binaryauthorizationpb

package
v1.5.1 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: May 8, 2023 License: Apache-2.0 Imports: 12 Imported by: 3

Documentation

Index

Constants

This section is empty.

Variables

View Source 
var (
	Policy_GlobalPolicyEvaluationMode_name = map[int32]string{
		0: "GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED",
		1: "ENABLE",
		2: "DISABLE",
	}
	Policy_GlobalPolicyEvaluationMode_value = map[string]int32{
		"GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED": 0,
		"ENABLE":  1,
		"DISABLE": 2,
	}
)

Enum value maps for Policy_GlobalPolicyEvaluationMode.

View Source 
var (
	AdmissionRule_EvaluationMode_name = map[int32]string{
		0: "EVALUATION_MODE_UNSPECIFIED",
		1: "ALWAYS_ALLOW",
		2: "REQUIRE_ATTESTATION",
		3: "ALWAYS_DENY",
	}
	AdmissionRule_EvaluationMode_value = map[string]int32{
		"EVALUATION_MODE_UNSPECIFIED": 0,
		"ALWAYS_ALLOW":                1,
		"REQUIRE_ATTESTATION":         2,
		"ALWAYS_DENY":                 3,
	}
)

Enum value maps for AdmissionRule_EvaluationMode.

View Source 
var (
	AdmissionRule_EnforcementMode_name = map[int32]string{
		0: "ENFORCEMENT_MODE_UNSPECIFIED",
		1: "ENFORCED_BLOCK_AND_AUDIT_LOG",
		2: "DRYRUN_AUDIT_LOG_ONLY",
	}
	AdmissionRule_EnforcementMode_value = map[string]int32{
		"ENFORCEMENT_MODE_UNSPECIFIED": 0,
		"ENFORCED_BLOCK_AND_AUDIT_LOG": 1,
		"DRYRUN_AUDIT_LOG_ONLY":        2,
	}
)

Enum value maps for AdmissionRule_EnforcementMode.

View Source 
var (
	PkixPublicKey_SignatureAlgorithm_name = map[int32]string{
		0: "SIGNATURE_ALGORITHM_UNSPECIFIED",
		1: "RSA_PSS_2048_SHA256",
		2: "RSA_PSS_3072_SHA256",
		3: "RSA_PSS_4096_SHA256",
		4: "RSA_PSS_4096_SHA512",
		5: "RSA_SIGN_PKCS1_2048_SHA256",
		6: "RSA_SIGN_PKCS1_3072_SHA256",
		7: "RSA_SIGN_PKCS1_4096_SHA256",
		8: "RSA_SIGN_PKCS1_4096_SHA512",
		9: "ECDSA_P256_SHA256",

		10: "ECDSA_P384_SHA384",

		11: "ECDSA_P521_SHA512",
	}
	PkixPublicKey_SignatureAlgorithm_value = map[string]int32{
		"SIGNATURE_ALGORITHM_UNSPECIFIED": 0,
		"RSA_PSS_2048_SHA256":             1,
		"RSA_PSS_3072_SHA256":             2,
		"RSA_PSS_4096_SHA256":             3,
		"RSA_PSS_4096_SHA512":             4,
		"RSA_SIGN_PKCS1_2048_SHA256":      5,
		"RSA_SIGN_PKCS1_3072_SHA256":      6,
		"RSA_SIGN_PKCS1_4096_SHA256":      7,
		"RSA_SIGN_PKCS1_4096_SHA512":      8,
		"ECDSA_P256_SHA256":               9,
		"EC_SIGN_P256_SHA256":             9,
		"ECDSA_P384_SHA384":               10,
		"EC_SIGN_P384_SHA384":             10,
		"ECDSA_P521_SHA512":               11,
		"EC_SIGN_P521_SHA512":             11,
	}
)

Enum value maps for PkixPublicKey_SignatureAlgorithm.

View Source 
var (
	ValidateAttestationOccurrenceResponse_Result_name = map[int32]string{
		0: "RESULT_UNSPECIFIED",
		1: "VERIFIED",
		2: "ATTESTATION_NOT_VERIFIABLE",
	}
	ValidateAttestationOccurrenceResponse_Result_value = map[string]int32{
		"RESULT_UNSPECIFIED":         0,
		"VERIFIED":                   1,
		"ATTESTATION_NOT_VERIFIABLE": 2,
	}
)

Enum value maps for ValidateAttestationOccurrenceResponse_Result.

View Source 
var File_google_cloud_binaryauthorization_v1_resources_proto protoreflect.FileDescriptor
View Source 
var File_google_cloud_binaryauthorization_v1_service_proto protoreflect.FileDescriptor

Functions

func RegisterBinauthzManagementServiceV1Server 

func RegisterBinauthzManagementServiceV1Server(s *grpc.Server, srv BinauthzManagementServiceV1Server)

func RegisterSystemPolicyV1Server 

func RegisterSystemPolicyV1Server(s *grpc.Server, srv SystemPolicyV1Server)

func RegisterValidationHelperV1Server 

func RegisterValidationHelperV1Server(s *grpc.Server, srv ValidationHelperV1Server)

Types

type AdmissionRule 

type AdmissionRule struct {

	// Required. How this admission rule will be evaluated.
	EvaluationMode AdmissionRule_EvaluationMode `` /* 174-byte string literal not displayed */
	// Optional. The resource names of the attestors that must attest to
	// a container image, in the format `projects/*/attestors/*`. Each
	// attestor must exist before a policy can reference it.  To add an attestor
	// to a policy the principal issuing the policy change request must be able
	// to read the attestor resource.
	//
	// Note: this field must be non-empty when the evaluation_mode field specifies
	// REQUIRE_ATTESTATION, otherwise it must be empty.
	RequireAttestationsBy []string `` /* 126-byte string literal not displayed */
	// Required. The action when a pod creation is denied by the admission rule.
	EnforcementMode AdmissionRule_EnforcementMode `` /* 178-byte string literal not displayed */
	// contains filtered or unexported fields
}

An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied.

Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.

func (*AdmissionRule) Descriptor deprecated 

func (*AdmissionRule) Descriptor() ([]byte, []int)

Deprecated: Use AdmissionRule.ProtoReflect.Descriptor instead.

func (*AdmissionRule) GetEnforcementMode 

func (x *AdmissionRule) GetEnforcementMode() AdmissionRule_EnforcementMode

func (*AdmissionRule) GetEvaluationMode 

func (x *AdmissionRule) GetEvaluationMode() AdmissionRule_EvaluationMode

func (*AdmissionRule) GetRequireAttestationsBy 

func (x *AdmissionRule) GetRequireAttestationsBy() []string

func (*AdmissionRule) ProtoMessage 

func (*AdmissionRule) ProtoMessage()

func (*AdmissionRule) ProtoReflect 

func (x *AdmissionRule) ProtoReflect() protoreflect.Message

func (*AdmissionRule) Reset 

func (x *AdmissionRule) Reset()

func (*AdmissionRule) String 

func (x *AdmissionRule) String() string

type AdmissionRule_EnforcementMode 

type AdmissionRule_EnforcementMode int32

Defines the possible actions when a pod creation is denied by an admission rule. 

const (
	// Do not use.
	AdmissionRule_ENFORCEMENT_MODE_UNSPECIFIED AdmissionRule_EnforcementMode = 0
	// Enforce the admission rule by blocking the pod creation.
	AdmissionRule_ENFORCED_BLOCK_AND_AUDIT_LOG AdmissionRule_EnforcementMode = 1
	// Dryrun mode: Audit logging only.  This will allow the pod creation as if
	// the admission request had specified break-glass.
	AdmissionRule_DRYRUN_AUDIT_LOG_ONLY AdmissionRule_EnforcementMode = 2
)

func (AdmissionRule_EnforcementMode) Descriptor 

func (AdmissionRule_EnforcementMode) Descriptor() protoreflect.EnumDescriptor

func (AdmissionRule_EnforcementMode) Enum 

func (x AdmissionRule_EnforcementMode) Enum() *AdmissionRule_EnforcementMode

func (AdmissionRule_EnforcementMode) EnumDescriptor deprecated 

func (AdmissionRule_EnforcementMode) EnumDescriptor() ([]byte, []int)

Deprecated: Use AdmissionRule_EnforcementMode.Descriptor instead.

func (AdmissionRule_EnforcementMode) Number 

func (x AdmissionRule_EnforcementMode) Number() protoreflect.EnumNumber

func (AdmissionRule_EnforcementMode) String 

func (x AdmissionRule_EnforcementMode) String() string

func (AdmissionRule_EnforcementMode) Type 

func (AdmissionRule_EnforcementMode) Type() protoreflect.EnumType

type AdmissionRule_EvaluationMode 

type AdmissionRule_EvaluationMode int32
const (
	// Do not use.
	AdmissionRule_EVALUATION_MODE_UNSPECIFIED AdmissionRule_EvaluationMode = 0
	// This rule allows all all pod creations.
	AdmissionRule_ALWAYS_ALLOW AdmissionRule_EvaluationMode = 1
	// This rule allows a pod creation if all the attestors listed in
	// 'require_attestations_by' have valid attestations for all of the
	// images in the pod spec.
	AdmissionRule_REQUIRE_ATTESTATION AdmissionRule_EvaluationMode = 2
	// This rule denies all pod creations.
	AdmissionRule_ALWAYS_DENY AdmissionRule_EvaluationMode = 3
)

func (AdmissionRule_EvaluationMode) Descriptor 

func (AdmissionRule_EvaluationMode) Descriptor() protoreflect.EnumDescriptor

func (AdmissionRule_EvaluationMode) Enum 

func (x AdmissionRule_EvaluationMode) Enum() *AdmissionRule_EvaluationMode

func (AdmissionRule_EvaluationMode) EnumDescriptor deprecated 

func (AdmissionRule_EvaluationMode) EnumDescriptor() ([]byte, []int)

Deprecated: Use AdmissionRule_EvaluationMode.Descriptor instead.

func (AdmissionRule_EvaluationMode) Number 

func (x AdmissionRule_EvaluationMode) Number() protoreflect.EnumNumber

func (AdmissionRule_EvaluationMode) String 

func (x AdmissionRule_EvaluationMode) String() string

func (AdmissionRule_EvaluationMode) Type 

func (AdmissionRule_EvaluationMode) Type() protoreflect.EnumType

type AdmissionWhitelistPattern 

type AdmissionWhitelistPattern struct {

	// An image name pattern to allowlist, in the form `registry/path/to/image`.
	// This supports a trailing `*` wildcard, but this is allowed only in
	// text after the `registry/` part. This also supports a trailing `**`
	// wildcard which matches subdirectories of a given entry.
	NamePattern string `protobuf:"bytes,1,opt,name=name_pattern,json=namePattern,proto3" json:"name_pattern,omitempty"`
	// contains filtered or unexported fields
}

An [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] exempts images from checks by [admission rules][google.cloud.binaryauthorization.v1.AdmissionRule].

func (*AdmissionWhitelistPattern) Descriptor deprecated 

func (*AdmissionWhitelistPattern) Descriptor() ([]byte, []int)

Deprecated: Use AdmissionWhitelistPattern.ProtoReflect.Descriptor instead.

func (*AdmissionWhitelistPattern) GetNamePattern 

func (x *AdmissionWhitelistPattern) GetNamePattern() string

func (*AdmissionWhitelistPattern) ProtoMessage 

func (*AdmissionWhitelistPattern) ProtoMessage()

func (*AdmissionWhitelistPattern) ProtoReflect 

func (x *AdmissionWhitelistPattern) ProtoReflect() protoreflect.Message

func (*AdmissionWhitelistPattern) Reset 

func (x *AdmissionWhitelistPattern) Reset()

func (*AdmissionWhitelistPattern) String 

func (x *AdmissionWhitelistPattern) String() string

type Attestor 

type Attestor struct {

	// Required. The resource name, in the format:
	// `projects/*/attestors/*`. This field may not be updated.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. A descriptive comment.  This field may be updated.
	// The field may be displayed in chooser dialogs.
	Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
	// Types that are assignable to AttestorType:
	//	*Attestor_UserOwnedGrafeasNote
	AttestorType isAttestor_AttestorType `protobuf_oneof:"attestor_type"`
	// Output only. Time when the attestor was last updated.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// contains filtered or unexported fields
}

