Class: Google::Apis::BinaryauthorizationV1::VerificationRule
- Inherits:
-
Object
- Object
- Google::Apis::BinaryauthorizationV1::VerificationRule
- Includes:
- Core::Hashable, Core::JsonObjectSupport
- Defined in:
- lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb
Overview
Specifies verification rules for evaluating the SLSA attestations including: which builders to trust, where to fetch the SLSA attestations generated by those builders, and other builder-specific evaluation rules such as which source repositories are trusted. An image is considered verified by the rule if any of the fetched SLSA attestations is verified.
Instance Attribute Summary collapse
-
#attestation_source ⇒ Google::Apis::BinaryauthorizationV1::AttestationSource
Specifies the locations for fetching the provenance attestations.
-
#config_based_build_required ⇒ Boolean
(also: #config_based_build_required?)
If true, require the image to be built from a top-level configuration.
-
#trusted_builder ⇒ String
Each verification rule is used for evaluation against provenances generated by a specific builder (group).
-
#trusted_source_repo_patterns ⇒ Array<String>
List of trusted source code repository URL patterns.
Instance Method Summary collapse
-
#initialize(**args) ⇒ VerificationRule
constructor
A new instance of VerificationRule.
-
#update!(**args) ⇒ Object
Update properties of this object.
Constructor Details
#initialize(**args) ⇒ VerificationRule
Returns a new instance of VerificationRule.
1555 1556 1557 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1555 def initialize(**args) update!(**args) end |
Instance Attribute Details
#attestation_source ⇒ Google::Apis::BinaryauthorizationV1::AttestationSource
Specifies the locations for fetching the provenance attestations.
Corresponds to the JSON property attestationSource
1518 1519 1520 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1518 def attestation_source @attestation_source end |
#config_based_build_required ⇒ Boolean Also known as: config_based_build_required?
If true, require the image to be built from a top-level configuration.
trusted_source_repo_patterns specifies the repositories containing this
configuration.
Corresponds to the JSON property configBasedBuildRequired
1525 1526 1527 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1525 def config_based_build_required @config_based_build_required end |
#trusted_builder ⇒ String
Each verification rule is used for evaluation against provenances generated by
a specific builder (group). For some of the builders, such as the Google Cloud
Build, users don't need to explicitly specify their roots of trust in the
policy since the evaluation service can automatically fetch them based on the
builder (group).
Corresponds to the JSON property trustedBuilder
1535 1536 1537 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1535 def trusted_builder @trusted_builder end |
#trusted_source_repo_patterns ⇒ Array<String>
List of trusted source code repository URL patterns. These patterns match the
full repository URL without its scheme (e.g. https://). The patterns must
not include schemes. For example, the pattern source.cloud.google.com/my-
project/my-repo-name matches the following URLs: - source.cloud.google.com/
my-project/my-repo-name - git+ssh://source.cloud.google.com/my-project/my-
repo-name - https://source.cloud.google.com/my-project/my-repo-name A
pattern matches a URL either exactly or with * wildcards. * can be used in
only two ways: 1. trailing * after hosturi/ to match varying endings; 2.
trailing ** after hosturi/ to match / as well. * and ** can only be
used as wildcards and can only occur at the end of the pattern after a /. (
So it's not possible to match a URL that contains literal *.) For example: -
github.com/my-project/my-repo is valid to match a single repo - github.com/
my-project/* will match all direct repos in my-project - github.com/**
matches all repos in GitHub
Corresponds to the JSON property trustedSourceRepoPatterns
1553 1554 1555 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1553 def trusted_source_repo_patterns @trusted_source_repo_patterns end |
Instance Method Details
#update!(**args) ⇒ Object
Update properties of this object
1560 1561 1562 1563 1564 1565 |
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 1560 def update!(**args) @attestation_source = args[:attestation_source] if args.key?(:attestation_source) @config_based_build_required = args[:config_based_build_required] if args.key?(:config_based_build_required) @trusted_builder = args[:trusted_builder] if args.key?(:trusted_builder) @trusted_source_repo_patterns = args[:trusted_source_repo_patterns] if args.key?(:trusted_source_repo_patterns) end |