Class Policy.Builder (1.3.0)

publicstaticfinalclass Policy.BuilderextendsGeneratedMessageV3.Builder<Policy.Builder>implementsPolicyOrBuilder

A policy for Binary Authorization.

Protobuf type google.cloud.binaryauthorization.v1beta1.Policy

Inheritance

Object > AbstractMessageLite.Builder<MessageType,BuilderType> > AbstractMessage.Builder<BuilderType> > GeneratedMessageV3.Builder > Policy.Builder

Implements

PolicyOrBuilder

Inherited Members

publicstaticfinalDescriptors.DescriptorgetDescriptor()

publicPolicy.BuilderaddAdmissionWhitelistPatterns(AdmissionWhitelistPatternvalue)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderaddAdmissionWhitelistPatterns(AdmissionWhitelistPattern.BuilderbuilderForValue)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderaddAdmissionWhitelistPatterns(intindex,AdmissionWhitelistPatternvalue)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderaddAdmissionWhitelistPatterns(intindex,AdmissionWhitelistPattern.BuilderbuilderForValue)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionWhitelistPattern.BuilderaddAdmissionWhitelistPatternsBuilder()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionWhitelistPattern.BuilderaddAdmissionWhitelistPatternsBuilder(intindex)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderaddAllAdmissionWhitelistPatterns(Iterable<?extendsAdmissionWhitelistPattern>values)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderaddRepeatedField(Descriptors.FieldDescriptorfield,Objectvalue)

GeneratedMessageV3.Builder<BuilderType>.addRepeatedField(Descriptors.FieldDescriptor field, Object value)

publicPolicybuild()

publicPolicybuildPartial()

publicPolicy.Builderclear()

GeneratedMessageV3.Builder<BuilderType>.clear()

publicPolicy.BuilderclearAdmissionWhitelistPatterns()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderclearClusterAdmissionRules()

publicPolicy.BuilderclearDefaultAdmissionRule()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

publicPolicy.BuilderclearDescription()

Optional. A descriptive comment.

string description = 6 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderclearField(Descriptors.FieldDescriptorfield)

GeneratedMessageV3.Builder<BuilderType>.clearField(Descriptors.FieldDescriptor field)

publicPolicy.BuilderclearGlobalPolicyEvaluationMode()

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderclearIstioServiceIdentityAdmissionRules()

publicPolicy.BuilderclearKubernetesNamespaceAdmissionRules()

publicPolicy.BuilderclearKubernetesServiceAccountAdmissionRules()

publicPolicy.BuilderclearName()

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

publicPolicy.BuilderclearOneof(Descriptors.OneofDescriptoroneof)

GeneratedMessageV3.Builder<BuilderType>.clearOneof(Descriptors.OneofDescriptor oneof)

publicPolicy.BuilderclearUpdateTime()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

publicPolicy.Builderclone()

GeneratedMessageV3.Builder<BuilderType>.clone()

publicbooleancontainsClusterAdmissionRules(Stringkey)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

publicbooleancontainsIstioServiceIdentityAdmissionRules(Stringkey)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

publicbooleancontainsKubernetesNamespaceAdmissionRules(Stringkey)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

publicbooleancontainsKubernetesServiceAccountAdmissionRules(Stringkey)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionWhitelistPatterngetAdmissionWhitelistPatterns(intindex)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionWhitelistPattern.BuildergetAdmissionWhitelistPatternsBuilder(intindex)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicList<AdmissionWhitelistPattern.Builder>getAdmissionWhitelistPatternsBuilderList()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicintgetAdmissionWhitelistPatternsCount()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicList<AdmissionWhitelistPattern>getAdmissionWhitelistPatternsList()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionWhitelistPatternOrBuildergetAdmissionWhitelistPatternsOrBuilder(intindex)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicList<?extendsAdmissionWhitelistPatternOrBuilder>getAdmissionWhitelistPatternsOrBuilderList()

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicMap<String,AdmissionRule>getClusterAdmissionRules()

Use #getClusterAdmissionRulesMap() instead.

publicintgetClusterAdmissionRulesCount()

