Struct googapis::google::cloud::binaryauthorization::v1beta1::Policy

pub struct Policy {
    pub name: String,
    pub description: String,
    pub global_policy_evaluation_mode: i32,
    pub admission_whitelist_patterns: Vec<AdmissionWhitelistPattern>,
    pub cluster_admission_rules: HashMap<String, AdmissionRule>,
    pub kubernetes_namespace_admission_rules: HashMap<String, AdmissionRule>,
    pub kubernetes_service_account_admission_rules: HashMap<String, AdmissionRule>,
    pub istio_service_identity_admission_rules: HashMap<String, AdmissionRule>,
    pub default_admission_rule: Option<AdmissionRule>,
    pub update_time: Option<Timestamp>,
}

A [policy][google.cloud.binaryauthorization.v1beta1.Policy] for Binary Authorization.

Fields

name: String

Output only. The resource name, in the format projects/*/policy. There is at most one policy per project.

description: String

Optional. A descriptive comment.

global_policy_evaluation_mode: i32

Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.

admission_whitelist_patterns: Vec<AdmissionWhitelistPattern>

Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies.

cluster_admission_rules: HashMap<String, AdmissionRule>

Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.

kubernetes_namespace_admission_rules: HashMap<String, AdmissionRule>

Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: \[a-z.-\]+, e.g. some-namespace

kubernetes_service_account_admission_rules: HashMap<String, AdmissionRule>

Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. test-ns:default

istio_service_identity_admission_rules: HashMap<String, AdmissionRule>

Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or <domain>/ns/<namespace>/sa/<serviceaccount> e.g. spiffe://example.com/ns/test-ns/sa/default

default_admission_rule: Option<AdmissionRule>

Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule.

update_time: Option<Timestamp>

Output only. Time when the policy was last updated.

Implementations

impl Policy

pub fn global_policy_evaluation_mode(&self) -> GlobalPolicyEvaluationMode

Returns the enum value of global_policy_evaluation_mode, or the default if the field is set to an invalid enum value.

pub fn set_global_policy_evaluation_mode(
    &mut self,
    value: GlobalPolicyEvaluationMode
)

Sets global_policy_evaluation_mode to the provided enum value.

Trait Implementations

impl Clone for Policy

fn clone(&self) -> Policy

Returns a copy of the value.

fn clone_from(&mut self, source: &Self)

Performs copy-assignment from source.

impl Debug for Policy

fn fmt(&self, f: &mut Formatter<'_>) -> Result

Formats the value using the given formatter.

impl Default for Policy

fn default() -> Self

Returns the “default value” for a type.

impl Message for Policy

fn encode_raw<B>(&self, buf: &mut B) where
    B: BufMut, 

fn merge_field<B>(
    &mut self,
    tag: u32,
    wire_type: WireType,
    buf: &mut B,
    ctx: DecodeContext
) -> Result<(), DecodeError> where
    B: Buf, 

fn encoded_len(&self) -> usize

Returns the encoded length of the message without a length delimiter.

fn clear(&mut self)

Clears the message, resetting all fields to their default.

fn encode<B>(&self, buf: &mut B) -> Result<(), EncodeError> where
    B: BufMut, 

Encodes the message to a buffer.

fn encode_to_vec(&self) -> Vec<u8, Global>

Encodes the message to a newly allocated buffer.

fn encode_length_delimited<B>(&self, buf: &mut B) -> Result<(), EncodeError> where
    B: BufMut, 

Encodes the message with a length-delimiter to a buffer.

fn encode_length_delimited_to_vec(&self) -> Vec<u8, Global>

Encodes the message with a length-delimiter to a newly allocated buffer.

fn decode<B>(buf: B) -> Result<Self, DecodeError> where
    Self: Default,
    B: Buf, 

Decodes an instance of the message from a buffer.

fn decode_length_delimited<B>(buf: B) -> Result<Self, DecodeError> where
    Self: Default,
    B: Buf, 

Decodes a length-delimited instance of the message from the buffer.

fn merge<B>(&mut self, buf: B) -> Result<(), DecodeError> where
    B: Buf, 

Decodes an instance of the message from a buffer, and merges it into self.

fn merge_length_delimited<B>(&mut self, buf: B) -> Result<(), DecodeError> where
    B: Buf, 

Decodes a length-delimited instance of the message from buffer, and merges it into self.

impl PartialEq<Policy> for Policy

fn eq(&self, other: &Policy) -> bool

This method tests for self and other values to be equal, and is used by ==.

fn ne(&self, other: &Policy) -> bool

This method tests for !=.

impl StructuralPartialEq for Policy