GoogleApi.BinaryAuthorization.V1.Model.Policy (google_api_binary_authorization v0.18.0)
View SourceA policy for container image binary authorization.
Attributes
-
admissionWhitelistPatterns(type:list(GoogleApi.BinaryAuthorization.V1.Model.AdmissionWhitelistPattern.t), default:nil) - Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies. -
clusterAdmissionRules(type:%{optional(String.t) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t}, default:nil) - Optional. A valid policy has only one of the following rule maps non-empty, i.e. only one ofcluster_admission_rules,kubernetes_namespace_admission_rules,kubernetes_service_account_admission_rules, oristio_service_identity_admission_rulescan be non-empty. Per-cluster admission rules. Cluster spec format:location.clusterId. There can be at most one admission rule per cluster spec. Alocationis either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). ForclusterIdsyntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters. -
defaultAdmissionRule(type:GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t, default:nil) - Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule. -
description(type:String.t, default:nil) - Optional. A descriptive comment. -
etag(type:String.t, default:nil) - Optional. A checksum, returned by the server, that can be sent on update requests to ensure the policy has an up-to-date value before attempting to update it. See https://google.aip.dev/154. -
globalPolicyEvaluationMode(type:String.t, default:nil) - Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy. -
istioServiceIdentityAdmissionRules(type:%{optional(String.t) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t}, default:nil) - Optional. Per-istio-service-identity admission rules. Istio service identity spec format:spiffe:///ns//sa/or/ns//sa/e.g.spiffe://example.com/ns/test-ns/sa/default -
kubernetesNamespaceAdmissionRules(type:%{optional(String.t) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t}, default:nil) - Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:[a-z.-]+, e.g.some-namespace -
kubernetesServiceAccountAdmissionRules(type:%{optional(String.t) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t}, default:nil) - Optional. Per-kubernetes-service-account admission rules. Service account spec format:namespace:serviceaccount. e.g.test-ns:default -
name(type:String.t, default:nil) - Output only. The resource name, in the formatprojects/*/policy. There is at most one policy per project. -
updateTime(type:DateTime.t, default:nil) - Output only. Time when the policy was last updated.
Summary
Functions
Unwrap a decoded JSON object into its complex fields.
Types
@type t() :: %GoogleApi.BinaryAuthorization.V1.Model.Policy{ admissionWhitelistPatterns: [GoogleApi.BinaryAuthorization.V1.Model.AdmissionWhitelistPattern.t()] | nil, clusterAdmissionRules: %{ optional(String.t()) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t() } | nil, defaultAdmissionRule: GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t() | nil, description: String.t() | nil, etag: String.t() | nil, globalPolicyEvaluationMode: String.t() | nil, istioServiceIdentityAdmissionRules: %{ optional(String.t()) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t() } | nil, kubernetesNamespaceAdmissionRules: %{ optional(String.t()) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t() } | nil, kubernetesServiceAccountAdmissionRules: %{ optional(String.t()) => GoogleApi.BinaryAuthorization.V1.Model.AdmissionRule.t() } | nil, name: String.t() | nil, updateTime: DateTime.t() | nil }