Class Resources.Policy.Builder (1.3.0)
Stay organized with collections
Save and categorize content based on your preferences.
- 1.79.0 (latest)
- 1.77.0
- 1.75.0
- 1.74.0
- 1.73.0
- 1.72.0
- 1.71.0
- 1.69.0
- 1.67.0
- 1.66.0
- 1.63.0
- 1.62.0
- 1.61.0
- 1.59.0
- 1.58.0
- 1.57.0
- 1.56.0
- 1.55.0
- 1.54.0
- 1.53.0
- 1.52.0
- 1.51.0
- 1.50.0
- 1.48.0
- 1.47.0
- 1.46.0
- 1.45.0
- 1.44.0
- 1.43.0
- 1.42.0
- 1.41.0
- 1.40.0
- 1.39.0
- 1.38.0
- 1.36.0
- 1.35.0
- 1.34.0
- 1.33.0
- 1.32.0
- 1.31.0
- 1.30.0
- 1.29.0
- 1.28.0
- 1.27.0
- 1.26.0
- 1.23.0
- 1.22.0
- 1.21.0
- 1.20.0
- 1.19.0
- 1.18.0
- 1.17.0
- 1.16.0
- 1.15.0
- 1.14.0
- 1.13.0
- 1.12.0
- 1.11.0
- 1.10.0
- 1.9.0
- 1.8.0
- 1.7.0
- 1.6.0
- 1.5.0
- 1.4.0
- 1.3.0
- 1.0.6
publicstaticfinalclass Resources.Policy.BuilderextendsGeneratedMessageV3.Builder<Resources.Policy.Builder>implementsResources.PolicyOrBuilderA policy for container image binary authorization.
Protobuf type google.cloud.binaryauthorization.v1.Policy
Inheritance
Object > AbstractMessageLite.Builder<MessageType,BuilderType> > AbstractMessage.Builder<BuilderType> > GeneratedMessageV3.Builder > Resources.Policy.BuilderImplements
Resources.PolicyOrBuilderInherited Members
Static Methods
getDescriptor()
publicstaticfinalDescriptors.DescriptorgetDescriptor()Methods
addAdmissionWhitelistPatterns(Resources.AdmissionWhitelistPattern value)
publicResources.Policy.BuilderaddAdmissionWhitelistPatterns(Resources.AdmissionWhitelistPatternvalue)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
addAdmissionWhitelistPatterns(Resources.AdmissionWhitelistPattern.Builder builderForValue)
publicResources.Policy.BuilderaddAdmissionWhitelistPatterns(Resources.AdmissionWhitelistPattern.BuilderbuilderForValue)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
addAdmissionWhitelistPatterns(int index, Resources.AdmissionWhitelistPattern value)
publicResources.Policy.BuilderaddAdmissionWhitelistPatterns(intindex,Resources.AdmissionWhitelistPatternvalue)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
addAdmissionWhitelistPatterns(int index, Resources.AdmissionWhitelistPattern.Builder builderForValue)
publicResources.Policy.BuilderaddAdmissionWhitelistPatterns(intindex,Resources.AdmissionWhitelistPattern.BuilderbuilderForValue)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
addAdmissionWhitelistPatternsBuilder()
publicResources.AdmissionWhitelistPattern.BuilderaddAdmissionWhitelistPatternsBuilder()Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
addAdmissionWhitelistPatternsBuilder(int index)
publicResources.AdmissionWhitelistPattern.BuilderaddAdmissionWhitelistPatternsBuilder(intindex)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
addAllAdmissionWhitelistPatterns(Iterable<? extends Resources.AdmissionWhitelistPattern> values)
publicResources.Policy.BuilderaddAllAdmissionWhitelistPatterns(Iterable<?extendsResources.AdmissionWhitelistPattern>values)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
Iterable<? extends com.google.protos.google.cloud.binaryauthorization.v1.Resources.AdmissionWhitelistPattern>addRepeatedField(Descriptors.FieldDescriptor field, Object value)
publicResources.Policy.BuilderaddRepeatedField(Descriptors.FieldDescriptorfield,Objectvalue)build()
publicResources.Policybuild()buildPartial()
publicResources.PolicybuildPartial()clear()
publicResources.Policy.Builderclear()clearAdmissionWhitelistPatterns()
publicResources.Policy.BuilderclearAdmissionWhitelistPatterns()Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
clearClusterAdmissionRules()
publicResources.Policy.BuilderclearClusterAdmissionRules()clearDefaultAdmissionRule()
publicResources.Policy.BuilderclearDefaultAdmissionRule()Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
clearDescription()
publicResources.Policy.BuilderclearDescription()Optional. A descriptive comment.
