public final class AdmissionRule extends com.google.protobuf.GeneratedMessageV3 implements AdmissionRuleOrBuilder
An [admission rule][google.cloud.binaryauthorization.v1beta1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1beta1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied. Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.Protobuf type
google.cloud.binaryauthorization.v1beta1.AdmissionRule| Modifier and Type | Class and Description |
|---|---|
static class |
AdmissionRule.Builder
An [admission rule][google.cloud.binaryauthorization.v1beta1.AdmissionRule] specifies either that all container images
used in a pod creation request must be attested to by one or more
[attestors][google.cloud.binaryauthorization.v1beta1.Attestor], that all pod creations will be allowed, or that all
pod creations will be denied.
|
static class |
AdmissionRule.EnforcementMode
Defines the possible actions when a pod creation is denied by an admission
rule.
|
static class |
AdmissionRule.EvaluationMode
Protobuf enum
google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationMode |
com.google.protobuf.GeneratedMessageV3.BuilderParent, com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>,BuilderT extends com.google.protobuf.GeneratedMessageV3.ExtendableBuilder<MessageT,BuilderT>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessageV3.ExtendableMessageOrBuilder<MessageT extends com.google.protobuf.GeneratedMessageV3.ExtendableMessage<MessageT>>, com.google.protobuf.GeneratedMessageV3.FieldAccessorTable, com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter| Modifier and Type | Field and Description |
|---|---|
static int |
ENFORCEMENT_MODE_FIELD_NUMBER |
static int |
EVALUATION_MODE_FIELD_NUMBER |
static int |
REQUIRE_ATTESTATIONS_BY_FIELD_NUMBER |
| Modifier and Type | Method and Description |
|---|---|
boolean |
equals(Object obj) |
static AdmissionRule |
getDefaultInstance() |
AdmissionRule |
getDefaultInstanceForType() |
static com.google.protobuf.Descriptors.Descriptor |
getDescriptor() |
AdmissionRule.EnforcementMode |
getEnforcementMode()
Required.
|
int |
getEnforcementModeValue()
Required.
|
AdmissionRule.EvaluationMode |
getEvaluationMode()
Required.
|
int |
getEvaluationModeValue()
Required.
|
com.google.protobuf.Parser<AdmissionRule> |
getParserForType() |
String |
getRequireAttestationsBy(int index)
Optional.
|
com.google.protobuf.ByteString |
getRequireAttestationsByBytes(int index)
Optional.
|
int |
getRequireAttestationsByCount()
Optional.
|
com.google.protobuf.ProtocolStringList |
getRequireAttestationsByList()
Optional.
|
int |
getSerializedSize() |
int |
hashCode() |
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable |
internalGetFieldAccessorTable() |
boolean |
isInitialized() |
static AdmissionRule.Builder |
newBuilder() |
static AdmissionRule.Builder |
newBuilder(AdmissionRule prototype) |
AdmissionRule.Builder |
newBuilderForType() |
protected AdmissionRule.Builder |
newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent) |
protected Object |
newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused) |
static AdmissionRule |
parseDelimitedFrom(InputStream input) |
static AdmissionRule |
parseDelimitedFrom(InputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
static AdmissionRule |
parseFrom(byte[] data) |
static AdmissionRule |
parseFrom(byte[] data,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
static AdmissionRule |
parseFrom(ByteBuffer data) |
static AdmissionRule |
parseFrom(ByteBuffer data,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
static AdmissionRule |
parseFrom(com.google.protobuf.ByteString data) |
static AdmissionRule |
parseFrom(com.google.protobuf.ByteString data,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
static AdmissionRule |
parseFrom(com.google.protobuf.CodedInputStream input) |
static AdmissionRule |
parseFrom(com.google.protobuf.CodedInputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
static AdmissionRule |
parseFrom(InputStream input) |
static AdmissionRule |
parseFrom(InputStream input,
com.google.protobuf.ExtensionRegistryLite extensionRegistry) |
static com.google.protobuf.Parser<AdmissionRule> |
parser() |
AdmissionRule.Builder |
toBuilder() |
void |
writeTo(com.google.protobuf.CodedOutputStream output) |
