resource names of the attestors that must attest to
# a container image, in the format `projects/*/attestors/*`. Each
# attestor must exist before a policy can reference it. To add an attestor
# to a policy the principal issuing the policy change request must be able
# to read the attestor resource.
#
# Note: this field must be non-empty when the evaluation_mode field specifies
# REQUIRE_ATTESTATION, otherwise it must be empty.
"A String",
],
"evaluationMode": "A String", # Required. How this admission rule will be evaluated.
},
},
"name": "A String", # Output only. The resource name, in the format `projects/*/policy`. There is
# at most one policy per project.
}</pre>
</div>
<div class="method">
<code class="details" id="updatePolicy">updatePolicy(name, body, x__xgafv=None)</code>
<pre>Creates or updates a project's policy, and returns a copy of the
new policy. A policy is always updated as a whole, to avoid race
conditions with concurrent policy enforcement (or management!)
requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
if the request is malformed.
Args:
name: string, Output only. The resource name, in the format `projects/*/policy`. There is
at most one policy per project. (required)
body: object, The request body. (required)
The object takes the form of:
{ # A policy for container image binary authorization.
"updateTime": "A String", # Output only. Time when the policy was last updated.
"description": "A String", # Optional. A descriptive comment.
"defaultAdmissionRule": { # An admission rule specifies either that all container images # Required. Default admission rule for a cluster without a per-cluster, per-
# kubernetes-service-account, or per-istio-service-identity admission rule.
# used in a pod creation request must be attested to by one or more
# attestors, that all pod creations will be allowed, or that all
# pod creations will be denied.
#
# Images matching an admission whitelist pattern
# are exempted from admission rules and will never block a pod creation.
"enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule.
"requireAttestationsBy": [ # Optional. The resource names of the attestors that must attest to
# a container image, in the format `projects/*/attestors/*`. Each
# attestor must exist before a policy can reference it. To add an attestor
# to a policy the principal issuing the policy change request must be able
# to read the attestor resource.
#
# Note: this field must be non-empty when the evaluation_mode field specifies
# REQUIRE_ATTESTATION, otherwise it must be empty.
"A String",
],
"evaluationMode": "A String", # Required. How this admission rule will be evaluated.
},
"admissionWhitelistPatterns": [ # Optional. Admission policy whitelisting. A matching admission request will
# always be permitted. This feature is typically used to exclude Google or
# third-party infrastructure images from Binary Authorization policies.
{ # An admission whitelist pattern exempts images
# from checks by admission rules.
"namePattern": "A String", # An image name pattern to whitelist, in the form `registry/path/to/image`.
# This supports a trailing `*` as a wildcard, but this is allowed only in
# text after the `registry/` part.
},
],
"globalPolicyEvaluationMode": "A String", # Optional. Controls the evaluation of a Google-maintained global admission
# policy for common system-level images. Images not covered by the global
# policy will be subject to the project admission policy. This setting
# has no effect when specified inside a global admission policy.
"clusterAdmissionRules": { # Optional. Per-cluster admission rules. Cluster spec format:
# `location.clusterId`. There can be at most one admission rule per cluster
# spec.
# A `location` is either a compute zone (e.g. us-central1-a) or a region
# (e.g. us-central1).
# For `clusterId` syntax restrictions see
# https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
"a_key": { # An admission rule specifies either that all container images
# used in a pod creation request must be attested to by one or more
# attestors, that all pod creations will be allowed, or that all
# pod creations will be denied.
#
# Images matching an admission whitelist pattern
# are exempted from admission rules and will never block a pod creation.
"enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule.
"requireAttestationsBy": [ # Optional. The resource names of the attestors that must attest to
# a container image, in the format `projects/*/attestors/*`. Each
# attestor must exist before a policy can reference it. To add an attestor
# to a policy the principal issuing the policy change request must be able
# to read the attestor resource.
#
# Note: this field must be non-empty when the evaluation_mode field specifies
# REQUIRE_ATTESTATION, otherwise it must be empty.
"A String",
],
"evaluationMode": "A String", # Required. How this admission rule will be evaluated.
},
},
"name": "A String", # Output only. The resource name, in the format `projects/*/policy`. There is
# at most one policy per project.
}
x__xgafv: string, V1 error format.
Allowed values
1 - v1 error format
2 - v2 error format
Returns:
An object of the form:
{ # A policy for container image binary authorization.
"updateTime": "A String", # Output only. Time when the policy was last updated.
"description": "A String", # Optional. A descriptive comment.
"defaultAdmissionRule": { # An admission rule specifies either that all container images # Required. Default admission rule for a cluster without a per-cluster, per-
# kubernetes-service-account, or per-istio-service-identity admission rule.
# used in a pod creation request must be attested to by one or more
# attestors, that all pod creations will be allowed, or that all
# pod creations will be denied.
#
# Images matching an admission whitelist pattern
# are exempted from admission rules and will never block a pod creation.
"enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule.
"requireAttestationsBy": [ # Optional. The resource names of the attestors that must attest to
# a container image, in the format `projects/*/attestors/*`. Each
# attestor must exist before a policy can reference it. To add an attestor
# to a policy the principal issuing the policy change request must be able
# to read the attestor resource.
#
# Note: this field must be non-empty when the evaluation_mode field specifies
# REQUIRE_ATTESTATION, otherwise it must be empty.
"A String",
],
"evaluationMode": "A String", # Required. How this admission rule will be evaluated.
},
"admissionWhitelistPatterns": [ # Optional. Admission policy whitelisting. A matching admission request will
# always be permitted. This feature is typically used to exclude Google or
# third-party infrastructure images from Binary Authorization policies.
{ # An admission whitelist pattern exempts images
# from checks by admission rules.
"namePattern": "A String", # An image name pattern to whitelist, in the form `registry/path/to/image`.
# This supports a trailing `*` as a wildcard, but this is allowed only in
# text after the `registry/` part.
},
],
"globalPolicyEvaluationMode": "A String", # Optional. Controls the evaluation of a Google-maintained global admission
# policy for common system-level images. Images not covered by the global
# policy will be subject to the project admission policy. This setting
# has no effect when specified inside a global admission policy.
"clusterAdmissionRules": { # Optional. Per-cluster admission rules. Cluster spec format:
# `location.clusterId`. There can be at most one admission rule per cluster
# spec.
# A `location` is either a compute zone (e.g. us-central1-a) or a region
# (e.g. us-central1).
# For `clusterId` syntax restrictions see
# https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
"a_key": { # An admission rule specifies either that all container images
# used in a pod creation request must be attested to by one or more
# attestors, that all pod creations will be allowed, or that all
# pod creations will be denied.
#
# Images matching an admission whitelist pattern
# are exempted from admission rules and will never block a pod creation.
"enforcementMode": "A String", # Required. The action when a pod creation is denied by the admission rule.
"requireAttestationsBy": [ # Optional. The resource names of the attestors that must attest to
# a container image, in the format `projects/*/attestors/*`. Each
# attestor must exist before a policy can reference it. To add an attestor
# to a policy the principal issuing the policy change request must be able
# to read the attestor resource.
#
# Note: this field must be non-empty when the evaluation_mode field specifies
# REQUIRE_ATTESTATION, otherwise it must be empty.
"A String",
],
"evaluationMode": "A String", # Required. How this admission rule will be evaluated.
},
},
"name": "A String", # Output only. The resource name, in the format `projects/*/policy`. There is
# at most one policy per project.
}</pre>
</div>
</body></html>
Reference in new issue View Git Blame Copy Permalink