An [attestor][google.cloud.binaryauthorization.v1.Attestor] that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

func (*Attestor) Descriptor deprecated 

func (*Attestor) Descriptor() ([]byte, []int)

Deprecated: Use Attestor.ProtoReflect.Descriptor instead.

func (*Attestor) GetAttestorType 

func (m *Attestor) GetAttestorType() isAttestor_AttestorType

func (*Attestor) GetDescription 

func (x *Attestor) GetDescription() string

func (*Attestor) GetName 

func (x *Attestor) GetName() string

func (*Attestor) GetUpdateTime 

func (x *Attestor) GetUpdateTime() *timestamppb.Timestamp

func (*Attestor) GetUserOwnedGrafeasNote 

func (x *Attestor) GetUserOwnedGrafeasNote() *UserOwnedGrafeasNote

func (*Attestor) ProtoMessage 

func (*Attestor) ProtoMessage()

func (*Attestor) ProtoReflect 

func (x *Attestor) ProtoReflect() protoreflect.Message

func (*Attestor) Reset 

func (x *Attestor) Reset()

func (*Attestor) String 

func (x *Attestor) String() string

type AttestorPublicKey 

type AttestorPublicKey struct {

	// Optional. A descriptive comment. This field may be updated.
	Comment string `protobuf:"bytes,1,opt,name=comment,proto3" json:"comment,omitempty"`
	// The ID of this public key.
	// Signatures verified by BinAuthz must include the ID of the public key that
	// can be used to verify them, and that ID must match the contents of this
	// field exactly.
	// Additional restrictions on this field can be imposed based on which public
	// key type is encapsulated. See the documentation on `public_key` cases below
	// for details.
	Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	// Types that are assignable to PublicKey:
	//	*AttestorPublicKey_AsciiArmoredPgpPublicKey
	//	*AttestorPublicKey_PkixPublicKey
	PublicKey isAttestorPublicKey_PublicKey `protobuf_oneof:"public_key"`
	// contains filtered or unexported fields
}

An [attestor public key][google.cloud.binaryauthorization.v1.AttestorPublicKey] that will be used to verify attestations signed by this attestor.

func (*AttestorPublicKey) Descriptor deprecated 

func (*AttestorPublicKey) Descriptor() ([]byte, []int)

Deprecated: Use AttestorPublicKey.ProtoReflect.Descriptor instead.

func (*AttestorPublicKey) GetAsciiArmoredPgpPublicKey 

func (x *AttestorPublicKey) GetAsciiArmoredPgpPublicKey() string

func (*AttestorPublicKey) GetComment 

func (x *AttestorPublicKey) GetComment() string

func (*AttestorPublicKey) GetId 

func (x *AttestorPublicKey) GetId() string

func (*AttestorPublicKey) GetPkixPublicKey 

func (x *AttestorPublicKey) GetPkixPublicKey() *PkixPublicKey

func (*AttestorPublicKey) GetPublicKey 

func (m *AttestorPublicKey) GetPublicKey() isAttestorPublicKey_PublicKey

func (*AttestorPublicKey) ProtoMessage 

func (*AttestorPublicKey) ProtoMessage()

func (*AttestorPublicKey) ProtoReflect 

func (x *AttestorPublicKey) ProtoReflect() protoreflect.Message

func (*AttestorPublicKey) Reset 

func (x *AttestorPublicKey) Reset()

func (*AttestorPublicKey) String 

func (x *AttestorPublicKey) String() string

type AttestorPublicKey_AsciiArmoredPgpPublicKey 

type AttestorPublicKey_AsciiArmoredPgpPublicKey struct {
	// ASCII-armored representation of a PGP public key, as the entire output by
	// the command `gpg --export --armor foo@example.com` (either LF or CRLF
	// line endings).
	// When using this field, `id` should be left blank.  The BinAuthz API
	// handlers will calculate the ID and fill it in automatically.  BinAuthz
	// computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as
	// upper-case hex.  If `id` is provided by the caller, it will be
	// overwritten by the API-calculated ID.
	AsciiArmoredPgpPublicKey string `protobuf:"bytes,3,opt,name=ascii_armored_pgp_public_key,json=asciiArmoredPgpPublicKey,proto3,oneof"`
}

type AttestorPublicKey_PkixPublicKey 

type AttestorPublicKey_PkixPublicKey struct {
	// A raw PKIX SubjectPublicKeyInfo format public key.
	//
	// NOTE: `id` may be explicitly provided by the caller when using this
	// type of public key, but it MUST be a valid RFC3986 URI. If `id` is left
	// blank, a default one will be computed based on the digest of the DER
	// encoding of the public key.
	PkixPublicKey *PkixPublicKey `protobuf:"bytes,5,opt,name=pkix_public_key,json=pkixPublicKey,proto3,oneof"`
}

type Attestor_UserOwnedGrafeasNote 

type Attestor_UserOwnedGrafeasNote struct {
	// This specifies how an attestation will be read, and how it will be used
	// during policy enforcement.
	UserOwnedGrafeasNote *UserOwnedGrafeasNote `protobuf:"bytes,3,opt,name=user_owned_grafeas_note,json=userOwnedGrafeasNote,proto3,oneof"`
}

type BinauthzManagementServiceV1Client 

type BinauthzManagementServiceV1Client interface {
	// A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
	// a container image, before the project is allowed to deploy that
	// image. There is at most one policy per project. All image admission
	// requests are permitted if a project has no policy.
	//
	// Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
	// [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
	GetPolicy(ctx context.Context, in *GetPolicyRequest, opts ...grpc.CallOption) (*Policy, error)
	// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
	// new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
	// conditions with concurrent policy enforcement (or management!)
	// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
	// if the request is malformed.
	UpdatePolicy(ctx context.Context, in *UpdatePolicyRequest, opts ...grpc.CallOption) (*Policy, error)
	// Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
	// [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
	// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
	// [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
	CreateAttestor(ctx context.Context, in *CreateAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
	// Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
	// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
	GetAttestor(ctx context.Context, in *GetAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
	// Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
	// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
	UpdateAttestor(ctx context.Context, in *UpdateAttestorRequest, opts ...grpc.CallOption) (*Attestor, error)
	// Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
	// Returns INVALID_ARGUMENT if the project does not exist.
	ListAttestors(ctx context.Context, in *ListAttestorsRequest, opts ...grpc.CallOption) (*ListAttestorsResponse, error)
	// Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
	// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
	DeleteAttestor(ctx context.Context, in *DeleteAttestorRequest, opts ...grpc.CallOption) (*emptypb.Empty, error)
}