string description = 6 [(.google.api.field_behavior) = OPTIONAL];
This builder for chaining.
clearField(Descriptors.FieldDescriptor field)
publicResources.Policy.BuilderclearField(Descriptors.FieldDescriptorfield)clearGlobalPolicyEvaluationMode()
publicResources.Policy.BuilderclearGlobalPolicyEvaluationMode()Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
.google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
This builder for chaining.
clearIstioServiceIdentityAdmissionRules()
publicResources.Policy.BuilderclearIstioServiceIdentityAdmissionRules()clearKubernetesNamespaceAdmissionRules()
publicResources.Policy.BuilderclearKubernetesNamespaceAdmissionRules()clearKubernetesServiceAccountAdmissionRules()
publicResources.Policy.BuilderclearKubernetesServiceAccountAdmissionRules()clearName()
publicResources.Policy.BuilderclearName() Output only. The resource name, in the format projects/*/policy. There is
at most one policy per project.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
This builder for chaining.
clearOneof(Descriptors.OneofDescriptor oneof)
publicResources.Policy.BuilderclearOneof(Descriptors.OneofDescriptoroneof)clearUpdateTime()
publicResources.Policy.BuilderclearUpdateTime()Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
clone()
publicResources.Policy.Builderclone()containsClusterAdmissionRules(String key)
publicbooleancontainsClusterAdmissionRules(Stringkey) Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
containsIstioServiceIdentityAdmissionRules(String key)
publicbooleancontainsIstioServiceIdentityAdmissionRules(Stringkey)Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
containsKubernetesNamespaceAdmissionRules(String key)
publicbooleancontainsKubernetesNamespaceAdmissionRules(Stringkey)Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
containsKubernetesServiceAccountAdmissionRules(String key)
publicbooleancontainsKubernetesServiceAccountAdmissionRules(Stringkey) Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
getAdmissionWhitelistPatterns(int index)
publicResources.AdmissionWhitelistPatterngetAdmissionWhitelistPatterns(intindex)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
getAdmissionWhitelistPatternsBuilder(int index)
publicResources.AdmissionWhitelistPattern.BuildergetAdmissionWhitelistPatternsBuilder(intindex)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
getAdmissionWhitelistPatternsBuilderList()
publicList<Resources.AdmissionWhitelistPattern.Builder>getAdmissionWhitelistPatternsBuilderList()Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
getAdmissionWhitelistPatternsCount()
publicintgetAdmissionWhitelistPatternsCount()Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
getAdmissionWhitelistPatternsList()
publicList<Resources.AdmissionWhitelistPattern>getAdmissionWhitelistPatternsList()Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
getAdmissionWhitelistPatternsOrBuilder(int index)
publicResources.AdmissionWhitelistPatternOrBuildergetAdmissionWhitelistPatternsOrBuilder(intindex)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
getAdmissionWhitelistPatternsOrBuilderList()
publicList<?extendsResources.AdmissionWhitelistPatternOrBuilder>getAdmissionWhitelistPatternsOrBuilderList()Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
getClusterAdmissionRules()
publicMap<String,Resources.AdmissionRule>getClusterAdmissionRules()Use #getClusterAdmissionRulesMap() instead.
getClusterAdmissionRulesCount()
publicintgetClusterAdmissionRulesCount() Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
getClusterAdmissionRulesMap()
publicMap<String,Resources.AdmissionRule>getClusterAdmissionRulesMap() Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
getClusterAdmissionRulesOrDefault(String key, Resources.AdmissionRule defaultValue)
publicResources.AdmissionRulegetClusterAdmissionRulesOrDefault(Stringkey,Resources.AdmissionRuledefaultValue) Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
getClusterAdmissionRulesOrThrow(String key)
publicResources.AdmissionRulegetClusterAdmissionRulesOrThrow(Stringkey) Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
getDefaultAdmissionRule()
publicResources.AdmissionRulegetDefaultAdmissionRule()Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
The defaultAdmissionRule.
getDefaultAdmissionRuleBuilder()
publicResources.AdmissionRule.BuildergetDefaultAdmissionRuleBuilder()Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
getDefaultAdmissionRuleOrBuilder()
publicResources.AdmissionRuleOrBuildergetDefaultAdmissionRuleOrBuilder()Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
getDefaultInstanceForType()
publicResources.PolicygetDefaultInstanceForType()getDescription()
publicStringgetDescription()Optional. A descriptive comment.
