Class: Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent

Inherits:

Object

• Object
• Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent

Extended by:

Protobuf::MessageExts::ClassMethods

Includes:

Protobuf::MessageExts

Defined in:

proto_docs/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.rb

Overview

Represents an auditing event from Continuous Validation.

Defined Under Namespace

Classes: ConfigErrorEvent, ContinuousValidationPodEvent

Instance Attribute Summary

• #config_error_event ⇒ ::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ConfigErrorEvent

  Config error event.

• #pod_event ⇒ ::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent

  Pod event.

Instance Attribute Details

#config_error_event ⇒ ::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ConfigErrorEvent

Returns Config error event.

Returns:

• (::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ConfigErrorEvent) —

  Config error event.

# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.rb', line 31

class ContinuousValidationEvent
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # An auditing event for one Pod.
  # @!attribute [rw] pod_namespace
  #   @return [::String]
  #     The k8s namespace of the Pod.
  # @!attribute [rw] pod
  #   @return [::String]
  #     The name of the Pod.
  # @!attribute [rw] policy_name
  #   @return [::String]
  #     The name of the policy.
  # @!attribute [rw] deploy_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Deploy time of the Pod from k8s.
  # @!attribute [rw] end_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Termination time of the Pod from k8s, or nothing if still running.
  # @!attribute [rw] verdict
  #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::PolicyConformanceVerdict]
  #     Auditing verdict for this Pod.
  # @!attribute [rw] images
  #   @return [::Array<::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails>]
  #     List of images with auditing details.
  class ContinuousValidationPodEvent
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Container image with auditing details.
    # @!attribute [rw] image
    #   @return [::String]
    #     The name of the image.
    # @!attribute [rw] container_name
    #   @return [::String]
    #     The name of the container.
    # @!attribute [rw] container_type
    #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::ContainerType]
    #     The container type that this image belongs to.
    # @!attribute [rw] result
    #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::AuditResult]
    #     The result of the audit for this image.
    # @!attribute [rw] description
    #   @return [::String]
    #     Description of the above result.
    # @!attribute [rw] check_results
    #   @return [::Array<::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::CheckResult>]
    #     List of check results.
    class ImageDetails
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # @!attribute [rw] check_set_index
      #   @return [::String]
      #     The index of the check set.
      # @!attribute [rw] check_set_name
      #   @return [::String]
      #     The name of the check set.
      # @!attribute [rw] check_set_scope
      #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::CheckResult::CheckSetScope]
      #     The scope of the check set.
      # @!attribute [rw] check_index
      #   @return [::String]
      #     The index of the check.
      # @!attribute [rw] check_name
      #   @return [::String]
      #     The name of the check.
      # @!attribute [rw] check_type
      #   @return [::String]
      #     The type of the check.
      # @!attribute [rw] verdict
      #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::CheckResult::CheckVerdict]
      #     The verdict of this check.
      # @!attribute [rw] explanation
      #   @return [::String]
      #     User-friendly explanation of this check result.
      class CheckResult
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods

        # A scope specifier for check sets.
        # @!attribute [rw] kubernetes_service_account
        #   @return [::String]
        #     Matches a single Kubernetes service account, e.g.
        #     'my-namespace:my-service-account'.
        #     `kubernetes_service_account` scope is always more specific than
        #     `kubernetes_namespace` scope for the same namespace.
        # @!attribute [rw] kubernetes_namespace
        #   @return [::String]
        #     Matches all Kubernetes service accounts in the provided
        #     namespace, unless a more specific `kubernetes_service_account`
        #     scope already matched.
        class CheckSetScope
          include ::Google::Protobuf::MessageExts
          extend ::Google::Protobuf::MessageExts::ClassMethods
        end

        # Result of evaluating one check.
        module CheckVerdict
          # We should always have a verdict. This is an error.
          CHECK_VERDICT_UNSPECIFIED = 0

          # The check was successfully evaluated and the image did not satisfy
          # the check.
          NON_CONFORMANT = 1
        end
      end

      # The container type.
      module ContainerType
        # The container type should always be specified. This is an error.
        CONTAINER_TYPE_UNSPECIFIED = 0

        # A regular deployment.
        CONTAINER = 1

        # Init container defined as specified at
        # https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
        INIT_CONTAINER = 2

        # Ephemeral container defined as specified at
        # https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/
        EPHEMERAL_CONTAINER = 3
      end

      # Result of the audit.
      module AuditResult
        # Unspecified result. This is an error.
        AUDIT_RESULT_UNSPECIFIED = 0

        # Image is allowed.
        ALLOW = 1

        # Image is denied.
        DENY = 2
      end
    end

    # Audit time policy conformance verdict.
    module PolicyConformanceVerdict
      # We should always have a verdict. This is an error.
      POLICY_CONFORMANCE_VERDICT_UNSPECIFIED = 0

      # The pod violates the policy.
      VIOLATES_POLICY = 1
    end
  end

  # An event describing a user-actionable configuration issue that prevents CV
  # from auditing.
  # @!attribute [rw] description
  #   @return [::String]
  #     A description of the issue.
  class ConfigErrorEvent
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end

#pod_event ⇒ ::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent

Returns Pod event.

Returns:

• (::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent) —

  Pod event.