BinauthzManagementServiceV1Client is the client API for BinauthzManagementServiceV1 service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewBinauthzManagementServiceV1Client 

func NewBinauthzManagementServiceV1Client(cc grpc.ClientConnInterface) BinauthzManagementServiceV1Client

type BinauthzManagementServiceV1Server 

type BinauthzManagementServiceV1Server interface {
	// A [policy][google.cloud.binaryauthorization.v1.Policy] specifies the [attestors][google.cloud.binaryauthorization.v1.Attestor] that must attest to
	// a container image, before the project is allowed to deploy that
	// image. There is at most one policy per project. All image admission
	// requests are permitted if a project has no policy.
	//
	// Gets the [policy][google.cloud.binaryauthorization.v1.Policy] for this project. Returns a default
	// [policy][google.cloud.binaryauthorization.v1.Policy] if the project does not have one.
	GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)
	// Creates or updates a project's [policy][google.cloud.binaryauthorization.v1.Policy], and returns a copy of the
	// new [policy][google.cloud.binaryauthorization.v1.Policy]. A policy is always updated as a whole, to avoid race
	// conditions with concurrent policy enforcement (or management!)
	// requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT
	// if the request is malformed.
	UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)
	// Creates an [attestor][google.cloud.binaryauthorization.v1.Attestor], and returns a copy of the new
	// [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the project does not exist,
	// INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the
	// [attestor][google.cloud.binaryauthorization.v1.Attestor] already exists.
	CreateAttestor(context.Context, *CreateAttestorRequest) (*Attestor, error)
	// Gets an [attestor][google.cloud.binaryauthorization.v1.Attestor].
	// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
	GetAttestor(context.Context, *GetAttestorRequest) (*Attestor, error)
	// Updates an [attestor][google.cloud.binaryauthorization.v1.Attestor].
	// Returns NOT_FOUND if the [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
	UpdateAttestor(context.Context, *UpdateAttestorRequest) (*Attestor, error)
	// Lists [attestors][google.cloud.binaryauthorization.v1.Attestor].
	// Returns INVALID_ARGUMENT if the project does not exist.
	ListAttestors(context.Context, *ListAttestorsRequest) (*ListAttestorsResponse, error)
	// Deletes an [attestor][google.cloud.binaryauthorization.v1.Attestor]. Returns NOT_FOUND if the
	// [attestor][google.cloud.binaryauthorization.v1.Attestor] does not exist.
	DeleteAttestor(context.Context, *DeleteAttestorRequest) (*emptypb.Empty, error)
}

BinauthzManagementServiceV1Server is the server API for BinauthzManagementServiceV1 service.

type CreateAttestorRequest 

type CreateAttestorRequest struct {

	// Required. The parent of this [attestor][google.cloud.binaryauthorization.v1.Attestor].
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Required. The [attestors][google.cloud.binaryauthorization.v1.Attestor] ID.
	AttestorId string `protobuf:"bytes,2,opt,name=attestor_id,json=attestorId,proto3" json:"attestor_id,omitempty"`
	// Required. The initial [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
	// overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name,
	// in the format `projects/*/attestors/*`.
	Attestor *Attestor `protobuf:"bytes,3,opt,name=attestor,proto3" json:"attestor,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.CreateAttestor][].

func (*CreateAttestorRequest) Descriptor deprecated 

func (*CreateAttestorRequest) Descriptor() ([]byte, []int)

Deprecated: Use CreateAttestorRequest.ProtoReflect.Descriptor instead.

func (*CreateAttestorRequest) GetAttestor 

func (x *CreateAttestorRequest) GetAttestor() *Attestor

func (*CreateAttestorRequest) GetAttestorId 

func (x *CreateAttestorRequest) GetAttestorId() string

func (*CreateAttestorRequest) GetParent 

func (x *CreateAttestorRequest) GetParent() string

func (*CreateAttestorRequest) ProtoMessage 

func (*CreateAttestorRequest) ProtoMessage()

func (*CreateAttestorRequest) ProtoReflect 

func (x *CreateAttestorRequest) ProtoReflect() protoreflect.Message

func (*CreateAttestorRequest) Reset 

func (x *CreateAttestorRequest) Reset()

func (*CreateAttestorRequest) String 

func (x *CreateAttestorRequest) String() string

type DeleteAttestorRequest 

type DeleteAttestorRequest struct {

	// Required. The name of the [attestors][google.cloud.binaryauthorization.v1.Attestor] to delete, in the format
	// `projects/*/attestors/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.DeleteAttestor][].

func (*DeleteAttestorRequest) Descriptor deprecated 

func (*DeleteAttestorRequest) Descriptor() ([]byte, []int)

Deprecated: Use DeleteAttestorRequest.ProtoReflect.Descriptor instead.

func (*DeleteAttestorRequest) GetName 

func (x *DeleteAttestorRequest) GetName() string

func (*DeleteAttestorRequest) ProtoMessage 

func (*DeleteAttestorRequest) ProtoMessage()

func (*DeleteAttestorRequest) ProtoReflect 

func (x *DeleteAttestorRequest) ProtoReflect() protoreflect.Message

func (*DeleteAttestorRequest) Reset 

func (x *DeleteAttestorRequest) Reset()

func (*DeleteAttestorRequest) String 

func (x *DeleteAttestorRequest) String() string

type GetAttestorRequest 

type GetAttestorRequest struct {

	// Required. The name of the [attestor][google.cloud.binaryauthorization.v1.Attestor] to retrieve, in the format
	// `projects/*/attestors/*`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.GetAttestor][].

func (*GetAttestorRequest) Descriptor deprecated 

func (*GetAttestorRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetAttestorRequest.ProtoReflect.Descriptor instead.

