Class: Google::Apis::GkehubV1alpha::PolicyControllerHubConfig

Inherits:

Object

• Object
• Google::Apis::GkehubV1alpha::PolicyControllerHubConfig

Includes:

Core::Hashable, Core::JsonObjectSupport

Defined in:

lib/google/apis/gkehub_v1alpha/classes.rb,
lib/google/apis/gkehub_v1alpha/representations.rb,
lib/google/apis/gkehub_v1alpha/representations.rb

Overview

Configuration for Policy Controller

Instance Attribute Summary

• #audit_interval_seconds ⇒ Fixnum

  Sets the interval for Policy Controller Audit Scans (in seconds).

• #constraint_violation_limit ⇒ Fixnum

  The maximum number of audit violations to be stored in a constraint.

• #deployment_configs ⇒ Hash<String,Google::Apis::GkehubV1alpha::PolicyControllerPolicyControllerDeploymentConfig>

  Map of deployment configs to deployments ("admission", "audit", "mutation').

• #exemptable_namespaces ⇒ Array<String>

  The set of namespaces that are excluded from Policy Controller checks.

• #install_spec ⇒ String

  The install_spec represents the intended state specified by the latest request that mutated install_spec in the feature spec, not the lifecycle state of the feature observed by the Hub feature controller that is reported in the feature state.

• #log_denies_enabled ⇒ Boolean (also: #log_denies_enabled?)

  Logs all denies and dry run failures.

• #monitoring ⇒ Google::Apis::GkehubV1alpha::PolicyControllerMonitoringConfig

  MonitoringConfig specifies the backends Policy Controller should export metrics to.

• #mutation_enabled ⇒ Boolean (also: #mutation_enabled?)

  Enables the ability to mutate resources using Policy Controller.

• #policy_content ⇒ Google::Apis::GkehubV1alpha::PolicyControllerPolicyContentSpec

  PolicyContentSpec defines the user's desired content configuration on the cluster.

• #referential_rules_enabled ⇒ Boolean (also: #referential_rules_enabled?)

  Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated.

• #template_library_config ⇒ Google::Apis::GkehubV1alpha::PolicyControllerTemplateLibraryConfig

  The config specifying which default library templates to install.

Instance Method Summary

• #initialize(**args) ⇒ PolicyControllerHubConfig constructor

  A new instance of PolicyControllerHubConfig.

• #update!(**args) ⇒ Object

  Update properties of this object.

Constructor Details

#initialize(**args) ⇒ PolicyControllerHubConfig

Returns a new instance of PolicyControllerHubConfig.

# File 'lib/google/apis/gkehub_v1alpha/classes.rb', line 3840

def initialize(**args)
   update!(**args)
end

Instance Attribute Details

#audit_interval_seconds ⇒ Fixnum

Sets the interval for Policy Controller Audit Scans (in seconds). When set to 0, this disables audit functionality altogether. Corresponds to the JSON property auditIntervalSeconds

Returns:

• (Fixnum)

# File 'lib/google/apis/gkehub_v1alpha/classes.rb', line 3776

def audit_interval_seconds
  @audit_interval_seconds
end

#constraint_violation_limit ⇒ Fixnum

The maximum number of audit violations to be stored in a constraint. If not set, the internal default (currently 20) will be used. Corresponds to the JSON property constraintViolationLimit

Returns:

• (Fixnum)

# File 'lib/google/apis/gkehub_v1alpha/classes.rb', line 3782

def constraint_violation_limit
  @constraint_violation_limit
end

#deployment_configs ⇒ Hash<String,Google::Apis::GkehubV1alpha::PolicyControllerPolicyControllerDeploymentConfig>

Map of deployment configs to deployments ("admission", "audit", "mutation'). Corresponds to the JSON property deploymentConfigs

Returns:

• (Hash<String,Google::Apis::GkehubV1alpha::PolicyControllerPolicyControllerDeploymentConfig>)

# File 'lib/google/apis/gkehub_v1alpha/classes.rb', line 3787

def deployment_configs
  @deployment_configs
end

#exemptable_namespaces ⇒ Array<String>

The set of namespaces that are excluded from Policy Controller checks. Namespaces do not need to currently exist on the cluster. Corresponds to the JSON property exemptableNamespaces

Returns:

• (Array<String>)

# File 'lib/google/apis/gkehub_v1alpha/classes.rb', line 3793

def exemptable_namespaces
  @exemptable_namespaces
end

#install_spec ⇒ String

The install_spec represents the intended state specified by the latest request that mutated install_spec in the feature spec, not the lifecycle state of the feature observed by the Hub feature controller that is reported in the feature state. Corresponds to the JSON property installSpec

Returns:

• (String)

# File 'lib/google/apis/gkehub_v1alpha/classes.rb', line 3801

def install_spec
  @install_spec
end

#log_denies_enabled ⇒ Boolean Also known as: log_denies_enabled?

