Class: Google::Apis::BinaryauthorizationV1::Check

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb

Overview

A single check to perform against a Pod. Checks are grouped into CheckSet objects, which are defined by the top-level policy.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ Check

Returns a new instance of Check.



454
455
456
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 454

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#always_denyBoolean Also known as: always_deny?

Optional. A special-case check that always denies. Note that this still only applies when the scope of the CheckSet applies and the image isn't exempted by an image allowlist. This check is primarily useful for testing, or to set the default behavior for all unmatched scopes to "deny". Corresponds to the JSON property alwaysDeny

Returns:

  • (Boolean)


403
404
405
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 403

def always_deny
  @always_deny
end

#display_nameString

Optional. A user-provided name for this check. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results. Corresponds to the JSON property displayName

Returns:

  • (String)


411
412
413
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 411

def display_name
  @display_name
end

#image_allowlistGoogle::Apis::BinaryauthorizationV1::ImageAllowlist

Images that are exempted from normal checks based on name pattern only. Corresponds to the JSON property imageAllowlist



416
417
418
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 416

def image_allowlist
  @image_allowlist
end

#image_freshness_checkGoogle::Apis::BinaryauthorizationV1::ImageFreshnessCheck

An image freshness check, which rejects images that were uploaded before the set number of days ago to the supported repositories. Corresponds to the JSON property imageFreshnessCheck



422
423
424
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 422

def image_freshness_check
  @image_freshness_check
end

#sigstore_signature_checkGoogle::Apis::BinaryauthorizationV1::SigstoreSignatureCheck

A Sigstore signature check, which verifies the Sigstore signature associated with an image. Corresponds to the JSON property sigstoreSignatureCheck



428
429
430
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 428

def sigstore_signature_check
  @sigstore_signature_check
end

#simple_signing_attestation_checkGoogle::Apis::BinaryauthorizationV1::SimpleSigningAttestationCheck

Require a signed DSSE attestation with type SimpleSigning. Corresponds to the JSON property simpleSigningAttestationCheck



434
435
436
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 434

def simple_signing_attestation_check
  @simple_signing_attestation_check
end

#slsa_checkGoogle::Apis::BinaryauthorizationV1::SlsaCheck

A SLSA provenance attestation check, which ensures that images are built by a trusted builder using source code from its trusted repositories only. Corresponds to the JSON property slsaCheck



440
441
442
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 440

def slsa_check
  @slsa_check
end

#trusted_directory_checkGoogle::Apis::BinaryauthorizationV1::TrustedDirectoryCheck

A trusted directory check, which rejects images that do not come from the set of user-configured trusted directories. Corresponds to the JSON property trustedDirectoryCheck



446
447
448
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 446

def trusted_directory_check
  @trusted_directory_check
end

#vulnerability_checkGoogle::Apis::BinaryauthorizationV1::VulnerabilityCheck

An image vulnerability check, which rejects images that violate the configured vulnerability rules. Corresponds to the JSON property vulnerabilityCheck



452
453
454
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 452

def vulnerability_check
  @vulnerability_check
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



459
460
461
462
463
464
465
466
467
468
469
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 459

def update!(**args)
  @always_deny = args[:always_deny] if args.key?(:always_deny)
  @display_name = args[:display_name] if args.key?(:display_name)
  @image_allowlist = args[:image_allowlist] if args.key?(:image_allowlist)
  @image_freshness_check = args[:image_freshness_check] if args.key?(:image_freshness_check)
  @sigstore_signature_check = args[:sigstore_signature_check] if args.key?(:sigstore_signature_check)
  @simple_signing_attestation_check = args[:simple_signing_attestation_check] if args.key?(:simple_signing_attestation_check)
  @slsa_check = args[:slsa_check] if args.key?(:slsa_check)
  @trusted_directory_check = args[:trusted_directory_check] if args.key?(:trusted_directory_check)
  @vulnerability_check = args[:vulnerability_check] if args.key?(:vulnerability_check)
end