Class CheckSet

A conjunction of policy checks, scoped to a particular namespace or Kubernetes service account. In order for evaluation of a CheckSet to return "allowed" for a given image in a given Pod, one of the following conditions must be satisfied: * The image is explicitly exempted by an entry in image_allowlist, OR * ALL of the checks evaluate to "allowed".

Inheritance
object
CheckSet
Implements
Inherited Members
Namespace: Google.Apis.BinaryAuthorization.v1.Data
Assembly: Google.Apis.BinaryAuthorization.v1.dll
Syntax
public class CheckSet : IDirectResponseSchema

Properties

Checks

Optional. The checks to apply. The ultimate result of evaluating the check set will be "allow" if and only if every check in checks evaluates to "allow". If checks is empty, the default behavior is "always allow".

Declaration
[JsonProperty("checks")]
public virtual IList<Check> Checks { get; set; }
Property Value
Type Description
IList<Check>

DisplayName

Optional. A user-provided name for this CheckSet. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.

Declaration
[JsonProperty("displayName")]
public virtual string DisplayName { get; set; }
Property Value
Type Description
string

ETag

The ETag of the item.

Declaration
public virtual string ETag { get; set; }
Property Value
Type Description
string

ImageAllowlist

Optional. Images exempted from this CheckSet. If any of the patterns match the image being evaluated, no checks in the CheckSet will be evaluated.

Declaration
[JsonProperty("imageAllowlist")]
public virtual ImageAllowlist ImageAllowlist { get; set; }
Property Value
Type Description
ImageAllowlist

Scope

Optional. The scope to which this CheckSet applies. If unset or an empty string (the default), applies to all namespaces and service accounts. See the Scope message documentation for details on scoping rules.

Declaration
[JsonProperty("scope")]
public virtual Scope Scope { get; set; }
Property Value
Type Description
Scope

Implements