# File 'proto_docs/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.rb', line 31

class ContinuousValidationEvent
  include ::Google::Protobuf::MessageExts
  extend ::Google::Protobuf::MessageExts::ClassMethods

  # An auditing event for one Pod.
  # @!attribute [rw] pod_namespace
  #   @return [::String]
  #     The k8s namespace of the Pod.
  # @!attribute [rw] pod
  #   @return [::String]
  #     The name of the Pod.
  # @!attribute [rw] policy_name
  #   @return [::String]
  #     The name of the policy.
  # @!attribute [rw] deploy_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Deploy time of the Pod from k8s.
  # @!attribute [rw] end_time
  #   @return [::Google::Protobuf::Timestamp]
  #     Termination time of the Pod from k8s, or nothing if still running.
  # @!attribute [rw] verdict
  #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::PolicyConformanceVerdict]
  #     Auditing verdict for this Pod.
  # @!attribute [rw] images
  #   @return [::Array<::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails>]
  #     List of images with auditing details.
  class ContinuousValidationPodEvent
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods

    # Container image with auditing details.
    # @!attribute [rw] image
    #   @return [::String]
    #     The name of the image.
    # @!attribute [rw] container_name
    #   @return [::String]
    #     The name of the container.
    # @!attribute [rw] container_type
    #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::ContainerType]
    #     The container type that this image belongs to.
    # @!attribute [rw] result
    #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::AuditResult]
    #     The result of the audit for this image.
    # @!attribute [rw] description
    #   @return [::String]
    #     Description of the above result.
    # @!attribute [rw] check_results
    #   @return [::Array<::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::CheckResult>]
    #     List of check results.
    class ImageDetails
      include ::Google::Protobuf::MessageExts
      extend ::Google::Protobuf::MessageExts::ClassMethods

      # @!attribute [rw] check_set_index
      #   @return [::String]
      #     The index of the check set.
      # @!attribute [rw] check_set_name
      #   @return [::String]
      #     The name of the check set.
      # @!attribute [rw] check_set_scope
      #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::CheckResult::CheckSetScope]
      #     The scope of the check set.
      # @!attribute [rw] check_index
      #   @return [::String]
      #     The index of the check.
      # @!attribute [rw] check_name
      #   @return [::String]
      #     The name of the check.
      # @!attribute [rw] check_type
      #   @return [::String]
      #     The type of the check.
      # @!attribute [rw] verdict
      #   @return [::Google::Cloud::BinaryAuthorization::V1beta1::ContinuousValidationEvent::ContinuousValidationPodEvent::ImageDetails::CheckResult::CheckVerdict]
      #     The verdict of this check.
      # @!attribute [rw] explanation
      #   @return [::String]
      #     User-friendly explanation of this check result.
      class CheckResult
        include ::Google::Protobuf::MessageExts
        extend ::Google::Protobuf::MessageExts::ClassMethods

        # A scope specifier for check sets.
        # @!attribute [rw] kubernetes_service_account
        #   @return [::String]
        #     Matches a single Kubernetes service account, e.g.
        #     'my-namespace:my-service-account'.
        #     `kubernetes_service_account` scope is always more specific than
        #     `kubernetes_namespace` scope for the same namespace.
        # @!attribute [rw] kubernetes_namespace
        #   @return [::String]
        #     Matches all Kubernetes service accounts in the provided
        #     namespace, unless a more specific `kubernetes_service_account`
        #     scope already matched.
        class CheckSetScope
          include ::Google::Protobuf::MessageExts
          extend ::Google::Protobuf::MessageExts::ClassMethods
        end

        # Result of evaluating one check.
        module CheckVerdict
          # We should always have a verdict. This is an error.
          CHECK_VERDICT_UNSPECIFIED = 0

          # The check was successfully evaluated and the image did not satisfy
          # the check.
          NON_CONFORMANT = 1
        end
      end

      # The container type.
      module ContainerType
        # The container type should always be specified. This is an error.
        CONTAINER_TYPE_UNSPECIFIED = 0

        # A regular deployment.
        CONTAINER = 1

        # Init container defined as specified at
        # https://kubernetes.io/docs/concepts/workloads/pods/init-containers/
        INIT_CONTAINER = 2

        # Ephemeral container defined as specified at
        # https://kubernetes.io/docs/concepts/workloads/pods/ephemeral-containers/
        EPHEMERAL_CONTAINER = 3
      end

      # Result of the audit.
      module AuditResult
        # Unspecified result. This is an error.
        AUDIT_RESULT_UNSPECIFIED = 0

        # Image is allowed.
        ALLOW = 1

        # Image is denied.
        DENY = 2
      end
    end

    # Audit time policy conformance verdict.
    module PolicyConformanceVerdict
      # We should always have a verdict. This is an error.
      POLICY_CONFORMANCE_VERDICT_UNSPECIFIED = 0

      # The pod violates the policy.
      VIOLATES_POLICY = 1
    end
  end

  # An event describing a user-actionable configuration issue that prevents CV
  # from auditing.
  # @!attribute [rw] description
  #   @return [::String]
  #     A description of the issue.
  class ConfigErrorEvent
    include ::Google::Protobuf::MessageExts
    extend ::Google::Protobuf::MessageExts::ClassMethods
  end
end