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

publicMap<String,AdmissionRule>getClusterAdmissionRulesMap()

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionRulegetClusterAdmissionRulesOrDefault(Stringkey,AdmissionRuledefaultValue)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionRulegetClusterAdmissionRulesOrThrow(Stringkey)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionRulegetDefaultAdmissionRule()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

publicAdmissionRule.BuildergetDefaultAdmissionRuleBuilder()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

publicAdmissionRuleOrBuildergetDefaultAdmissionRuleOrBuilder()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

publicPolicygetDefaultInstanceForType()

publicStringgetDescription()

Optional. A descriptive comment.

string description = 6 [(.google.api.field_behavior) = OPTIONAL];

publicByteStringgetDescriptionBytes()

Optional. A descriptive comment.

string description = 6 [(.google.api.field_behavior) = OPTIONAL];

publicDescriptors.DescriptorgetDescriptorForType()

GeneratedMessageV3.Builder<BuilderType>.getDescriptorForType()

publicPolicy.GlobalPolicyEvaluationModegetGlobalPolicyEvaluationMode()

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];

publicintgetGlobalPolicyEvaluationModeValue()

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];

publicMap<String,AdmissionRule>getIstioServiceIdentityAdmissionRules()

Use #getIstioServiceIdentityAdmissionRulesMap() instead.

publicintgetIstioServiceIdentityAdmissionRulesCount()

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

publicMap<String,AdmissionRule>getIstioServiceIdentityAdmissionRulesMap()

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionRulegetIstioServiceIdentityAdmissionRulesOrDefault(Stringkey,AdmissionRuledefaultValue)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionRulegetIstioServiceIdentityAdmissionRulesOrThrow(Stringkey)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

publicMap<String,AdmissionRule>getKubernetesNamespaceAdmissionRules()

Use #getKubernetesNamespaceAdmissionRulesMap() instead.

publicintgetKubernetesNamespaceAdmissionRulesCount()

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

publicMap<String,AdmissionRule>getKubernetesNamespaceAdmissionRulesMap()

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionRulegetKubernetesNamespaceAdmissionRulesOrDefault(Stringkey,AdmissionRuledefaultValue)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionRulegetKubernetesNamespaceAdmissionRulesOrThrow(Stringkey)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

publicMap<String,AdmissionRule>getKubernetesServiceAccountAdmissionRules()

Use #getKubernetesServiceAccountAdmissionRulesMap() instead.

publicintgetKubernetesServiceAccountAdmissionRulesCount()

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

publicMap<String,AdmissionRule>getKubernetesServiceAccountAdmissionRulesMap()

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionRulegetKubernetesServiceAccountAdmissionRulesOrDefault(Stringkey,AdmissionRuledefaultValue)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

publicAdmissionRulegetKubernetesServiceAccountAdmissionRulesOrThrow(Stringkey)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

publicMap<String,AdmissionRule>getMutableClusterAdmissionRules()

Use alternate mutation accessors instead.

publicMap<String,AdmissionRule>getMutableIstioServiceIdentityAdmissionRules()

Use alternate mutation accessors instead.

publicMap<String,AdmissionRule>getMutableKubernetesNamespaceAdmissionRules()

Use alternate mutation accessors instead.

publicMap<String,AdmissionRule>getMutableKubernetesServiceAccountAdmissionRules()

Use alternate mutation accessors instead.

publicStringgetName()

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

publicByteStringgetNameBytes()

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

publicTimestampgetUpdateTime()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

publicTimestamp.BuildergetUpdateTimeBuilder()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

publicTimestampOrBuildergetUpdateTimeOrBuilder()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

publicbooleanhasDefaultAdmissionRule()

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

publicbooleanhasUpdateTime()

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

protectedGeneratedMessageV3.FieldAccessorTableinternalGetFieldAccessorTable()

GeneratedMessageV3.Builder<BuilderType>.internalGetFieldAccessorTable()

protectedMapFieldinternalGetMapField(intnumber)

GeneratedMessageV3.Builder<BuilderType>.internalGetMapField(int fieldNumber)

protectedMapFieldinternalGetMutableMapField(intnumber)