func (*GetAttestorRequest) GetName 

func (x *GetAttestorRequest) GetName() string

func (*GetAttestorRequest) ProtoMessage 

func (*GetAttestorRequest) ProtoMessage()

func (*GetAttestorRequest) ProtoReflect 

func (x *GetAttestorRequest) ProtoReflect() protoreflect.Message

func (*GetAttestorRequest) Reset 

func (x *GetAttestorRequest) Reset()

func (*GetAttestorRequest) String 

func (x *GetAttestorRequest) String() string

type GetPolicyRequest 

type GetPolicyRequest struct {

	// Required. The resource name of the [policy][google.cloud.binaryauthorization.v1.Policy] to retrieve,
	// in the format `projects/*/policy`.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.GetPolicy][].

func (*GetPolicyRequest) Descriptor deprecated 

func (*GetPolicyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetPolicyRequest.ProtoReflect.Descriptor instead.

func (*GetPolicyRequest) GetName 

func (x *GetPolicyRequest) GetName() string

func (*GetPolicyRequest) ProtoMessage 

func (*GetPolicyRequest) ProtoMessage()

func (*GetPolicyRequest) ProtoReflect 

func (x *GetPolicyRequest) ProtoReflect() protoreflect.Message

func (*GetPolicyRequest) Reset 

func (x *GetPolicyRequest) Reset()

func (*GetPolicyRequest) String 

func (x *GetPolicyRequest) String() string

type GetSystemPolicyRequest 

type GetSystemPolicyRequest struct {

	// Required. The resource name, in the format `locations/*/policy`.
	// Note that the system policy is not associated with a project.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// contains filtered or unexported fields
}

Request to read the current system policy.

func (*GetSystemPolicyRequest) Descriptor deprecated 

func (*GetSystemPolicyRequest) Descriptor() ([]byte, []int)

Deprecated: Use GetSystemPolicyRequest.ProtoReflect.Descriptor instead.

func (*GetSystemPolicyRequest) GetName 

func (x *GetSystemPolicyRequest) GetName() string

func (*GetSystemPolicyRequest) ProtoMessage 

func (*GetSystemPolicyRequest) ProtoMessage()

func (*GetSystemPolicyRequest) ProtoReflect 

func (x *GetSystemPolicyRequest) ProtoReflect() protoreflect.Message

func (*GetSystemPolicyRequest) Reset 

func (x *GetSystemPolicyRequest) Reset()

func (*GetSystemPolicyRequest) String 

func (x *GetSystemPolicyRequest) String() string

type ListAttestorsRequest 

type ListAttestorsRequest struct {

	// Required. The resource name of the project associated with the
	// [attestors][google.cloud.binaryauthorization.v1.Attestor], in the format `projects/*`.
	Parent string `protobuf:"bytes,1,opt,name=parent,proto3" json:"parent,omitempty"`
	// Requested page size. The server may return fewer results than requested. If
	// unspecified, the server will pick an appropriate default.
	PageSize int32 `protobuf:"varint,2,opt,name=page_size,json=pageSize,proto3" json:"page_size,omitempty"`
	// A token identifying a page of results the server should return. Typically,
	// this is the value of [ListAttestorsResponse.next_page_token][google.cloud.binaryauthorization.v1.ListAttestorsResponse.next_page_token] returned
	// from the previous call to the `ListAttestors` method.
	PageToken string `protobuf:"bytes,3,opt,name=page_token,json=pageToken,proto3" json:"page_token,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.ListAttestors][].

func (*ListAttestorsRequest) Descriptor deprecated 

func (*ListAttestorsRequest) Descriptor() ([]byte, []int)

Deprecated: Use ListAttestorsRequest.ProtoReflect.Descriptor instead.

func (*ListAttestorsRequest) GetPageSize 

func (x *ListAttestorsRequest) GetPageSize() int32

func (*ListAttestorsRequest) GetPageToken 

func (x *ListAttestorsRequest) GetPageToken() string

func (*ListAttestorsRequest) GetParent 

func (x *ListAttestorsRequest) GetParent() string

func (*ListAttestorsRequest) ProtoMessage 

func (*ListAttestorsRequest) ProtoMessage()

func (*ListAttestorsRequest) ProtoReflect 

func (x *ListAttestorsRequest) ProtoReflect() protoreflect.Message

func (*ListAttestorsRequest) Reset 

func (x *ListAttestorsRequest) Reset()

func (*ListAttestorsRequest) String 

func (x *ListAttestorsRequest) String() string

type ListAttestorsResponse 

type ListAttestorsResponse struct {

	// The list of [attestors][google.cloud.binaryauthorization.v1.Attestor].
	Attestors []*Attestor `protobuf:"bytes,1,rep,name=attestors,proto3" json:"attestors,omitempty"`
	// A token to retrieve the next page of results. Pass this value in the
	// [ListAttestorsRequest.page_token][google.cloud.binaryauthorization.v1.ListAttestorsRequest.page_token] field in the subsequent call to the
	// `ListAttestors` method to retrieve the next page of results.
	NextPageToken string `protobuf:"bytes,2,opt,name=next_page_token,json=nextPageToken,proto3" json:"next_page_token,omitempty"`
	// contains filtered or unexported fields
}

Response message for [BinauthzManagementService.ListAttestors][].

func (*ListAttestorsResponse) Descriptor deprecated 

func (*ListAttestorsResponse) Descriptor() ([]byte, []int)

Deprecated: Use ListAttestorsResponse.ProtoReflect.Descriptor instead.

func (*ListAttestorsResponse) GetAttestors 

func (x *ListAttestorsResponse) GetAttestors() []*Attestor

func (*ListAttestorsResponse) GetNextPageToken 

func (x *ListAttestorsResponse) GetNextPageToken() string

func (*ListAttestorsResponse) ProtoMessage 

func (*ListAttestorsResponse) ProtoMessage()

func (*ListAttestorsResponse) ProtoReflect 

func (x *ListAttestorsResponse) ProtoReflect() protoreflect.Message

func (*ListAttestorsResponse) Reset 

func (x *ListAttestorsResponse) Reset()

func (*ListAttestorsResponse) String 

func (x *ListAttestorsResponse) String() string

type PkixPublicKey 

type PkixPublicKey struct {

	// A PEM-encoded public key, as described in
	// https://tools.ietf.org/html/rfc7468#section-13
	PublicKeyPem string `protobuf:"bytes,1,opt,name=public_key_pem,json=publicKeyPem,proto3" json:"public_key_pem,omitempty"`
	// The signature algorithm used to verify a message against a signature using
	// this key.
	// These signature algorithm must match the structure and any object
	// identifiers encoded in `public_key_pem` (i.e. this algorithm must match
	// that of the public key).
	SignatureAlgorithm PkixPublicKey_SignatureAlgorithm `` /* 190-byte string literal not displayed */
	// contains filtered or unexported fields
}