string description = 6 [(.google.api.field_behavior) = OPTIONAL];
The description.
getDescriptionBytes()
publicByteStringgetDescriptionBytes()Optional. A descriptive comment.
string description = 6 [(.google.api.field_behavior) = OPTIONAL];
The bytes for description.
getDescriptorForType()
publicDescriptors.DescriptorgetDescriptorForType()getGlobalPolicyEvaluationMode()
publicResources.Policy.GlobalPolicyEvaluationModegetGlobalPolicyEvaluationMode()Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
.google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
The globalPolicyEvaluationMode.
getGlobalPolicyEvaluationModeValue()
publicintgetGlobalPolicyEvaluationModeValue()Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
.google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
The enum numeric value on the wire for globalPolicyEvaluationMode.
getIstioServiceIdentityAdmissionRules()
publicMap<String,Resources.AdmissionRule>getIstioServiceIdentityAdmissionRules()Use #getIstioServiceIdentityAdmissionRulesMap() instead.
getIstioServiceIdentityAdmissionRulesCount()
publicintgetIstioServiceIdentityAdmissionRulesCount()Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
getIstioServiceIdentityAdmissionRulesMap()
publicMap<String,Resources.AdmissionRule>getIstioServiceIdentityAdmissionRulesMap()Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
getIstioServiceIdentityAdmissionRulesOrDefault(String key, Resources.AdmissionRule defaultValue)
publicResources.AdmissionRulegetIstioServiceIdentityAdmissionRulesOrDefault(Stringkey,Resources.AdmissionRuledefaultValue)Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
getIstioServiceIdentityAdmissionRulesOrThrow(String key)
publicResources.AdmissionRulegetIstioServiceIdentityAdmissionRulesOrThrow(Stringkey)Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
getKubernetesNamespaceAdmissionRules()
publicMap<String,Resources.AdmissionRule>getKubernetesNamespaceAdmissionRules()Use #getKubernetesNamespaceAdmissionRulesMap() instead.
getKubernetesNamespaceAdmissionRulesCount()
publicintgetKubernetesNamespaceAdmissionRulesCount()Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
getKubernetesNamespaceAdmissionRulesMap()
publicMap<String,Resources.AdmissionRule>getKubernetesNamespaceAdmissionRulesMap()Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
getKubernetesNamespaceAdmissionRulesOrDefault(String key, Resources.AdmissionRule defaultValue)
publicResources.AdmissionRulegetKubernetesNamespaceAdmissionRulesOrDefault(Stringkey,Resources.AdmissionRuledefaultValue)Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
getKubernetesNamespaceAdmissionRulesOrThrow(String key)
publicResources.AdmissionRulegetKubernetesNamespaceAdmissionRulesOrThrow(Stringkey)Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
getKubernetesServiceAccountAdmissionRules()
publicMap<String,Resources.AdmissionRule>getKubernetesServiceAccountAdmissionRules()Use #getKubernetesServiceAccountAdmissionRulesMap() instead.
getKubernetesServiceAccountAdmissionRulesCount()
publicintgetKubernetesServiceAccountAdmissionRulesCount() Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
getKubernetesServiceAccountAdmissionRulesMap()
publicMap<String,Resources.AdmissionRule>getKubernetesServiceAccountAdmissionRulesMap() Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
getKubernetesServiceAccountAdmissionRulesOrDefault(String key, Resources.AdmissionRule defaultValue)
publicResources.AdmissionRulegetKubernetesServiceAccountAdmissionRulesOrDefault(Stringkey,Resources.AdmissionRuledefaultValue) Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
getKubernetesServiceAccountAdmissionRulesOrThrow(String key)
publicResources.AdmissionRulegetKubernetesServiceAccountAdmissionRulesOrThrow(Stringkey) Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
getMutableClusterAdmissionRules()
publicMap<String,Resources.AdmissionRule>getMutableClusterAdmissionRules()Use alternate mutation accessors instead.
getMutableIstioServiceIdentityAdmissionRules()
publicMap<String,Resources.AdmissionRule>getMutableIstioServiceIdentityAdmissionRules()Use alternate mutation accessors instead.
getMutableKubernetesNamespaceAdmissionRules()
publicMap<String,Resources.AdmissionRule>getMutableKubernetesNamespaceAdmissionRules()Use alternate mutation accessors instead.
getMutableKubernetesServiceAccountAdmissionRules()
publicMap<String,Resources.AdmissionRule>getMutableKubernetesServiceAccountAdmissionRules()Use alternate mutation accessors instead.
