Class: Google::Cloud::BinaryAuthorization::V1::Policy

Inherits:

Object

• Object
• Google::Cloud::BinaryAuthorization::V1::Policy

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/binaryauthorization/v1/resources.rb

Overview

A policy for container image binary authorization.

Defined Under Namespace

Modules: GlobalPolicyEvaluationMode Classes: ClusterAdmissionRulesEntry, IstioServiceIdentityAdmissionRulesEntry, KubernetesNamespaceAdmissionRulesEntry, KubernetesServiceAccountAdmissionRulesEntry

Instance Attribute Summary

• #admission_whitelist_patterns ⇒ ::Array<::Google::Cloud::BinaryAuthorization::V1::AdmissionWhitelistPattern>

  Optional.

• #cluster_admission_rules ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}

  Optional.

• #default_admission_rule ⇒ ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule

  Required.

• #description ⇒ ::String

  Optional.

• #global_policy_evaluation_mode ⇒ ::Google::Cloud::BinaryAuthorization::V1::Policy::GlobalPolicyEvaluationMode

  Optional.

• #istio_service_identity_admission_rules ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}

  Optional.

• #kubernetes_namespace_admission_rules ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}

  Optional.

• #kubernetes_service_account_admission_rules ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}

  Optional.

• #name ⇒ ::String readonly

  Output only.

• #update_time ⇒ ::Google::Protobuf::Timestamp readonly

  Output only.

Instance Attribute Details

#admission_whitelist_patterns ⇒ ::Array<::Google::Cloud::BinaryAuthorization::V1::AdmissionWhitelistPattern>

Returns Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

Returns:

• (::Array<::Google::Cloud::BinaryAuthorization::V1::AdmissionWhitelistPattern>) —

  Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 74

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesNamespaceAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesServiceAccountAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class IstioServiceIdentityAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#cluster_admission_rules ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}

Returns Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

Returns:

• (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}) —

  Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 74

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesNamespaceAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesServiceAccountAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class IstioServiceIdentityAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#default_admission_rule ⇒ ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule

Returns Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

Returns:

• (::Google::Cloud::BinaryAuthorization::V1::AdmissionRule) —

  Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 74

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesNamespaceAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesServiceAccountAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class IstioServiceIdentityAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#description ⇒ ::String

Returns Optional. A descriptive comment.

Returns:

• (::String) —

  Optional. A descriptive comment.

# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 74

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesNamespaceAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesServiceAccountAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class IstioServiceIdentityAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#global_policy_evaluation_mode ⇒ ::Google::Cloud::BinaryAuthorization::V1::Policy::GlobalPolicyEvaluationMode

Returns Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

Returns:

• (::Google::Cloud::BinaryAuthorization::V1::Policy::GlobalPolicyEvaluationMode) —

  Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 74

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesNamespaceAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesServiceAccountAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class IstioServiceIdentityAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#istio_service_identity_admission_rules ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}

Returns Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. spiffe://example.com/ns/test-ns/sa/default.

Returns:

• (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}) —

  Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. spiffe://example.com/ns/test-ns/sa/default

# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 74

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesNamespaceAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesServiceAccountAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class IstioServiceIdentityAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#kubernetes_namespace_admission_rules ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}

Returns Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace'.

Returns:

• (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}) —

  Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace'

# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 74

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesNamespaceAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesServiceAccountAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class IstioServiceIdentityAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#kubernetes_service_account_admission_rules ⇒ ::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}

Returns Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. 'test-ns:default'.

Returns:

• (::Google::Protobuf::Map{::String => ::Google::Cloud::BinaryAuthorization::V1::AdmissionRule}) —

  Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. 'test-ns:default'

# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 74

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesNamespaceAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesServiceAccountAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class IstioServiceIdentityAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#name ⇒ ::String (readonly)

Returns Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

Returns:

• (::String) —

  Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 74

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesNamespaceAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesServiceAccountAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class IstioServiceIdentityAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end

#update_time ⇒ ::Google::Protobuf::Timestamp (readonly)

Returns Output only. Time when the policy was last updated.

Returns:

• (::Google::Protobuf::Timestamp) —

  Output only. Time when the policy was last updated.

# File 'proto_docs/google/cloud/binaryauthorization/v1/resources.rb', line 74

class Policy
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class ClusterAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesNamespaceAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class KubernetesServiceAccountAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  # @!attribute [rw] key
  #   @return [::String]
  # @!attribute [rw] value
  #   @return [::Google::Cloud::BinaryAuthorization::V1::AdmissionRule]
  class IstioServiceIdentityAdmissionRulesEntry
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end

  module GlobalPolicyEvaluationMode
    # Not specified: DISABLE is assumed.
    GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0

    # Enables system policy evaluation.
    ENABLE = 1

    # Disables system policy evaluation.
    DISABLE = 2
  end
end