A public key in the PkixPublicKey format (see https://tools.ietf.org/html/rfc5280#section-4.1.2.7 for details). Public keys of this type are typically textually encoded using the PEM format.

func (*PkixPublicKey) Descriptor deprecated 

func (*PkixPublicKey) Descriptor() ([]byte, []int)

Deprecated: Use PkixPublicKey.ProtoReflect.Descriptor instead.

func (*PkixPublicKey) GetPublicKeyPem 

func (x *PkixPublicKey) GetPublicKeyPem() string

func (*PkixPublicKey) GetSignatureAlgorithm 

func (x *PkixPublicKey) GetSignatureAlgorithm() PkixPublicKey_SignatureAlgorithm

func (*PkixPublicKey) ProtoMessage 

func (*PkixPublicKey) ProtoMessage()

func (*PkixPublicKey) ProtoReflect 

func (x *PkixPublicKey) ProtoReflect() protoreflect.Message

func (*PkixPublicKey) Reset 

func (x *PkixPublicKey) Reset()

func (*PkixPublicKey) String 

func (x *PkixPublicKey) String() string

type PkixPublicKey_SignatureAlgorithm 

type PkixPublicKey_SignatureAlgorithm int32

Represents a signature algorithm and other information necessary to verify signatures with a given public key. This is based primarily on the public key types supported by Tink's PemKeyType, which is in turn based on KMS's supported signing algorithms. See https://cloud.google.com/kms/docs/algorithms. In the future, BinAuthz might support additional public key types independently of Tink and/or KMS. 

const (
	// Not specified.
	PkixPublicKey_SIGNATURE_ALGORITHM_UNSPECIFIED PkixPublicKey_SignatureAlgorithm = 0
	// RSASSA-PSS 2048 bit key with a SHA256 digest.
	PkixPublicKey_RSA_PSS_2048_SHA256 PkixPublicKey_SignatureAlgorithm = 1
	// RSASSA-PSS 3072 bit key with a SHA256 digest.
	PkixPublicKey_RSA_PSS_3072_SHA256 PkixPublicKey_SignatureAlgorithm = 2
	// RSASSA-PSS 4096 bit key with a SHA256 digest.
	PkixPublicKey_RSA_PSS_4096_SHA256 PkixPublicKey_SignatureAlgorithm = 3
	// RSASSA-PSS 4096 bit key with a SHA512 digest.
	PkixPublicKey_RSA_PSS_4096_SHA512 PkixPublicKey_SignatureAlgorithm = 4
	// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
	PkixPublicKey_RSA_SIGN_PKCS1_2048_SHA256 PkixPublicKey_SignatureAlgorithm = 5
	// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
	PkixPublicKey_RSA_SIGN_PKCS1_3072_SHA256 PkixPublicKey_SignatureAlgorithm = 6
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
	PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA256 PkixPublicKey_SignatureAlgorithm = 7
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
	PkixPublicKey_RSA_SIGN_PKCS1_4096_SHA512 PkixPublicKey_SignatureAlgorithm = 8
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	PkixPublicKey_ECDSA_P256_SHA256 PkixPublicKey_SignatureAlgorithm = 9
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	PkixPublicKey_EC_SIGN_P256_SHA256 PkixPublicKey_SignatureAlgorithm = 9
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	PkixPublicKey_ECDSA_P384_SHA384 PkixPublicKey_SignatureAlgorithm = 10
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	PkixPublicKey_EC_SIGN_P384_SHA384 PkixPublicKey_SignatureAlgorithm = 10
	// ECDSA on the NIST P-521 curve with a SHA512 digest.
	PkixPublicKey_ECDSA_P521_SHA512 PkixPublicKey_SignatureAlgorithm = 11
	// ECDSA on the NIST P-521 curve with a SHA512 digest.
	PkixPublicKey_EC_SIGN_P521_SHA512 PkixPublicKey_SignatureAlgorithm = 11
)

func (PkixPublicKey_SignatureAlgorithm) Descriptor 

func (PkixPublicKey_SignatureAlgorithm) Descriptor() protoreflect.EnumDescriptor

func (PkixPublicKey_SignatureAlgorithm) Enum 

func (x PkixPublicKey_SignatureAlgorithm) Enum() *PkixPublicKey_SignatureAlgorithm

func (PkixPublicKey_SignatureAlgorithm) EnumDescriptor deprecated 

func (PkixPublicKey_SignatureAlgorithm) EnumDescriptor() ([]byte, []int)

Deprecated: Use PkixPublicKey_SignatureAlgorithm.Descriptor instead.

