Class: Google::Apis::BinaryauthorizationV1::Check

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb

Overview

A single check to perform against a Pod. Checks are grouped into CheckSet objects, which are defined by the top-level policy.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ Check

Returns a new instance of Check.



421
422
423
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 421

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#always_denyBoolean Also known as: always_deny?

Optional. A special-case check that always denies. Note that this still only applies when the scope of the CheckSet applies and the image isn't exempted by an image allowlist. This check is primarily useful for testing, or to set the default behavior for all unmatched scopes to "deny". Corresponds to the JSON property alwaysDeny

Returns:

  • (Boolean) 


376
377
378
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 376

def always_deny
  @always_deny
end

#display_nameString

Optional. A user-provided name for this check. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results. Corresponds to the JSON property displayName

Returns:

  • (String) 


384
385
386
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 384

def display_name
  @display_name
end

#image_allowlistGoogle::Apis::BinaryauthorizationV1::ImageAllowlist

Images that are exempted from normal checks based on name pattern only. Corresponds to the JSON property imageAllowlist

Returns:



389
390
391
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 389

def image_allowlist
  @image_allowlist
end

#image_freshness_checkGoogle::Apis::BinaryauthorizationV1::ImageFreshnessCheck

An image freshness check, which rejects images that were uploaded before the set number of days ago to the supported repositories. Corresponds to the JSON property imageFreshnessCheck

Returns:



395
396
397
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 395

def image_freshness_check
  @image_freshness_check
end

#simple_signing_attestation_checkGoogle::Apis::BinaryauthorizationV1::SimpleSigningAttestationCheck

Require a signed DSSE attestation with type SimpleSigning. Corresponds to the JSON property simpleSigningAttestationCheck

Returns:



401
402
403
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 401

def simple_signing_attestation_check
  @simple_signing_attestation_check
end

#slsa_checkGoogle::Apis::BinaryauthorizationV1::SlsaCheck

A SLSA provenance attestation check, which ensures that images are built by a trusted builder using source code from its trusted repositories only. Corresponds to the JSON property slsaCheck

Returns:



407
408
409
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 407

def slsa_check
  @slsa_check
end

#trusted_directory_checkGoogle::Apis::BinaryauthorizationV1::TrustedDirectoryCheck

A trusted directory check, which rejects images that do not come from the set of user-configured trusted directories. Corresponds to the JSON property trustedDirectoryCheck

Returns:



413
414
415
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 413

def trusted_directory_check
  @trusted_directory_check
end

#vulnerability_checkGoogle::Apis::BinaryauthorizationV1::VulnerabilityCheck

An image vulnerability check, which rejects images that violate the configured vulnerability rules. Corresponds to the JSON property vulnerabilityCheck

Returns:



419
420
421
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 419

def vulnerability_check
  @vulnerability_check
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



426
427
428
429
430
431
432
433
434
435
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 426

def update!(**args)
  @always_deny = args[:always_deny] if args.key?(:always_deny)
  @display_name = args[:display_name] if args.key?(:display_name)
  @image_allowlist = args[:image_allowlist] if args.key?(:image_allowlist)
  @image_freshness_check = args[:image_freshness_check] if args.key?(:image_freshness_check)
  @simple_signing_attestation_check = args[:simple_signing_attestation_check] if args.key?(:simple_signing_attestation_check)
  @slsa_check = args[:slsa_check] if args.key?(:slsa_check)
  @trusted_directory_check = args[:trusted_directory_check] if args.key?(:trusted_directory_check)
  @vulnerability_check = args[:vulnerability_check] if args.key?(:vulnerability_check)
end