Class: Google::Apis::BinaryauthorizationV1::Check

Inherits:
Object
  • Object
show all
Includes:
Core::Hashable, Core::JsonObjectSupport
Defined in:
lib/google/apis/binaryauthorization_v1/classes.rb,
lib/google/apis/binaryauthorization_v1/representations.rb,
lib/google/apis/binaryauthorization_v1/representations.rb

Overview

A single check to perform against a Pod. Checks are grouped into CheckSet objects, which are defined by the top-level policy.

Instance Attribute Summary collapse

Instance Method Summary collapse

Constructor Details

#initialize(**args) ⇒ Check

Returns a new instance of Check.



468
469
470
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 468

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#always_denyBoolean Also known as: always_deny?

Optional. A special-case check that always denies. Note that this still only applies when the scope of the CheckSet applies and the image isn't exempted by an image allowlist. This check is primarily useful for testing, or to set the default behavior for all unmatched scopes to "deny". Corresponds to the JSON property alwaysDeny

Returns:

  • (Boolean) 


417
418
419
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 417

def always_deny
  @always_deny
end

#display_nameString

Optional. A user-provided name for this check. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results. Corresponds to the JSON property displayName

Returns:

  • (String) 


425
426
427
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 425

def display_name
  @display_name
end

#image_allowlistGoogle::Apis::BinaryauthorizationV1::ImageAllowlist

Images that are exempted from normal checks based on name pattern only. Corresponds to the JSON property imageAllowlist

Returns:



430
431
432
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 430

def image_allowlist
  @image_allowlist
end

#image_freshness_checkGoogle::Apis::BinaryauthorizationV1::ImageFreshnessCheck

An image freshness check, which rejects images that were uploaded before the set number of days ago to the supported repositories. Corresponds to the JSON property imageFreshnessCheck

Returns:



436
437
438
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 436

def image_freshness_check
  @image_freshness_check
end

#sigstore_signature_checkGoogle::Apis::BinaryauthorizationV1::SigstoreSignatureCheck

A Sigstore signature check, which verifies the Sigstore signature associated with an image. Corresponds to the JSON property sigstoreSignatureCheck

Returns:



442
443
444
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 442

def sigstore_signature_check
  @sigstore_signature_check
end

#simple_signing_attestation_checkGoogle::Apis::BinaryauthorizationV1::SimpleSigningAttestationCheck

Require a signed DSSE attestation with type SimpleSigning. Corresponds to the JSON property simpleSigningAttestationCheck

Returns:



448
449
450
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 448

def simple_signing_attestation_check
  @simple_signing_attestation_check
end

#slsa_checkGoogle::Apis::BinaryauthorizationV1::SlsaCheck

A SLSA provenance attestation check, which ensures that images are built by a trusted builder using source code from its trusted repositories only. Corresponds to the JSON property slsaCheck

Returns:



454
455
456
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 454

def slsa_check
  @slsa_check
end

#trusted_directory_checkGoogle::Apis::BinaryauthorizationV1::TrustedDirectoryCheck

A trusted directory check, which rejects images that do not come from the set of user-configured trusted directories. Corresponds to the JSON property trustedDirectoryCheck

Returns:



460
461
462
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 460

def trusted_directory_check
  @trusted_directory_check
end

#vulnerability_checkGoogle::Apis::BinaryauthorizationV1::VulnerabilityCheck

An image vulnerability check, which rejects images that violate the configured vulnerability rules. Corresponds to the JSON property vulnerabilityCheck

Returns:



466
467
468
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 466

def vulnerability_check
  @vulnerability_check
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object



473
474
475
476
477
478
479
480
481
482
483
 
# File 'lib/google/apis/binaryauthorization_v1/classes.rb', line 473

def update!(**args)
  @always_deny = args[:always_deny] if args.key?(:always_deny)
  @display_name = args[:display_name] if args.key?(:display_name)
  @image_allowlist = args[:image_allowlist] if args.key?(:image_allowlist)
  @image_freshness_check = args[:image_freshness_check] if args.key?(:image_freshness_check)
  @sigstore_signature_check = args[:sigstore_signature_check] if args.key?(:sigstore_signature_check)
  @simple_signing_attestation_check = args[:simple_signing_attestation_check] if args.key?(:simple_signing_attestation_check)
  @slsa_check = args[:slsa_check] if args.key?(:slsa_check)
  @trusted_directory_check = args[:trusted_directory_check] if args.key?(:trusted_directory_check)
  @vulnerability_check = args[:vulnerability_check] if args.key?(:vulnerability_check)
end