func (PkixPublicKey_SignatureAlgorithm) Number 

func (x PkixPublicKey_SignatureAlgorithm) Number() protoreflect.EnumNumber

func (PkixPublicKey_SignatureAlgorithm) String 

func (x PkixPublicKey_SignatureAlgorithm) String() string

func (PkixPublicKey_SignatureAlgorithm) Type 

func (PkixPublicKey_SignatureAlgorithm) Type() protoreflect.EnumType

type Policy 

type Policy struct {

	// Output only. The resource name, in the format `projects/*/policy`. There is
	// at most one policy per project.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. A descriptive comment.
	Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
	// Optional. Controls the evaluation of a Google-maintained global admission
	// policy for common system-level images. Images not covered by the global
	// policy will be subject to the project admission policy. This setting
	// has no effect when specified inside a global admission policy.
	GlobalPolicyEvaluationMode Policy_GlobalPolicyEvaluationMode `` /* 219-byte string literal not displayed */
	// Optional. Admission policy allowlisting. A matching admission request will
	// always be permitted. This feature is typically used to exclude Google or
	// third-party infrastructure images from Binary Authorization policies.
	AdmissionWhitelistPatterns []*AdmissionWhitelistPattern `` /* 141-byte string literal not displayed */
	// Optional. Per-cluster admission rules. Cluster spec format:
	// `location.clusterId`. There can be at most one admission rule per cluster
	// spec.
	// A `location` is either a compute zone (e.g. us-central1-a) or a region
	// (e.g. us-central1).
	// For `clusterId` syntax restrictions see
	// https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters.
	ClusterAdmissionRules map[string]*AdmissionRule `` /* 214-byte string literal not displayed */
	// Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format:
	// [a-z.-]+, e.g. 'some-namespace'
	KubernetesNamespaceAdmissionRules map[string]*AdmissionRule `` /* 253-byte string literal not displayed */
	// Optional. Per-kubernetes-service-account admission rules. Service account
	// spec format: `namespace:serviceaccount`. e.g. 'test-ns:default'
	KubernetesServiceAccountAdmissionRules map[string]*AdmissionRule `` /* 269-byte string literal not displayed */
	// Optional. Per-istio-service-identity admission rules. Istio service
	// identity spec format:
	// spiffe://<domain>/ns/<namespace>/sa/<serviceaccount> or
	// <domain>/ns/<namespace>/sa/<serviceaccount>
	// e.g. spiffe://example.com/ns/test-ns/sa/default
	IstioServiceIdentityAdmissionRules map[string]*AdmissionRule `` /* 257-byte string literal not displayed */
	// Required. Default admission rule for a cluster without a per-cluster, per-
	// kubernetes-service-account, or per-istio-service-identity admission rule.
	DefaultAdmissionRule *AdmissionRule `protobuf:"bytes,4,opt,name=default_admission_rule,json=defaultAdmissionRule,proto3" json:"default_admission_rule,omitempty"`
	// Output only. Time when the policy was last updated.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,5,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// contains filtered or unexported fields
}

A [policy][google.cloud.binaryauthorization.v1.Policy] for container image binary authorization.

func (*Policy) Descriptor deprecated 

func (*Policy) Descriptor() ([]byte, []int)

Deprecated: Use Policy.ProtoReflect.Descriptor instead.

func (*Policy) GetAdmissionWhitelistPatterns 

func (x *Policy) GetAdmissionWhitelistPatterns() []*AdmissionWhitelistPattern

func (*Policy) GetClusterAdmissionRules 

func (x *Policy) GetClusterAdmissionRules() map[string]*AdmissionRule

func (*Policy) GetDefaultAdmissionRule 

func (x *Policy) GetDefaultAdmissionRule() *AdmissionRule

func (*Policy) GetDescription 

func (x *Policy) GetDescription() string

func (*Policy) GetGlobalPolicyEvaluationMode 

func (x *Policy) GetGlobalPolicyEvaluationMode() Policy_GlobalPolicyEvaluationMode

func (*Policy) GetIstioServiceIdentityAdmissionRules 

func (x *Policy) GetIstioServiceIdentityAdmissionRules() map[string]*AdmissionRule

func (*Policy) GetKubernetesNamespaceAdmissionRules 

func (x *Policy) GetKubernetesNamespaceAdmissionRules() map[string]*AdmissionRule

func (*Policy) GetKubernetesServiceAccountAdmissionRules 

func (x *Policy) GetKubernetesServiceAccountAdmissionRules() map[string]*AdmissionRule

func (*Policy) GetName 

func (x *Policy) GetName() string

func (*Policy) GetUpdateTime 

func (x *Policy) GetUpdateTime() *timestamppb.Timestamp

func (*Policy) ProtoMessage 

func (*Policy) ProtoMessage()

func (*Policy) ProtoReflect 

func (x *Policy) ProtoReflect() protoreflect.Message

func (*Policy) Reset 

func (x *Policy) Reset()

func (*Policy) String 

func (x *Policy) String() string

type Policy_GlobalPolicyEvaluationMode 

type Policy_GlobalPolicyEvaluationMode int32
const (
	// Not specified: DISABLE is assumed.
	Policy_GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED Policy_GlobalPolicyEvaluationMode = 0
	// Enables system policy evaluation.
	Policy_ENABLE Policy_GlobalPolicyEvaluationMode = 1
	// Disables system policy evaluation.
	Policy_DISABLE Policy_GlobalPolicyEvaluationMode = 2
)

func (Policy_GlobalPolicyEvaluationMode) Descriptor 

func (Policy_GlobalPolicyEvaluationMode) Descriptor() protoreflect.EnumDescriptor

func (Policy_GlobalPolicyEvaluationMode) Enum 

func (x Policy_GlobalPolicyEvaluationMode) Enum() *Policy_GlobalPolicyEvaluationMode

func (Policy_GlobalPolicyEvaluationMode) EnumDescriptor deprecated 

func (Policy_GlobalPolicyEvaluationMode) EnumDescriptor() ([]byte, []int)

Deprecated: Use Policy_GlobalPolicyEvaluationMode.Descriptor instead.

func (Policy_GlobalPolicyEvaluationMode) Number 

func (x Policy_GlobalPolicyEvaluationMode) Number() protoreflect.EnumNumber

func (Policy_GlobalPolicyEvaluationMode) String 

func (x Policy_GlobalPolicyEvaluationMode) String() string

func (Policy_GlobalPolicyEvaluationMode) Type 

func (Policy_GlobalPolicyEvaluationMode) Type() protoreflect.EnumType

type SystemPolicyV1Client 

type SystemPolicyV1Client interface {
	// Gets the current system policy in the specified location.
	GetSystemPolicy(ctx context.Context, in *GetSystemPolicyRequest, opts ...grpc.CallOption) (*Policy, error)
}

SystemPolicyV1Client is the client API for SystemPolicyV1 service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewSystemPolicyV1Client 

func NewSystemPolicyV1Client(cc grpc.ClientConnInterface) SystemPolicyV1Client

type SystemPolicyV1Server 

type SystemPolicyV1Server interface {
	// Gets the current system policy in the specified location.
	GetSystemPolicy(context.Context, *GetSystemPolicyRequest) (*Policy, error)
}

SystemPolicyV1Server is the server API for SystemPolicyV1 service.

type UnimplementedBinauthzManagementServiceV1Server 

type UnimplementedBinauthzManagementServiceV1Server struct {
}

UnimplementedBinauthzManagementServiceV1Server can be embedded to have forward compatible implementations.

