Class: Google::Apis::BinaryauthorizationV1::CheckSet

Inherits:

Object

• Object
• Google::Apis::BinaryauthorizationV1::CheckSet

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb

Overview

A conjunction of policy checks, scoped to a particular namespace or Kubernetes service account. In order for evaluation of a CheckSet to return "allowed" for a given image in a given Pod, one of the following conditions must be satisfied: * The image is explicitly exempted by an entry in image_allowlist, OR * ALL of the checks evaluate to "allowed".

Instance Attribute Summary

• #checks ⇒ Array<Google::Apis::BinaryauthorizationV1::Check>

  Optional.

• #display_name ⇒ String

  Optional.

• #image_allowlist ⇒ Google::Apis::BinaryauthorizationV1::ImageAllowlist

  Images that are exempted from normal checks based on name pattern only.

• #scope ⇒ Google::Apis::BinaryauthorizationV1::Scope

  A scope specifier for CheckSet objects.

Instance Method Summary

• #initialize(**args) ⇒ CheckSet constructor

  A new instance of CheckSet.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ CheckSet

Returns a new instance of CheckSet.

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 591

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#checks ⇒ Array<Google::Apis::BinaryauthorizationV1::Check>

Optional. The checks to apply. The ultimate result of evaluating the check set will be "allow" if and only if every check in checks evaluates to "allow". If checks is empty, the default behavior is "always allow". Corresponds to the JSON property checks

Returns:

• (Array<Google::Apis::BinaryauthorizationV1::Check>)

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 572

def checks
  @checks
end

#display_name ⇒ String

Optional. A user-provided name for this CheckSet. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results. Corresponds to the JSON property displayName

Returns:

• (String)

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 579

def display_name
  @display_name
end

#image_allowlist ⇒ Google::Apis::BinaryauthorizationV1::ImageAllowlist

Images that are exempted from normal checks based on name pattern only. Corresponds to the JSON property imageAllowlist

Returns:

• (Google::Apis::BinaryauthorizationV1::ImageAllowlist)

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 584

def image_allowlist
  @image_allowlist
end

#scope ⇒ Google::Apis::BinaryauthorizationV1::Scope

A scope specifier for CheckSet objects. Corresponds to the JSON property scope

Returns:

• (Google::Apis::BinaryauthorizationV1::Scope)

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 589

def scope
  @scope
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 596

def update!(**args)
  @checks = args[:checks] if args.key?(:checks)
  @display_name = args[:display_name] if args.key?(:display_name)
  @image_allowlist = args[:image_allowlist] if args.key?(:image_allowlist)
  @scope = args[:scope] if args.key?(:scope)
end