Logs all denies and dry run failures. Corresponds to the JSON property logDeniesEnabled

Returns:

• (Boolean)

# File 'lib/google/apis/gkehub_v1alpha/classes.rb', line 3806

def log_denies_enabled
  @log_denies_enabled
end

#monitoring ⇒ Google::Apis::GkehubV1alpha::PolicyControllerMonitoringConfig

MonitoringConfig specifies the backends Policy Controller should export metrics to. For example, to specify metrics should be exported to Cloud Monitoring and Prometheus, specify backends: ["cloudmonitoring", "prometheus"] Corresponds to the JSON property monitoring

Returns:

• (Google::Apis::GkehubV1alpha::PolicyControllerMonitoringConfig)

# File 'lib/google/apis/gkehub_v1alpha/classes.rb', line 3814

def monitoring
  @monitoring
end

#mutation_enabled ⇒ Boolean Also known as: mutation_enabled?

Enables the ability to mutate resources using Policy Controller. Corresponds to the JSON property mutationEnabled

Returns:

• (Boolean)

# File 'lib/google/apis/gkehub_v1alpha/classes.rb', line 3819

def mutation_enabled
  @mutation_enabled
end

#policy_content ⇒ Google::Apis::GkehubV1alpha::PolicyControllerPolicyContentSpec

PolicyContentSpec defines the user's desired content configuration on the cluster. Corresponds to the JSON property policyContent

Returns:

• (Google::Apis::GkehubV1alpha::PolicyControllerPolicyContentSpec)

# File 'lib/google/apis/gkehub_v1alpha/classes.rb', line 3826

def policy_content
  @policy_content
end

#referential_rules_enabled ⇒ Boolean Also known as: referential_rules_enabled?

Enables the ability to use Constraint Templates that reference to objects other than the object currently being evaluated. Corresponds to the JSON property referentialRulesEnabled

Returns:

• (Boolean)

# File 'lib/google/apis/gkehub_v1alpha/classes.rb', line 3832

def referential_rules_enabled
  @referential_rules_enabled
end

#template_library_config ⇒ Google::Apis::GkehubV1alpha::PolicyControllerTemplateLibraryConfig

The config specifying which default library templates to install. Corresponds to the JSON property templateLibraryConfig

Returns:

• (Google::Apis::GkehubV1alpha::PolicyControllerTemplateLibraryConfig)

# File 'lib/google/apis/gkehub_v1alpha/classes.rb', line 3838

def template_library_config
  @template_library_config
end

Instance Method Details

#update!(**args) ⇒ Object

Update properties of this object

# File 'lib/google/apis/gkehub_v1alpha/classes.rb', line 3845

def update!(**args)
  @audit_interval_seconds = args[:audit_interval_seconds] if args.key?(:audit_interval_seconds)
  @constraint_violation_limit = args[:constraint_violation_limit] if args.key?(:constraint_violation_limit)
  @deployment_configs = args[:deployment_configs] if args.key?(:deployment_configs)
  @exemptable_namespaces = args[:exemptable_namespaces] if args.key?(:exemptable_namespaces)
  @install_spec = args[:install_spec] if args.key?(:install_spec)
  @log_denies_enabled = args[:log_denies_enabled] if args.key?(:log_denies_enabled)
  @monitoring = args[:monitoring] if args.key?(:monitoring)
  @mutation_enabled = args[:mutation_enabled] if args.key?(:mutation_enabled)
  @policy_content = args[:policy_content] if args.key?(:policy_content)
  @referential_rules_enabled = args[:referential_rules_enabled] if args.key?(:referential_rules_enabled)
  @template_library_config = args[:template_library_config] if args.key?(:template_library_config)
end