Class: Google::Apis::BinaryauthorizationV1::VerificationRule

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb

Overview

Specifies verification rules for evaluating the SLSA attestations including: which builders to trust, where to fetch the SLSA attestations generated by those builders, and other builder-specific evaluation rules such as which source repositories are trusted. An image is considered verified by the rule if any of the fetched SLSA attestations is verified.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ VerificationRule

Returns a new instance of VerificationRule.



1555
1556
1557
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1555

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#attestation_sourceGoogle::Apis::BinaryauthorizationV1::AttestationSource

Specifies the locations for fetching the provenance attestations. Corresponds to the JSON property attestationSource



1518
1519
1520
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1518

def attestation_source
  @attestation_source
end

#config_based_build_requiredBoolean Also known as: config_based_build_required?

If true, require the image to be built from a top-level configuration. trusted_source_repo_patterns specifies the repositories containing this configuration. Corresponds to the JSON property configBasedBuildRequired

Returns:

  • (Boolean)


1525
1526
1527
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1525

def config_based_build_required
  @config_based_build_required
end

#trusted_builderString

Each verification rule is used for evaluation against provenances generated by a specific builder (group). For some of the builders, such as the Google Cloud Build, users don't need to explicitly specify their roots of trust in the policy since the evaluation service can automatically fetch them based on the builder (group). Corresponds to the JSON property trustedBuilder

Returns:

  • (String)


1535
1536
1537
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1535

def trusted_builder
  @trusted_builder
end

#trusted_source_repo_patternsArray<String>

List of trusted source code repository URL patterns. These patterns match the full repository URL without its scheme (e.g. https://). The patterns must not include schemes. For example, the pattern source.cloud.google.com/my- project/my-repo-name matches the following URLs: - source.cloud.google.com/ my-project/my-repo-name - git+ssh://source.cloud.google.com/my-project/my- repo-name - https://source.cloud.google.com/my-project/my-repo-name A pattern matches a URL either exactly or with * wildcards. * can be used in only two ways: 1. trailing * after hosturi/ to match varying endings; 2. trailing ** after hosturi/ to match / as well. * and ** can only be used as wildcards and can only occur at the end of the pattern after a /. ( So it's not possible to match a URL that contains literal *.) For example: - github.com/my-project/my-repo is valid to match a single repo - github.com/ my-project/* will match all direct repos in my-project - github.com/** matches all repos in GitHub Corresponds to the JSON property trustedSourceRepoPatterns

Returns:

  • (Array<String>)


1553
1554
1555
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1553

def trusted_source_repo_patterns
  @trusted_source_repo_patterns
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



1560
1561
1562
1563
1564
1565
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1560

def update!(**args)
  @attestation_source = args[:attestation_source] if args.key?(:attestation_source)
  @config_based_build_required = args[:config_based_build_required] if args.key?(:config_based_build_required)
  @trusted_builder = args[:trusted_builder] if args.key?(:trusted_builder)
  @trusted_source_repo_patterns = args[:trusted_source_repo_patterns] if args.key?(:trusted_source_repo_patterns)
end