- 1.77.0 (latest)
- 1.75.0
- 1.74.0
- 1.73.0
- 1.72.0
- 1.71.0
- 1.69.0
- 1.67.0
- 1.66.0
- 1.63.0
- 1.62.0
- 1.61.0
- 1.59.0
- 1.58.0
- 1.57.0
- 1.56.0
- 1.55.0
- 1.54.0
- 1.53.0
- 1.52.0
- 1.51.0
- 1.50.0
- 1.48.0
- 1.47.0
- 1.46.0
- 1.45.0
- 1.44.0
- 1.43.0
- 1.42.0
- 1.41.0
- 1.40.0
- 1.39.0
- 1.38.0
- 1.36.0
- 1.35.0
- 1.34.0
- 1.33.0
- 1.32.0
- 1.31.0
- 1.30.0
- 1.29.0
- 1.28.0
- 1.27.0
- 1.26.0
- 1.23.0
- 1.22.0
- 1.21.0
- 1.20.0
- 1.19.0
- 1.18.0
- 1.17.0
- 1.16.0
- 1.15.0
- 1.14.0
- 1.13.0
- 1.12.0
- 1.11.0
- 1.10.0
- 1.9.0
- 1.8.0
- 1.7.0
- 1.6.0
- 1.5.0
- 1.4.0
- 1.3.0
- 1.0.6
public interface PolicyOrBuilder extends MessageOrBuilderImplements
MessageOrBuilderMethods
containsClusterAdmissionRules(String key)
public abstract boolean containsClusterAdmissionRules(String key) Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
key |
String |
| Type | Description |
boolean |
containsIstioServiceIdentityAdmissionRules(String key)
public abstract boolean containsIstioServiceIdentityAdmissionRules(String key) Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
key |
String |
| Type | Description |
boolean |
containsKubernetesNamespaceAdmissionRules(String key)
public abstract boolean containsKubernetesNamespaceAdmissionRules(String key) Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. some-namespace
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
key |
String |
| Type | Description |
boolean |
containsKubernetesServiceAccountAdmissionRules(String key)
public abstract boolean containsKubernetesServiceAccountAdmissionRules(String key) Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. test-ns:default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
key |
String |
| Type | Description |
boolean |
getAdmissionWhitelistPatterns(int index)
public abstract AdmissionWhitelistPattern getAdmissionWhitelistPatterns(int index)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
index |
int |
| Type | Description |
AdmissionWhitelistPattern |
getAdmissionWhitelistPatternsCount()
public abstract int getAdmissionWhitelistPatternsCount()Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
int |
getAdmissionWhitelistPatternsList()
public abstract List<AdmissionWhitelistPattern> getAdmissionWhitelistPatternsList()Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
List<AdmissionWhitelistPattern> |
getAdmissionWhitelistPatternsOrBuilder(int index)
public abstract AdmissionWhitelistPatternOrBuilder getAdmissionWhitelistPatternsOrBuilder(int index)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
index |
int |
| Type | Description |
AdmissionWhitelistPatternOrBuilder |
getAdmissionWhitelistPatternsOrBuilderList()
public abstract List<? extends AdmissionWhitelistPatternOrBuilder> getAdmissionWhitelistPatternsOrBuilderList()Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
List<? extends com.google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPatternOrBuilder> |
getClusterAdmissionRules()
public abstract Map<String,AdmissionRule> getClusterAdmissionRules()Use #getClusterAdmissionRulesMap() instead.
| Type | Description |
Map<String,AdmissionRule> |
getClusterAdmissionRulesCount()
public abstract int getClusterAdmissionRulesCount() Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
int |
getClusterAdmissionRulesMap()
public abstract Map<String,AdmissionRule> getClusterAdmissionRulesMap() Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
Map<String,AdmissionRule> |
getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
public abstract AdmissionRule getClusterAdmissionRulesOrDefault(String key, AdmissionRule defaultValue) Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
key |
String |
defaultValue |
AdmissionRule |
| Type | Description |
AdmissionRule |
getClusterAdmissionRulesOrThrow(String key)
public abstract AdmissionRule getClusterAdmissionRulesOrThrow(String key) Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
key |
String |
| Type | Description |
AdmissionRule |
getDefaultAdmissionRule()
public abstract AdmissionRule getDefaultAdmissionRule()Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
| Type | Description |
AdmissionRule |
The defaultAdmissionRule. |
getDefaultAdmissionRuleOrBuilder()
public abstract AdmissionRuleOrBuilder getDefaultAdmissionRuleOrBuilder()Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
| Type | Description |
AdmissionRuleOrBuilder |
getDescription()
public abstract String getDescription()Optional. A descriptive comment.
string description = 6 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
String |
The description. |
getDescriptionBytes()
public abstract ByteString getDescriptionBytes()Optional. A descriptive comment.
