Categorycloud.google.com/go/binaryauthorizationapiv1binaryauthorizationpb
package
1.9.3
Repository: https://github.com/googleapis/google-cloud-go.git
Documentation: pkg.go.dev
Overview
Versions
1
Dependencies
12
Dependents
3
Files
2.5k SLOC

# Functions

No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author
No description provided by the author

# Constants

This rule allows all all pod creations.
This rule denies all pod creations.
Dryrun mode: Audit logging only.
Enforce the admission rule by blocking the pod creation.
Do not use.
Do not use.
This rule allows a pod creation if all the attestors listed in 'require_attestations_by' have valid attestations for all of the images in the pod spec.
ECDSA on the NIST P-256 curve with a SHA256 digest.
ECDSA on the NIST P-384 curve with a SHA384 digest.
ECDSA on the NIST P-521 curve with a SHA512 digest.
ECDSA on the NIST P-256 curve with a SHA256 digest.
ECDSA on the NIST P-384 curve with a SHA384 digest.
ECDSA on the NIST P-521 curve with a SHA512 digest.
RSASSA-PSS 2048 bit key with a SHA256 digest.
RSASSA-PSS 3072 bit key with a SHA256 digest.
RSASSA-PSS 4096 bit key with a SHA256 digest.
RSASSA-PSS 4096 bit key with a SHA512 digest.
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
Not specified.
Disables system policy evaluation.
Enables system policy evaluation.
Not specified: DISABLE is assumed.
The Attestation was not able to verified by the Attestor.
Unspecified.
The Attestation was able to verified by the Attestor.

# Variables

Enum value maps for AdmissionRule_EnforcementMode.
Enum value maps for AdmissionRule_EnforcementMode.
Enum value maps for AdmissionRule_EvaluationMode.
Enum value maps for AdmissionRule_EvaluationMode.
No description provided by the author
No description provided by the author
Enum value maps for PkixPublicKey_SignatureAlgorithm.
Enum value maps for PkixPublicKey_SignatureAlgorithm.
Enum value maps for Policy_GlobalPolicyEvaluationMode.
Enum value maps for Policy_GlobalPolicyEvaluationMode.
Enum value maps for ValidateAttestationOccurrenceResponse_Result.
Enum value maps for ValidateAttestationOccurrenceResponse_Result.

# Structs

An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied.
An [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1.AdmissionRule].
An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image artifacts.
No description provided by the author
An [attestor public key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.
No description provided by the author
No description provided by the author
Request message for [BinauthzManagementService.CreateAttestor][].
Request message for [BinauthzManagementService.DeleteAttestor][].
Request message for [BinauthzManagementService.GetAttestor][].
Request message for [BinauthzManagementService.GetPolicy][].
Request to read the current system policy.
Request message for [BinauthzManagementService.ListAttestors][].
Response message for [BinauthzManagementService.ListAttestors][].
A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details).
A [policy][google.cloud.binaryauthorization.v1.Policy] for container image binary authorization.
UnimplementedBinauthzManagementServiceV1Server can be embedded to have forward compatible implementations.
UnimplementedSystemPolicyV1Server can be embedded to have forward compatible implementations.
UnimplementedValidationHelperV1Server can be embedded to have forward compatible implementations.
Request message for [BinauthzManagementService.UpdateAttestor][].
Request message for [BinauthzManagementService.UpdatePolicy][].
An [user owned Grafeas note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a Grafeas Attestation.Authority Note created by the user.
Request message for [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].
Response message for [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].

# Interfaces

BinauthzManagementServiceV1Client is the client API for BinauthzManagementServiceV1 service.
BinauthzManagementServiceV1Server is the server API for BinauthzManagementServiceV1 service.
SystemPolicyV1Client is the client API for SystemPolicyV1 service.
SystemPolicyV1Server is the server API for SystemPolicyV1 service.
ValidationHelperV1Client is the client API for ValidationHelperV1 service.
ValidationHelperV1Server is the server API for ValidationHelperV1 service.

# Type aliases

Defines the possible actions when a pod creation is denied by an admission rule.
No description provided by the author
Represents a signature algorithm and other information necessary to verify signatures with a given public key.
No description provided by the author
The enum returned in the "result" field.