Struct googapis::google::cloud::binaryauthorization::v1beta1::Policy [−][src]
pub struct Policy {
pub name: String,
pub description: String,
pub global_policy_evaluation_mode: i32,
pub admission_whitelist_patterns: Vec<AdmissionWhitelistPattern>,
pub cluster_admission_rules: HashMap<String, AdmissionRule>,
pub kubernetes_namespace_admission_rules: HashMap<String, AdmissionRule>,
pub kubernetes_service_account_admission_rules: HashMap<String, AdmissionRule>,
pub istio_service_identity_admission_rules: HashMap<String, AdmissionRule>,
pub default_admission_rule: Option<AdmissionRule>,
pub update_time: Option<Timestamp>,
}
Expand description
A [policy][google.cloud.binaryauthorization.v1beta1.Policy] for Binary Authorization.
Fields
name: String
Output only. The resource name, in the format projects/*/policy
. There is
at most one policy per project.
description: String
Optional. A descriptive comment.
global_policy_evaluation_mode: i32
Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.
admission_whitelist_patterns: Vec<AdmissionWhitelistPattern>
Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.
cluster_admission_rules: HashMap<String, AdmissionRule>
Optional. Per-cluster admission rules. Cluster spec format:
location.clusterId
. There can be at most one admission rule per cluster
spec.
A location
is either a compute zone (e.g. us-central1-a) or a region
(e.g. us-central1).
For clusterId
syntax restrictions see
https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
kubernetes_namespace_admission_rules: HashMap<String, AdmissionRule>
Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
\[a-z.-\]+
, e.g. some-namespace
kubernetes_service_account_admission_rules: HashMap<String, AdmissionRule>
Optional. Per-kubernetes-service-account admission rules. Service account
spec format: namespace:serviceaccount
. e.g. test-ns:default
istio_service_identity_admission_rules: HashMap<String, AdmissionRule>
Optional. Per-istio-service-identity admission rules. Istio service
identity spec format:
spiffe://<domain>/ns/<namespace>/sa/<serviceaccount>
or
<domain>/ns/<namespace>/sa/<serviceaccount>
e.g. spiffe://example.com/ns/test-ns/sa/default
default_admission_rule: Option<AdmissionRule>
Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.
update_time: Option<Timestamp>
Output only. Time when the policy was last updated.
Implementations
Returns the enum value of global_policy_evaluation_mode
, or the default if the field is set to an invalid enum value.
Sets global_policy_evaluation_mode
to the provided enum value.
Trait Implementations
fn merge_field<B>(
&mut self,
tag: u32,
wire_type: WireType,
buf: &mut B,
ctx: DecodeContext
) -> Result<(), DecodeError> where
B: Buf,
Returns the encoded length of the message without a length delimiter.
Encodes the message to a buffer. Read more
Encodes the message to a newly allocated buffer.
Encodes the message with a length-delimiter to a buffer. Read more
Encodes the message with a length-delimiter to a newly allocated buffer.
Decodes an instance of the message from a buffer. Read more
fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
Self: Default,
B: Buf,
fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
Self: Default,
B: Buf,
Decodes a length-delimited instance of the message from the buffer.
Decodes an instance of the message from a buffer, and merges it into self
. Read more
Decodes a length-delimited instance of the message from buffer, and
merges it into self
. Read more
Auto Trait Implementations
impl RefUnwindSafe for Policy
impl UnwindSafe for Policy
Blanket Implementations
Mutably borrows from an owned value. Read more
Wrap the input message T
in a tonic::Request
pub fn vzip(self) -> V
Attaches the provided Subscriber
to this type, returning a
WithDispatch
wrapper. Read more
Attaches the current default Subscriber
to this type, returning a
WithDispatch
wrapper. Read more