string description = 6 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
ByteString |
The bytes for description. |
getGlobalPolicyEvaluationMode()
public abstract Policy.GlobalPolicyEvaluationMode getGlobalPolicyEvaluationMode()Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
Policy.GlobalPolicyEvaluationMode |
The globalPolicyEvaluationMode. |
getGlobalPolicyEvaluationModeValue()
public abstract int getGlobalPolicyEvaluationModeValue()Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
int |
The enum numeric value on the wire for globalPolicyEvaluationMode. |
getIstioServiceIdentityAdmissionRules()
public abstract Map<String,AdmissionRule> getIstioServiceIdentityAdmissionRules()Use #getIstioServiceIdentityAdmissionRulesMap() instead.
| Type | Description |
Map<String,AdmissionRule> |
getIstioServiceIdentityAdmissionRulesCount()
public abstract int getIstioServiceIdentityAdmissionRulesCount() Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
int |
getIstioServiceIdentityAdmissionRulesMap()
public abstract Map<String,AdmissionRule> getIstioServiceIdentityAdmissionRulesMap() Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
Map<String,AdmissionRule> |
getIstioServiceIdentityAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
public abstract AdmissionRule getIstioServiceIdentityAdmissionRulesOrDefault(String key, AdmissionRule defaultValue) Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
key |
String |
defaultValue |
AdmissionRule |
| Type | Description |
AdmissionRule |
getIstioServiceIdentityAdmissionRulesOrThrow(String key)
public abstract AdmissionRule getIstioServiceIdentityAdmissionRulesOrThrow(String key) Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
key |
String |
| Type | Description |
AdmissionRule |
getKubernetesNamespaceAdmissionRules()
public abstract Map<String,AdmissionRule> getKubernetesNamespaceAdmissionRules()Use #getKubernetesNamespaceAdmissionRulesMap() instead.
| Type | Description |
Map<String,AdmissionRule> |
getKubernetesNamespaceAdmissionRulesCount()
public abstract int getKubernetesNamespaceAdmissionRulesCount() Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. some-namespace
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
int |
getKubernetesNamespaceAdmissionRulesMap()
public abstract Map<String,AdmissionRule> getKubernetesNamespaceAdmissionRulesMap() Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. some-namespace
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
Map<String,AdmissionRule> |
getKubernetesNamespaceAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
public abstract AdmissionRule getKubernetesNamespaceAdmissionRulesOrDefault(String key, AdmissionRule defaultValue) Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. some-namespace
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
key |
String |
defaultValue |
AdmissionRule |
| Type | Description |
AdmissionRule |
getKubernetesNamespaceAdmissionRulesOrThrow(String key)
public abstract AdmissionRule getKubernetesNamespaceAdmissionRulesOrThrow(String key) Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
[a-z.-]+, e.g. some-namespace
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
key |
String |
| Type | Description |
AdmissionRule |
getKubernetesServiceAccountAdmissionRules()
public abstract Map<String,AdmissionRule> getKubernetesServiceAccountAdmissionRules()Use #getKubernetesServiceAccountAdmissionRulesMap() instead.
| Type | Description |
Map<String,AdmissionRule> |
getKubernetesServiceAccountAdmissionRulesCount()
public abstract int getKubernetesServiceAccountAdmissionRulesCount() Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. test-ns:default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
int |
getKubernetesServiceAccountAdmissionRulesMap()
public abstract Map<String,AdmissionRule> getKubernetesServiceAccountAdmissionRulesMap() Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. test-ns:default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
| Type | Description |
Map<String,AdmissionRule> |
getKubernetesServiceAccountAdmissionRulesOrDefault(String key, AdmissionRule defaultValue)
public abstract AdmissionRule getKubernetesServiceAccountAdmissionRulesOrDefault(String key, AdmissionRule defaultValue) Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. test-ns:default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
key |
String |
defaultValue |
AdmissionRule |
| Type | Description |
AdmissionRule |
getKubernetesServiceAccountAdmissionRulesOrThrow(String key)
public abstract AdmissionRule getKubernetesServiceAccountAdmissionRulesOrThrow(String key) Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. test-ns:default
map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
| Name | Description |
key |
String |
| Type | Description |
AdmissionRule |
getName()
public abstract String getName() Output only. The resource name, in the format projects/*/policy. There is
at most one policy per project.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
| Type | Description |
String |
The name. |
getNameBytes()
public abstract ByteString getNameBytes() Output only. The resource name, in the format projects/*/policy. There is
at most one policy per project.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
| Type | Description |
ByteString |
The bytes for name. |
getUpdateTime()
public abstract Timestamp getUpdateTime()Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
| Type | Description |
Timestamp |
The updateTime. |
getUpdateTimeOrBuilder()
public abstract TimestampOrBuilder getUpdateTimeOrBuilder()Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
| Type | Description |
TimestampOrBuilder |
hasDefaultAdmissionRule()
public abstract boolean hasDefaultAdmissionRule()Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
| Type | Description |
boolean |
Whether the defaultAdmissionRule field is set. |
hasUpdateTime()
public abstract boolean hasUpdateTime()Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
| Type | Description |
boolean |
Whether the updateTime field is set. |