Google Cloud Management Service for Binary Authorization admissionpolicies and attestation authorities.

This API implements a REST model with the following objects:

• Policy
• Attestor

Google Cloud Management Service for Binary Authorization admissionpolicies and attestation authorities.

This API implements a REST model with the following objects:

• Policy
• Attestor

A pager for iterating throughlist_attestors requests.

This class thinly wraps an initialListAttestorsResponse object, andprovides an__aiter__ method to iterate through itsattestors field.

If there are more pages, the__aiter__ method will make additionalListAttestors requests and continue to iteratethrough theattestors field on thecorresponding responses.

All the usualListAttestorsResponseattributes are available on the pager. If multiple requests are made, onlythe most recent response is retained, and thus used for attribute lookup.

A pager for iterating throughlist_attestors requests.

This class thinly wraps an initialListAttestorsResponse object, andprovides an__iter__ method to iterate through itsattestors field.

If there are more pages, the__iter__ method will make additionalListAttestors requests and continue to iteratethrough theattestors field on thecorresponding responses.

All the usualListAttestorsResponseattributes are available on the pager. If multiple requests are made, onlythe most recent response is retained, and thus used for attribute lookup.

API for working with the system policy.

API for working with the system policy.

BinAuthz Attestor verification

BinAuthz Attestor verification

An [admissionrule][google.cloud.binaryauthorization.v1.AdmissionRule] specifieseither that all container images used in a pod creation request mustbe attested to by one or moreattestors, that allpod creations will be allowed, or that all pod creations will bedenied.

Images matching an [admission allowlistpattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern]are exempted from admission rules and will never block a podcreation.

Defines the possible actions when a pod creation is denied byan admission rule.

An [admission allowlistpattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern]exempts images from checks by [admissionrules][google.cloud.binaryauthorization.v1.AdmissionRule].

Anattestor thatattests to container image artifacts. An existing attestor cannot bemodified except where indicated.

.. _oneof:https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

An [attestor publickey][google.cloud.binaryauthorization.v1.AttestorPublicKey] thatwill be used to verify attestations signed by this attestor.

This message hasoneof_ fields (mutually exclusive fields).For each oneof, at most one member field can be set at the same time.Setting any member of the oneof automatically clears all othermembers.

.. _oneof:https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Request message for [BinauthzManagementService.CreateAttestor][].

Request message for [BinauthzManagementService.DeleteAttestor][].

Request message for [BinauthzManagementService.GetAttestor][].

Request message for [BinauthzManagementService.GetPolicy][].

Request to read the current system policy.

Request message for [BinauthzManagementService.ListAttestors][].

Response message for [BinauthzManagementService.ListAttestors][].

A public key in the PkixPublicKey format (seehttps://tools.ietf.org/html/rfc5280#section-4.1.2.7 fordetails). Public keys of this type are typically textuallyencoded using the PEM format.

Represents a signature algorithm and other informationnecessary to verify signatures with a given public key. This isbased primarily on the public key types supported by Tink'sPemKeyType, which is in turn based on KMS's supported signingalgorithms. Seehttps://cloud.google.com/kms/docs/algorithms. Inthe future, BinAuthz might support additional public key typesindependently of Tink and/or KMS.

Apolicy for containerimage binary authorization.

The abstract base class for a message.

The abstract base class for a message.

The abstract base class for a message.

The abstract base class for a message.

Request message for [BinauthzManagementService.UpdateAttestor][].

Request message for [BinauthzManagementService.UpdatePolicy][].

An [user owned Grafeasnote][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote]references a Grafeas Attestation.Authority Note created by the user.

Request message forValidationHelperV1.ValidateAttestationOccurrence.

Response message forValidationHelperV1.ValidateAttestationOccurrence.

The enum returned in the "result" field.

Google Cloud Management Service for Binary Authorization admissionpolicies and attestation authorities.

This API implements a REST model with the following objects:

• Policy
• Attestor

Google Cloud Management Service for Binary Authorization admissionpolicies and attestation authorities.

This API implements a REST model with the following objects:

• Policy
• Attestor

A pager for iterating throughlist_attestors requests.

