binaryauthorization/v1 library
Binary Authorization API - v1
The management interface for Binary Authorization, a service that provides policy-based deployment validation and control for images deployed to Google Kubernetes Engine (GKE), Anthos Service Mesh, Anthos Clusters, and Cloud Run.
For more information, see cloud.google.com/binary-authorization/
Create an instance of BinaryAuthorizationApi to access these resources:
Classes
- AdmissionRule
- An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied.
- AdmissionWhitelistPattern
- An admission allowlist pattern exempts images from checks by admission rules.
- AllowlistResult
- Result of evaluating an image name allowlist.
- AttestationAuthenticator
- An attestation authenticator that will be used to verify attestations.
- AttestationOccurrence
- Occurrence that represents a single "attestation".
- AttestationSource
- Specifies the locations for fetching the provenance attestations.
- Attestor
- An attestor that attests to container image artifacts.
- AttestorPublicKey
- An attestor public key that will be used to verify attestations signed by this attestor.
- BinaryAuthorizationApi
- The management interface for Binary Authorization, a service that provides policy-based deployment validation and control for images deployed to Google Kubernetes Engine (GKE), Anthos Service Mesh, Anthos Clusters, and Cloud Run.
- Binding
-
Associates
members, or principals, with arole. - Check
- A single check to perform against a Pod.
- CheckResult
- Result of evaluating one check.
- CheckResults
- Result of evaluating one or more checks.
- CheckSet
- A conjunction of policy checks, scoped to a particular namespace or Kubernetes service account.
- CheckSetResult
- Result of evaluating one check set.
- EvaluateGkePolicyRequest
- Request message for PlatformPolicyEvaluationService.EvaluateGkePolicy.
- EvaluateGkePolicyResponse
- Response message for PlatformPolicyEvaluationService.EvaluateGkePolicy.
- EvaluationResult
- Result of evaluating one check.
- GkePolicy
- A Binary Authorization policy for a GKE cluster.
- IamPolicy
- An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources.
- ImageAllowlist
- Images that are exempted from normal checks based on name pattern only.
- ImageFreshnessCheck
- An image freshness check, which rejects images that were uploaded before the set number of days ago to the supported repositories.
- ImageResult
- Result of evaluating one image.
- ListAttestorsResponse
- Response message for BinauthzManagementServiceV1.ListAttestors.
- ListPlatformPoliciesResponse
- Response message for PlatformPolicyManagementService.ListPlatformPolicies.
- PkixPublicKey
- A public key in the PkixPublicKey format.
- PkixPublicKeySet
- A bundle of PKIX public keys, used to authenticate attestation signatures.
- PlatformPolicy
- A Binary Authorization platform policy for deployments on various platforms.
- PodResult
- Result of evaluating the whole GKE policy for one Pod.
- Policy
- A policy for container image binary authorization.
- ProjectsAttestorsResource
- ProjectsPlatformsGkePoliciesResource
- ProjectsPlatformsGkeResource
- ProjectsPlatformsPoliciesResource
- ProjectsPlatformsResource
- ProjectsPolicyResource
- ProjectsResource
- Scope
-
A scope specifier for
CheckSetobjects. - SetIamPolicyRequest
-
Request message for
SetIamPolicymethod. - SigstoreAuthority
- A Sigstore authority, used to verify signatures that are created by Sigstore.
- SigstorePublicKey
- A Sigstore public key.
- SigstorePublicKeySet
- A bundle of Sigstore public keys, used to verify Sigstore signatures.
- SigstoreSignatureCheck
- A Sigstore signature check, which verifies the Sigstore signature associated with an image.
- SimpleSigningAttestationCheck
- Require a signed DSSE attestation with type SimpleSigning.
- SlsaCheck
- A SLSA provenance attestation check, which ensures that images are built by a trusted builder using source code from its trusted repositories only.
- SystempolicyResource
- TrustedDirectoryCheck
- A trusted directory check, which rejects images that do not come from the set of user-configured trusted directories.
- UserOwnedGrafeasNote
- An user owned Grafeas note references a Grafeas Attestation.Authority Note created by the user.
- ValidateAttestationOccurrenceRequest
- Request message for ValidationHelperV1.ValidateAttestationOccurrence.
- ValidateAttestationOccurrenceResponse
- Response message for ValidationHelperV1.ValidateAttestationOccurrence.
- VerificationRule
- Specifies verification rules for evaluating the SLSA attestations including: which builders to trust, where to fetch the SLSA attestations generated by those builders, and other builder-specific evaluation rules such as which source repositories are trusted.
- VulnerabilityCheck
- An image vulnerability check, which rejects images that violate the configured vulnerability rules.
Typedefs
- Empty = $Empty
- A generic empty message that you can re-use to avoid defining duplicated empty messages in your APIs.
- Expr = $Expr
- Represents a textual expression in the Common Expression Language (CEL) syntax.
- Jwt = $Jwt
- Signature = $Signature
- Verifiers (e.g. Kritis implementations) MUST verify signatures with respect to the trust anchors defined in policy (e.g. a Kritis policy).
- TestIamPermissionsRequest = $TestIamPermissionsRequest00
-
Request message for
TestIamPermissionsmethod. - TestIamPermissionsResponse = $PermissionsResponse
-
Response message for
TestIamPermissionsmethod.
Exceptions / Errors
- ApiRequestError
- Represents a general error reported by the API endpoint.
- DetailedApiRequestError
- Represents a specific error reported by the API endpoint.