GeneratedMessageV3.Builder<BuilderType>.internalGetMutableMapField(int fieldNumber)

publicfinalbooleanisInitialized()

GeneratedMessageV3.Builder<BuilderType>.isInitialized()

publicPolicy.BuildermergeDefaultAdmissionRule(AdmissionRulevalue)

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

publicPolicy.BuildermergeFrom(Policyother)

publicPolicy.BuildermergeFrom(CodedInputStreaminput,ExtensionRegistryLiteextensionRegistry)

AbstractMessage.Builder<BuilderType>.mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)

publicPolicy.BuildermergeFrom(Messageother)

AbstractMessage.Builder<BuilderType>.mergeFrom(Message other)

publicfinalPolicy.BuildermergeUnknownFields(UnknownFieldSetunknownFields)

GeneratedMessageV3.Builder<BuilderType>.mergeUnknownFields(UnknownFieldSet unknownFields)

publicPolicy.BuildermergeUpdateTime(Timestampvalue)

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

publicPolicy.BuilderputAllClusterAdmissionRules(Map<String,AdmissionRule>values)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderputAllIstioServiceIdentityAdmissionRules(Map<String,AdmissionRule>values)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderputAllKubernetesNamespaceAdmissionRules(Map<String,AdmissionRule>values)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderputAllKubernetesServiceAccountAdmissionRules(Map<String,AdmissionRule>values)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderputClusterAdmissionRules(Stringkey,AdmissionRulevalue)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderputIstioServiceIdentityAdmissionRules(Stringkey,AdmissionRulevalue)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderputKubernetesNamespaceAdmissionRules(Stringkey,AdmissionRulevalue)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderputKubernetesServiceAccountAdmissionRules(Stringkey,AdmissionRulevalue)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderremoveAdmissionWhitelistPatterns(intindex)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderremoveClusterAdmissionRules(Stringkey)

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderremoveIstioServiceIdentityAdmissionRules(Stringkey)

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderremoveKubernetesNamespaceAdmissionRules(Stringkey)

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. some-namespace

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuilderremoveKubernetesServiceAccountAdmissionRules(Stringkey)

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

map<string, .google.cloud.binaryauthorization.v1beta1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuildersetAdmissionWhitelistPatterns(intindex,AdmissionWhitelistPatternvalue)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuildersetAdmissionWhitelistPatterns(intindex,AdmissionWhitelistPattern.BuilderbuilderForValue)

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

repeated .google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuildersetDefaultAdmissionRule(AdmissionRulevalue)

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

publicPolicy.BuildersetDefaultAdmissionRule(AdmissionRule.BuilderbuilderForValue)

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

.google.cloud.binaryauthorization.v1beta1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];

publicPolicy.BuildersetDescription(Stringvalue)

Optional. A descriptive comment.

string description = 6 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuildersetDescriptionBytes(ByteStringvalue)

Optional. A descriptive comment.

string description = 6 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuildersetField(Descriptors.FieldDescriptorfield,Objectvalue)

GeneratedMessageV3.Builder<BuilderType>.setField(Descriptors.FieldDescriptor field, Object value)

publicPolicy.BuildersetGlobalPolicyEvaluationMode(Policy.GlobalPolicyEvaluationModevalue)

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuildersetGlobalPolicyEvaluationModeValue(intvalue)

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

.google.cloud.binaryauthorization.v1beta1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];

publicPolicy.BuildersetName(Stringvalue)

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

publicPolicy.BuildersetNameBytes(ByteStringvalue)

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];

publicPolicy.BuildersetRepeatedField(Descriptors.FieldDescriptorfield,intindex,Objectvalue)

GeneratedMessageV3.Builder<BuilderType>.setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)

publicfinalPolicy.BuildersetUnknownFields(UnknownFieldSetunknownFields)

GeneratedMessageV3.Builder<BuilderType>.setUnknownFields(UnknownFieldSet unknownFields)

publicPolicy.BuildersetUpdateTime(Timestampvalue)

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];

publicPolicy.BuildersetUpdateTime(Timestamp.BuilderbuilderForValue)

Output only. Time when the policy was last updated.

.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];