canUseUnsafe, computeStringSize, computeStringSizeNoTag, emptyBooleanList, emptyDoubleList, emptyFloatList, emptyIntList, emptyList, emptyLongList, getAllFields, getDescriptorForType, getField, getOneofFieldDescriptor, getRepeatedField, getRepeatedFieldCount, getUnknownFields, hasField, hasOneof, internalGetMapField, internalGetMapFieldReflection, isStringEmpty, makeExtensionsImmutable, makeMutableCopy, makeMutableCopy, mergeFromAndMakeImmutableInternal, mutableCopy, mutableCopy, mutableCopy, mutableCopy, mutableCopy, newBooleanList, newBuilderForType, newDoubleList, newFloatList, newIntList, newLongList, parseDelimitedWithIOException, parseDelimitedWithIOException, parseUnknownField, parseUnknownFieldProto3, parseWithIOException, parseWithIOException, parseWithIOException, parseWithIOException, serializeBooleanMapTo, serializeIntegerMapTo, serializeLongMapTo, serializeStringMapTo, writeReplace, writeString, writeStringNoTagfindInitializationErrors, getInitializationErrorString, hashBoolean, hashEnum, hashEnumList, hashFields, hashLong, toStringaddAll, addAll, checkByteStringIsUtf8, toByteArray, toByteString, writeDelimitedTo, writeToclone, finalize, getClass, notify, notifyAll, wait, wait, waitpublic static final int EVALUATION_MODE_FIELD_NUMBER
public static final int REQUIRE_ATTESTATIONS_BY_FIELD_NUMBER
public static final int ENFORCEMENT_MODE_FIELD_NUMBER
protected Object newInstance(com.google.protobuf.GeneratedMessageV3.UnusedPrivateParameter unused)
newInstance in class com.google.protobuf.GeneratedMessageV3public static final com.google.protobuf.Descriptors.Descriptor getDescriptor()
protected com.google.protobuf.GeneratedMessageV3.FieldAccessorTable internalGetFieldAccessorTable()
internalGetFieldAccessorTable in class com.google.protobuf.GeneratedMessageV3public int getEvaluationModeValue()
Required. How this admission rule will be evaluated.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
getEvaluationModeValue in interface AdmissionRuleOrBuilderpublic AdmissionRule.EvaluationMode getEvaluationMode()
Required. How this admission rule will be evaluated.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EvaluationMode evaluation_mode = 1 [(.google.api.field_behavior) = REQUIRED];
getEvaluationMode in interface AdmissionRuleOrBuilderpublic com.google.protobuf.ProtocolStringList getRequireAttestationsByList()
Optional. The resource names of the attestors that must attest to a container image, in the format `projects/*/attestors/*`. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource. Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.
repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
getRequireAttestationsByList in interface AdmissionRuleOrBuilderpublic int getRequireAttestationsByCount()
Optional. The resource names of the attestors that must attest to a container image, in the format `projects/*/attestors/*`. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource. Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.
repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
getRequireAttestationsByCount in interface AdmissionRuleOrBuilderpublic String getRequireAttestationsBy(int index)
Optional. The resource names of the attestors that must attest to a container image, in the format `projects/*/attestors/*`. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource. Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.
repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
getRequireAttestationsBy in interface AdmissionRuleOrBuilderindex - The index of the element to return.public com.google.protobuf.ByteString getRequireAttestationsByBytes(int index)
Optional. The resource names of the attestors that must attest to a container image, in the format `projects/*/attestors/*`. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource. Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.
repeated string require_attestations_by = 2 [(.google.api.field_behavior) = OPTIONAL];
getRequireAttestationsByBytes in interface AdmissionRuleOrBuilderindex - The index of the value to return.public int getEnforcementModeValue()
Required. The action when a pod creation is denied by the admission rule.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
getEnforcementModeValue in interface AdmissionRuleOrBuilderpublic AdmissionRule.EnforcementMode getEnforcementMode()
Required. The action when a pod creation is denied by the admission rule.
