Class: Google::Apis::BinaryauthorizationV1::Check

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb

Overview

A single check to perform against a Pod. Checks are grouped into CheckSet objects, which are defined by the top-level policy.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ Check

Returns a new instance of Check.



473
474
475
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 473

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#always_denyBoolean Also known as: always_deny?

Optional. A special-case check that always denies. Note that this still only applies when the scope of the CheckSet applies and the image isn't exempted by an image allowlist. This check is primarily useful for testing, or to set the default behavior for all unmatched scopes to "deny". Corresponds to the JSON property alwaysDeny

Returns:

  • (Boolean) 


422
423
424
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 422

def always_deny
  @always_deny
end

#display_nameString

Optional. A user-provided name for this check. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results. Corresponds to the JSON property displayName

Returns:

  • (String) 


430
431
432
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 430

def display_name
  @display_name
end

#image_allowlistGoogle::Apis::BinaryauthorizationV1::ImageAllowlist

Images that are exempted from normal checks based on name pattern only. Corresponds to the JSON property imageAllowlist

Returns:



435
436
437
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 435

def image_allowlist
  @image_allowlist
end

#image_freshness_checkGoogle::Apis::BinaryauthorizationV1::ImageFreshnessCheck

An image freshness check, which rejects images that were uploaded before the set number of days ago to the supported repositories. Corresponds to the JSON property imageFreshnessCheck

Returns:



441
442
443
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 441

def image_freshness_check
  @image_freshness_check
end

#sigstore_signature_checkGoogle::Apis::BinaryauthorizationV1::SigstoreSignatureCheck

A Sigstore signature check, which verifies the Sigstore signature associated with an image. Corresponds to the JSON property sigstoreSignatureCheck

Returns:



447
448
449
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 447

def sigstore_signature_check
  @sigstore_signature_check
end

#simple_signing_attestation_checkGoogle::Apis::BinaryauthorizationV1::SimpleSigningAttestationCheck

Require a signed DSSE attestation with type SimpleSigning. Corresponds to the JSON property simpleSigningAttestationCheck

Returns:



453
454
455
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 453

def simple_signing_attestation_check
  @simple_signing_attestation_check
end

#slsa_checkGoogle::Apis::BinaryauthorizationV1::SlsaCheck

A SLSA provenance attestation check, which ensures that images are built by a trusted builder using source code from its trusted repositories only. Corresponds to the JSON property slsaCheck

Returns:



459
460
461
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 459

def slsa_check
  @slsa_check
end

#trusted_directory_checkGoogle::Apis::BinaryauthorizationV1::TrustedDirectoryCheck

A trusted directory check, which rejects images that do not come from the set of user-configured trusted directories. Corresponds to the JSON property trustedDirectoryCheck

Returns:



465
466
467
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 465

def trusted_directory_check
  @trusted_directory_check
end

#vulnerability_checkGoogle::Apis::BinaryauthorizationV1::VulnerabilityCheck

An image vulnerability check, which rejects images that violate the configured vulnerability rules. Corresponds to the JSON property vulnerabilityCheck

Returns:



471
472
473
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 471

def vulnerability_check
  @vulnerability_check
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



478
479
480
481
482
483
484
485
486
487
488
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 478

def update!(**args)
  @always_deny = args[:always_deny] if args.key?(:always_deny)
  @display_name = args[:display_name] if args.key?(:display_name)
  @image_allowlist = args[:image_allowlist] if args.key?(:image_allowlist)
  @image_freshness_check = args[:image_freshness_check] if args.key?(:image_freshness_check)
  @sigstore_signature_check = args[:sigstore_signature_check] if args.key?(:sigstore_signature_check)
  @simple_signing_attestation_check = args[:simple_signing_attestation_check] if args.key?(:simple_signing_attestation_check)
  @slsa_check = args[:slsa_check] if args.key?(:slsa_check)
  @trusted_directory_check = args[:trusted_directory_check] if args.key?(:trusted_directory_check)
  @vulnerability_check = args[:vulnerability_check] if args.key?(:vulnerability_check)
end