This class thinly wraps an initialListAttestorsResponse object, andprovides an__aiter__ method to iterate through itsattestors field.

If there are more pages, the__aiter__ method will make additionalListAttestors requests and continue to iteratethrough theattestors field on thecorresponding responses.

All the usualListAttestorsResponseattributes are available on the pager. If multiple requests are made, onlythe most recent response is retained, and thus used for attribute lookup.

A pager for iterating throughlist_attestors requests.

This class thinly wraps an initialListAttestorsResponse object, andprovides an__iter__ method to iterate through itsattestors field.

If there are more pages, the__iter__ method will make additionalListAttestors requests and continue to iteratethrough theattestors field on thecorresponding responses.

All the usualListAttestorsResponseattributes are available on the pager. If multiple requests are made, onlythe most recent response is retained, and thus used for attribute lookup.

API for working with the system policy.

API for working with the system policy.

An [admissionrule][google.cloud.binaryauthorization.v1beta1.AdmissionRule]specifies either that all container images used in a pod creationrequest must be attested to by one or moreattestors, thatall pod creations will be allowed, or that all pod creations will bedenied.

Images matching an [admission allowlistpattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern]are exempted from admission rules and will never block a podcreation.

Defines the possible actions when a pod creation is denied byan admission rule.

An [admission allowlistpattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern]exempts images from checks by [admissionrules][google.cloud.binaryauthorization.v1beta1.AdmissionRule].

Anattestorthat attests to container image artifacts. An existing attestorcannot be modified except where indicated.

.. _oneof:https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

An [attestor publickey][google.cloud.binaryauthorization.v1beta1.AttestorPublicKey]that will be used to verify attestations signed by this attestor.

This message hasoneof_ fields (mutually exclusive fields).For each oneof, at most one member field can be set at the same time.Setting any member of the oneof automatically clears all othermembers.

.. _oneof:https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Represents an auditing event from Continuous Validation.

This message hasoneof_ fields (mutually exclusive fields).For each oneof, at most one member field can be set at the same time.Setting any member of the oneof automatically clears all othermembers.

.. _oneof:https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

An event describing a user-actionable configuration issuethat prevents CV from auditing.

An auditing event for one Pod.

Container image with auditing details.

Result of the audit.

A scope specifier for check sets.

This message hasoneof_ fields (mutually exclusive fields).For each oneof, at most one member field can be set at the same time.Setting any member of the oneof automatically clears all othermembers.

.. _oneof:https://proto-plus-python.readthedocs.io/en/stable/fields.html#oneofs-mutually-exclusive-fields

Result of evaluating one check.

The container type.

Audit time policy conformance verdict.

Request message for [BinauthzManagementService.CreateAttestor][].

Request message for [BinauthzManagementService.DeleteAttestor][].

Request message for [BinauthzManagementService.GetAttestor][].

Request message for [BinauthzManagementService.GetPolicy][].

Request to read the current system policy.

Request message for [BinauthzManagementService.ListAttestors][].

Response message for [BinauthzManagementService.ListAttestors][].

A public key in the PkixPublicKey format (seehttps://tools.ietf.org/html/rfc5280#section-4.1.2.7 fordetails). Public keys of this type are typically textuallyencoded using the PEM format.

Represents a signature algorithm and other informationnecessary to verify signatures with a given public key. This isbased primarily on the public key types supported by Tink'sPemKeyType, which is in turn based on KMS's supported signingalgorithms. Seehttps://cloud.google.com/kms/docs/algorithms. Inthe future, BinAuthz might support additional public key typesindependently of Tink and/or KMS.

Apolicy forBinary Authorization.

The abstract base class for a message.

The abstract base class for a message.

The abstract base class for a message.

The abstract base class for a message.

Request message for [BinauthzManagementService.UpdateAttestor][].

Request message for [BinauthzManagementService.UpdatePolicy][].

An [user owned drydocknote][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote]references a Drydock ATTESTATION_AUTHORITY Note created by the user.

API documentation forbinaryauthorization_v1.services.binauthz_management_service_v1.pagers module.

API documentation forbinaryauthorization_v1beta1.services.binauthz_management_service_v1_beta1.pagers module.