.google.cloud.binaryauthorization.v1beta1.AdmissionRule.EnforcementMode enforcement_mode = 3 [(.google.api.field_behavior) = REQUIRED];
getEnforcementMode in interface AdmissionRuleOrBuilderpublic final boolean isInitialized()
isInitialized in interface com.google.protobuf.MessageLiteOrBuilderisInitialized in class com.google.protobuf.GeneratedMessageV3public void writeTo(com.google.protobuf.CodedOutputStream output)
throws IOException
writeTo in interface com.google.protobuf.MessageLitewriteTo in class com.google.protobuf.GeneratedMessageV3IOExceptionpublic int getSerializedSize()
getSerializedSize in interface com.google.protobuf.MessageLitegetSerializedSize in class com.google.protobuf.GeneratedMessageV3public boolean equals(Object obj)
equals in interface com.google.protobuf.Messageequals in class com.google.protobuf.AbstractMessagepublic int hashCode()
hashCode in interface com.google.protobuf.MessagehashCode in class com.google.protobuf.AbstractMessagepublic static AdmissionRule parseFrom(ByteBuffer data) throws com.google.protobuf.InvalidProtocolBufferException
com.google.protobuf.InvalidProtocolBufferExceptionpublic static AdmissionRule parseFrom(ByteBuffer data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
com.google.protobuf.InvalidProtocolBufferExceptionpublic static AdmissionRule parseFrom(com.google.protobuf.ByteString data) throws com.google.protobuf.InvalidProtocolBufferException
com.google.protobuf.InvalidProtocolBufferExceptionpublic static AdmissionRule parseFrom(com.google.protobuf.ByteString data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
com.google.protobuf.InvalidProtocolBufferExceptionpublic static AdmissionRule parseFrom(byte[] data) throws com.google.protobuf.InvalidProtocolBufferException
com.google.protobuf.InvalidProtocolBufferExceptionpublic static AdmissionRule parseFrom(byte[] data, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws com.google.protobuf.InvalidProtocolBufferException
com.google.protobuf.InvalidProtocolBufferExceptionpublic static AdmissionRule parseFrom(InputStream input) throws IOException
IOExceptionpublic static AdmissionRule parseFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
IOExceptionpublic static AdmissionRule parseDelimitedFrom(InputStream input) throws IOException
IOExceptionpublic static AdmissionRule parseDelimitedFrom(InputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
IOExceptionpublic static AdmissionRule parseFrom(com.google.protobuf.CodedInputStream input) throws IOException
IOExceptionpublic static AdmissionRule parseFrom(com.google.protobuf.CodedInputStream input, com.google.protobuf.ExtensionRegistryLite extensionRegistry) throws IOException
IOExceptionpublic AdmissionRule.Builder newBuilderForType()
newBuilderForType in interface com.google.protobuf.MessagenewBuilderForType in interface com.google.protobuf.MessageLitepublic static AdmissionRule.Builder newBuilder()
public static AdmissionRule.Builder newBuilder(AdmissionRule prototype)
public AdmissionRule.Builder toBuilder()
toBuilder in interface com.google.protobuf.MessagetoBuilder in interface com.google.protobuf.MessageLiteprotected AdmissionRule.Builder newBuilderForType(com.google.protobuf.GeneratedMessageV3.BuilderParent parent)
newBuilderForType in class com.google.protobuf.GeneratedMessageV3public static AdmissionRule getDefaultInstance()
public static com.google.protobuf.Parser<AdmissionRule> parser()
public com.google.protobuf.Parser<AdmissionRule> getParserForType()
getParserForType in interface com.google.protobuf.MessagegetParserForType in interface com.google.protobuf.MessageLitegetParserForType in class com.google.protobuf.GeneratedMessageV3public AdmissionRule getDefaultInstanceForType()
getDefaultInstanceForType in interface com.google.protobuf.MessageLiteOrBuildergetDefaultInstanceForType in interface com.google.protobuf.MessageOrBuilderCopyright © 2023 Google LLC. All rights reserved.