Class Policy

A policy for container image binary authorization.

Inheritance

object

Policy

Implements

IDirectResponseSchema

Inherited Members

object.Equals(object)

object.Equals(object, object)

object.GetHashCode()

object.GetType()

object.MemberwiseClone()

object.ReferenceEquals(object, object)

object.ToString()

Namespace: Google.Apis.BinaryAuthorization.v1.Data

Assembly: Google.Apis.BinaryAuthorization.v1.dll

Syntax

public class Policy : IDirectResponseSchema

Properties

AdmissionWhitelistPatterns

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

Declaration

[JsonProperty("admissionWhitelistPatterns")]
public virtual IList<AdmissionWhitelistPattern> AdmissionWhitelistPatterns { get; set; }

Property Value

Type	Description
IList<AdmissionWhitelistPattern>

ClusterAdmissionRules

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

Declaration

[JsonProperty("clusterAdmissionRules")]
public virtual IDictionary<string, AdmissionRule> ClusterAdmissionRules { get; set; }

Property Value

Type	Description
IDictionary<string, AdmissionRule>

DefaultAdmissionRule

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

Declaration

[JsonProperty("defaultAdmissionRule")]
public virtual AdmissionRule DefaultAdmissionRule { get; set; }

Property Value

Type	Description
AdmissionRule

Description

Optional. A descriptive comment.

Declaration

[JsonProperty("description")]
public virtual string Description { get; set; }

Property Value

Type	Description
string

ETag

Optional. A checksum, returned by the server, that can be sent on update requests to ensure the policy has an up-to-date value before attempting to update it. See https://google.aip.dev/154.

Declaration

[JsonProperty("etag")]
public virtual string ETag { get; set; }

Property Value

Type	Description
string

GlobalPolicyEvaluationMode

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

Declaration

[JsonProperty("globalPolicyEvaluationMode")]
public virtual string GlobalPolicyEvaluationMode { get; set; }

Property Value

Type	Description
string

IstioServiceIdentityAdmissionRules

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. spiffe://example.com/ns/test-ns/sa/default

Declaration

[JsonProperty("istioServiceIdentityAdmissionRules")]
public virtual IDictionary<string, AdmissionRule> IstioServiceIdentityAdmissionRules { get; set; }

Property Value

Type	Description
IDictionary<string, AdmissionRule>

KubernetesNamespaceAdmissionRules

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

Declaration

[JsonProperty("kubernetesNamespaceAdmissionRules")]
public virtual IDictionary<string, AdmissionRule> KubernetesNamespaceAdmissionRules { get; set; }

Property Value

Type	Description
IDictionary<string, AdmissionRule>

KubernetesServiceAccountAdmissionRules

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

Declaration

[JsonProperty("kubernetesServiceAccountAdmissionRules")]
public virtual IDictionary<string, AdmissionRule> KubernetesServiceAccountAdmissionRules { get; set; }

Property Value

Type	Description
IDictionary<string, AdmissionRule>

Name

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

Declaration

[JsonProperty("name")]
public virtual string Name { get; set; }

Property Value

Type	Description
string

UpdateTime

object representation of UpdateTimeRaw.

Declaration

[JsonIgnore]
[Obsolete("This property is obsolete and may behave unexpectedly; please use UpdateTimeDateTimeOffset instead.")]
public virtual object UpdateTime { get; set; }

Property Value

Type	Description
object

UpdateTimeDateTimeOffset

DateTimeOffset representation of UpdateTimeRaw.

Declaration

[JsonIgnore]
public virtual DateTimeOffset? UpdateTimeDateTimeOffset { get; set; }

Property Value

Type	Description
DateTimeOffset?

UpdateTimeRaw

Output only. Time when the policy was last updated.

Declaration

[JsonProperty("updateTime")]
public virtual string UpdateTimeRaw { get; set; }

Property Value

Type	Description
string

Implements

IDirectResponseSchema