getName()
publicStringgetName() Output only. The resource name, in the format projects/*/policy. There is
at most one policy per project.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
The name.
getNameBytes()
publicByteStringgetNameBytes() Output only. The resource name, in the format projects/*/policy. There is
at most one policy per project.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
The bytes for name.
getUpdateTime()
publicTimestampgetUpdateTime()Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
The updateTime.
getUpdateTimeBuilder()
publicTimestamp.BuildergetUpdateTimeBuilder()Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
getUpdateTimeOrBuilder()
publicTimestampOrBuildergetUpdateTimeOrBuilder()Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
hasDefaultAdmissionRule()
publicbooleanhasDefaultAdmissionRule()Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
Whether the defaultAdmissionRule field is set.
hasUpdateTime()
publicbooleanhasUpdateTime()Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
Whether the updateTime field is set.
internalGetFieldAccessorTable()
protectedGeneratedMessageV3.FieldAccessorTableinternalGetFieldAccessorTable()internalGetMapField(int number)
protectedMapFieldinternalGetMapField(intnumber)internalGetMutableMapField(int number)
protectedMapFieldinternalGetMutableMapField(intnumber)isInitialized()
publicfinalbooleanisInitialized()mergeDefaultAdmissionRule(Resources.AdmissionRule value)
publicResources.Policy.BuildermergeDefaultAdmissionRule(Resources.AdmissionRulevalue)Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
mergeFrom(CodedInputStream input, ExtensionRegistryLite extensionRegistry)
publicResources.Policy.BuildermergeFrom(CodedInputStreaminput,ExtensionRegistryLiteextensionRegistry)mergeFrom(Message other)
publicResources.Policy.BuildermergeFrom(Messageother)mergeFrom(Resources.Policy other)
publicResources.Policy.BuildermergeFrom(Resources.Policyother)mergeUnknownFields(UnknownFieldSet unknownFields)
publicfinalResources.Policy.BuildermergeUnknownFields(UnknownFieldSetunknownFields)mergeUpdateTime(Timestamp value)
publicResources.Policy.BuildermergeUpdateTime(Timestampvalue)Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
putAllClusterAdmissionRules(Map<String,Resources.AdmissionRule> values)
publicResources.Policy.BuilderputAllClusterAdmissionRules(Map<String,Resources.AdmissionRule>values) Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
putAllIstioServiceIdentityAdmissionRules(Map<String,Resources.AdmissionRule> values)
publicResources.Policy.BuilderputAllIstioServiceIdentityAdmissionRules(Map<String,Resources.AdmissionRule>values)Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
putAllKubernetesNamespaceAdmissionRules(Map<String,Resources.AdmissionRule> values)
publicResources.Policy.BuilderputAllKubernetesNamespaceAdmissionRules(Map<String,Resources.AdmissionRule>values)Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
putAllKubernetesServiceAccountAdmissionRules(Map<String,Resources.AdmissionRule> values)
publicResources.Policy.BuilderputAllKubernetesServiceAccountAdmissionRules(Map<String,Resources.AdmissionRule>values) Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
putClusterAdmissionRules(String key, Resources.AdmissionRule value)
publicResources.Policy.BuilderputClusterAdmissionRules(Stringkey,Resources.AdmissionRulevalue) Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
putIstioServiceIdentityAdmissionRules(String key, Resources.AdmissionRule value)
publicResources.Policy.BuilderputIstioServiceIdentityAdmissionRules(Stringkey,Resources.AdmissionRulevalue)Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
putKubernetesNamespaceAdmissionRules(String key, Resources.AdmissionRule value)
publicResources.Policy.BuilderputKubernetesNamespaceAdmissionRules(Stringkey,Resources.AdmissionRulevalue)Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
putKubernetesServiceAccountAdmissionRules(String key, Resources.AdmissionRule value)
publicResources.Policy.BuilderputKubernetesServiceAccountAdmissionRules(Stringkey,Resources.AdmissionRulevalue) Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
removeAdmissionWhitelistPatterns(int index)
publicResources.Policy.BuilderremoveAdmissionWhitelistPatterns(intindex)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
removeClusterAdmissionRules(String key)
publicResources.Policy.BuilderremoveClusterAdmissionRules(Stringkey) Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId. There can be at most one admission rule per cluster
spec.
