Class: Google::Apis::BinaryauthorizationV1::CheckSet

Inherits:

Object

• Object
• Google::Apis::BinaryauthorizationV1::CheckSet

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb

Overview

A conjunction of policy checks, scoped to a particular namespace or Kubernetes service account. In order for evaluation of a CheckSet to return "allowed" for a given image in a given Pod, one of the following conditions must be satisfied: * The image is explicitly exempted by an entry in image_allowlist, OR * ALL of the checks evaluate to "allowed".

Instance Attribute Summary

• #checks ⇒ Array<Google::Apis::BinaryauthorizationV1::Check>

  Optional.

• #display_name ⇒ String

  Optional.

• #image_allowlist ⇒ Google::Apis::BinaryauthorizationV1::ImageAllowlist

  Images that are exempted from normal checks based on name pattern only.

• #scope ⇒ Google::Apis::BinaryauthorizationV1::Scope

  A scope specifier for CheckSets.

Instance Method Summary

• #initialize(**args) ⇒ CheckSet constructor

  A new instance of CheckSet.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ CheckSet

Returns a new instance of CheckSet.

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 468

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#checks ⇒ Array<Google::Apis::BinaryauthorizationV1::Check>

Optional. The checks to apply. The ultimate result of evaluating the check set will be "allow" if and only if every check in 'checks' evaluates to "allow". If checks is empty, the default behavior is "always allow". Corresponds to the JSON property checks

Returns:

• (Array<Google::Apis::BinaryauthorizationV1::Check>)

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 449

def checks
  @checks
end

#display_name ⇒ String

Optional. A user-provided name for this CheckSet. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results. Corresponds to the JSON property displayName

Returns:

• (String)

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 456

def display_name
  @display_name
end

#image_allowlist ⇒ Google::Apis::BinaryauthorizationV1::ImageAllowlist

Images that are exempted from normal checks based on name pattern only. Corresponds to the JSON property imageAllowlist

Returns:

• (Google::Apis::BinaryauthorizationV1::ImageAllowlist)

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 461

def image_allowlist
  @image_allowlist
end

#scope ⇒ Google::Apis::BinaryauthorizationV1::Scope

A scope specifier for CheckSets. Corresponds to the JSON property scope

Returns:

• (Google::Apis::BinaryauthorizationV1::Scope)

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 466

def scope
  @scope
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 473

def update!(**args)
  @checks = args[:checks] if args.key?(:checks)
  @display_name = args[:display_name] if args.key?(:display_name)
  @image_allowlist = args[:image_allowlist] if args.key?(:image_allowlist)
  @scope = args[:scope] if args.key?(:scope)
end