Class: Google::Apis::BinaryauthorizationV1::Check

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb

Overview

A single check to perform against a Pod. Checks are grouped into CheckSets, which are defined by the top-level policy.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ Check

Returns a new instance of Check.



419
420
421
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 419

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#always_denyBoolean Also known as: always_deny?

Optional. A special-case check that always denies. Note that this still only applies when the scope of the CheckSet applies and the image isn't exempted by an image allowlist. This check is primarily useful for testing, or to set the default behavior for all unmatched scopes to "deny". Corresponds to the JSON property alwaysDeny

Returns:

  • (Boolean) 


374
375
376
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 374

def always_deny
  @always_deny
end

#display_nameString

Optional. A user-provided name for this Check. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results. Corresponds to the JSON property displayName

Returns:

  • (String) 


382
383
384
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 382

def display_name
  @display_name
end

#image_allowlistGoogle::Apis::BinaryauthorizationV1::ImageAllowlist

Images that are exempted from normal checks based on name pattern only. Corresponds to the JSON property imageAllowlist

Returns:



387
388
389
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 387

def image_allowlist
  @image_allowlist
end

#image_freshness_checkGoogle::Apis::BinaryauthorizationV1::ImageFreshnessCheck

An image freshness check, which rejects images that were uploaded before the set number of days ago to the supported repositories. Corresponds to the JSON property imageFreshnessCheck

Returns:



393
394
395
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 393

def image_freshness_check
  @image_freshness_check
end

#simple_signing_attestation_checkGoogle::Apis::BinaryauthorizationV1::SimpleSigningAttestationCheck

Require a signed DSSE attestation with type SimpleSigning. Corresponds to the JSON property simpleSigningAttestationCheck

Returns:



399
400
401
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 399

def simple_signing_attestation_check
  @simple_signing_attestation_check
end

#slsa_checkGoogle::Apis::BinaryauthorizationV1::SlsaCheck

A SLSA provenance attestation check, which ensures that images are built by a trusted builder using source code from its trusted repositories only. Corresponds to the JSON property slsaCheck

Returns:



405
406
407
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 405

def slsa_check
  @slsa_check
end

#trusted_directory_checkGoogle::Apis::BinaryauthorizationV1::TrustedDirectoryCheck

A trusted directory check, which rejects images that do not come from the set of user-configured trusted directories. Corresponds to the JSON property trustedDirectoryCheck

Returns:



411
412
413
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 411

def trusted_directory_check
  @trusted_directory_check
end

#vulnerability_checkGoogle::Apis::BinaryauthorizationV1::VulnerabilityCheck

An image vulnerability check, which rejects images that violate the configured vulnerability rules. Corresponds to the JSON property vulnerabilityCheck

Returns:



417
418
419
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 417

def vulnerability_check
  @vulnerability_check
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



424
425
426
427
428
429
430
431
432
433
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 424

def update!(**args)
  @always_deny = args[:always_deny] if args.key?(:always_deny)
  @display_name = args[:display_name] if args.key?(:display_name)
  @image_allowlist = args[:image_allowlist] if args.key?(:image_allowlist)
  @image_freshness_check = args[:image_freshness_check] if args.key?(:image_freshness_check)
  @simple_signing_attestation_check = args[:simple_signing_attestation_check] if args.key?(:simple_signing_attestation_check)
  @slsa_check = args[:slsa_check] if args.key?(:slsa_check)
  @trusted_directory_check = args[:trusted_directory_check] if args.key?(:trusted_directory_check)
  @vulnerability_check = args[:vulnerability_check] if args.key?(:vulnerability_check)
end