A location is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> cluster_admission_rules = 3 [(.google.api.field_behavior) = OPTIONAL];
removeIstioServiceIdentityAdmissionRules(String key)
publicResources.Policy.BuilderremoveIstioServiceIdentityAdmissionRules(Stringkey)Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> istio_service_identity_admission_rules = 9 [(.google.api.field_behavior) = OPTIONAL];
removeKubernetesNamespaceAdmissionRules(String key)
publicResources.Policy.BuilderremoveKubernetesNamespaceAdmissionRules(Stringkey)Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_namespace_admission_rules = 10 [(.google.api.field_behavior) = OPTIONAL];
removeKubernetesServiceAccountAdmissionRules(String key)
publicResources.Policy.BuilderremoveKubernetesServiceAccountAdmissionRules(Stringkey) Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount. e.g. 'test-ns:default'
map<string, .google.cloud.binaryauthorization.v1.AdmissionRule> kubernetes_service_account_admission_rules = 8 [(.google.api.field_behavior) = OPTIONAL];
setAdmissionWhitelistPatterns(int index, Resources.AdmissionWhitelistPattern value)
publicResources.Policy.BuildersetAdmissionWhitelistPatterns(intindex,Resources.AdmissionWhitelistPatternvalue)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
setAdmissionWhitelistPatterns(int index, Resources.AdmissionWhitelistPattern.Builder builderForValue)
publicResources.Policy.BuildersetAdmissionWhitelistPatterns(intindex,Resources.AdmissionWhitelistPattern.BuilderbuilderForValue)Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
repeated .google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern admission_whitelist_patterns = 2 [(.google.api.field_behavior) = OPTIONAL];
setDefaultAdmissionRule(Resources.AdmissionRule value)
publicResources.Policy.BuildersetDefaultAdmissionRule(Resources.AdmissionRulevalue)Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
setDefaultAdmissionRule(Resources.AdmissionRule.Builder builderForValue)
publicResources.Policy.BuildersetDefaultAdmissionRule(Resources.AdmissionRule.BuilderbuilderForValue)Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
.google.cloud.binaryauthorization.v1.AdmissionRule default_admission_rule = 4 [(.google.api.field_behavior) = REQUIRED];
setDescription(String value)
publicResources.Policy.BuildersetDescription(Stringvalue)Optional. A descriptive comment.
string description = 6 [(.google.api.field_behavior) = OPTIONAL];
This builder for chaining.
setDescriptionBytes(ByteString value)
publicResources.Policy.BuildersetDescriptionBytes(ByteStringvalue)Optional. A descriptive comment.
string description = 6 [(.google.api.field_behavior) = OPTIONAL];
This builder for chaining.
setField(Descriptors.FieldDescriptor field, Object value)
publicResources.Policy.BuildersetField(Descriptors.FieldDescriptorfield,Objectvalue)setGlobalPolicyEvaluationMode(Resources.Policy.GlobalPolicyEvaluationMode value)
publicResources.Policy.BuildersetGlobalPolicyEvaluationMode(Resources.Policy.GlobalPolicyEvaluationModevalue)Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
.google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
This builder for chaining.
setGlobalPolicyEvaluationModeValue(int value)
publicResources.Policy.BuildersetGlobalPolicyEvaluationModeValue(intvalue)Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
.google.cloud.binaryauthorization.v1.Policy.GlobalPolicyEvaluationMode global_policy_evaluation_mode = 7 [(.google.api.field_behavior) = OPTIONAL];
This builder for chaining.
setName(String value)
publicResources.Policy.BuildersetName(Stringvalue) Output only. The resource name, in the format projects/*/policy. There is
at most one policy per project.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
This builder for chaining.
setNameBytes(ByteString value)
publicResources.Policy.BuildersetNameBytes(ByteStringvalue) Output only. The resource name, in the format projects/*/policy. There is
at most one policy per project.
string name = 1 [(.google.api.field_behavior) = OUTPUT_ONLY];
This builder for chaining.
setRepeatedField(Descriptors.FieldDescriptor field, int index, Object value)
publicResources.Policy.BuildersetRepeatedField(Descriptors.FieldDescriptorfield,intindex,Objectvalue)setUnknownFields(UnknownFieldSet unknownFields)
publicfinalResources.Policy.BuildersetUnknownFields(UnknownFieldSetunknownFields)setUpdateTime(Timestamp value)
publicResources.Policy.BuildersetUpdateTime(Timestampvalue)Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];
setUpdateTime(Timestamp.Builder builderForValue)
publicResources.Policy.BuildersetUpdateTime(Timestamp.BuilderbuilderForValue)Output only. Time when the policy was last updated.
.google.protobuf.Timestamp update_time = 5 [(.google.api.field_behavior) = OUTPUT_ONLY];