func (*UnimplementedBinauthzManagementServiceV1Server) CreateAttestor 

func (*UnimplementedBinauthzManagementServiceV1Server) CreateAttestor(context.Context, *CreateAttestorRequest) (*Attestor, error)

func (*UnimplementedBinauthzManagementServiceV1Server) DeleteAttestor 

func (*UnimplementedBinauthzManagementServiceV1Server) DeleteAttestor(context.Context, *DeleteAttestorRequest) (*emptypb.Empty, error)

func (*UnimplementedBinauthzManagementServiceV1Server) GetAttestor 

func (*UnimplementedBinauthzManagementServiceV1Server) GetAttestor(context.Context, *GetAttestorRequest) (*Attestor, error)

func (*UnimplementedBinauthzManagementServiceV1Server) GetPolicy 

func (*UnimplementedBinauthzManagementServiceV1Server) GetPolicy(context.Context, *GetPolicyRequest) (*Policy, error)

func (*UnimplementedBinauthzManagementServiceV1Server) ListAttestors 

func (*UnimplementedBinauthzManagementServiceV1Server) ListAttestors(context.Context, *ListAttestorsRequest) (*ListAttestorsResponse, error)

func (*UnimplementedBinauthzManagementServiceV1Server) UpdateAttestor 

func (*UnimplementedBinauthzManagementServiceV1Server) UpdateAttestor(context.Context, *UpdateAttestorRequest) (*Attestor, error)

func (*UnimplementedBinauthzManagementServiceV1Server) UpdatePolicy 

func (*UnimplementedBinauthzManagementServiceV1Server) UpdatePolicy(context.Context, *UpdatePolicyRequest) (*Policy, error)

type UnimplementedSystemPolicyV1Server 

type UnimplementedSystemPolicyV1Server struct {
}

UnimplementedSystemPolicyV1Server can be embedded to have forward compatible implementations.

func (*UnimplementedSystemPolicyV1Server) GetSystemPolicy 

func (*UnimplementedSystemPolicyV1Server) GetSystemPolicy(context.Context, *GetSystemPolicyRequest) (*Policy, error)

type UnimplementedValidationHelperV1Server 

type UnimplementedValidationHelperV1Server struct {
}

UnimplementedValidationHelperV1Server can be embedded to have forward compatible implementations.

func (*UnimplementedValidationHelperV1Server) ValidateAttestationOccurrence 

func (*UnimplementedValidationHelperV1Server) ValidateAttestationOccurrence(context.Context, *ValidateAttestationOccurrenceRequest) (*ValidateAttestationOccurrenceResponse, error)

type UpdateAttestorRequest 

type UpdateAttestorRequest struct {

	// Required. The updated [attestor][google.cloud.binaryauthorization.v1.Attestor] value. The service will
	// overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name
	// in the request URL, in the format `projects/*/attestors/*`.
	Attestor *Attestor `protobuf:"bytes,1,opt,name=attestor,proto3" json:"attestor,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.UpdateAttestor][].

func (*UpdateAttestorRequest) Descriptor deprecated 

func (*UpdateAttestorRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdateAttestorRequest.ProtoReflect.Descriptor instead.

func (*UpdateAttestorRequest) GetAttestor 

func (x *UpdateAttestorRequest) GetAttestor() *Attestor

func (*UpdateAttestorRequest) ProtoMessage 

func (*UpdateAttestorRequest) ProtoMessage()

func (*UpdateAttestorRequest) ProtoReflect 

func (x *UpdateAttestorRequest) ProtoReflect() protoreflect.Message

func (*UpdateAttestorRequest) Reset 

func (x *UpdateAttestorRequest) Reset()

func (*UpdateAttestorRequest) String 

func (x *UpdateAttestorRequest) String() string

type UpdatePolicyRequest 

type UpdatePolicyRequest struct {

	// Required. A new or updated [policy][google.cloud.binaryauthorization.v1.Policy] value. The service will
	// overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in
	// the request URL, in the format `projects/*/policy`.
	Policy *Policy `protobuf:"bytes,1,opt,name=policy,proto3" json:"policy,omitempty"`
	// contains filtered or unexported fields
}

Request message for [BinauthzManagementService.UpdatePolicy][].

func (*UpdatePolicyRequest) Descriptor deprecated 

func (*UpdatePolicyRequest) Descriptor() ([]byte, []int)

Deprecated: Use UpdatePolicyRequest.ProtoReflect.Descriptor instead.

func (*UpdatePolicyRequest) GetPolicy 

func (x *UpdatePolicyRequest) GetPolicy() *Policy

func (*UpdatePolicyRequest) ProtoMessage 

func (*UpdatePolicyRequest) ProtoMessage()

func (*UpdatePolicyRequest) ProtoReflect 

func (x *UpdatePolicyRequest) ProtoReflect() protoreflect.Message

func (*UpdatePolicyRequest) Reset 

func (x *UpdatePolicyRequest) Reset()

func (*UpdatePolicyRequest) String 

func (x *UpdatePolicyRequest) String() string

type UserOwnedGrafeasNote 

type UserOwnedGrafeasNote struct {

	// Required. The Grafeas resource name of a Attestation.Authority Note,
	// created by the user, in the format: `projects/*/notes/*`. This field may
	// not be updated.
	//
	// An attestation by this attestor is stored as a Grafeas
	// Attestation.Authority Occurrence that names a container image and that
	// links to this Note. Grafeas is an external dependency.
	NoteReference string `protobuf:"bytes,1,opt,name=note_reference,json=noteReference,proto3" json:"note_reference,omitempty"`
	// Optional. Public keys that verify attestations signed by this
	// attestor.  This field may be updated.
	//
	// If this field is non-empty, one of the specified public keys must
	// verify that an attestation was signed by this attestor for the
	// image specified in the admission request.
	//
	// If this field is empty, this attestor always returns that no
	// valid attestations exist.
	PublicKeys []*AttestorPublicKey `protobuf:"bytes,2,rep,name=public_keys,json=publicKeys,proto3" json:"public_keys,omitempty"`
	// Output only. This field will contain the service account email address
	// that this Attestor will use as the principal when querying Container
	// Analysis. Attestor administrators must grant this service account the
	// IAM role needed to read attestations from the [note_reference][Note] in
	// Container Analysis (`containeranalysis.notes.occurrences.viewer`).
	//
	// This email address is fixed for the lifetime of the Attestor, but callers
	// should not make any other assumptions about the service account email;
	// future versions may use an email based on a different naming pattern.
	DelegationServiceAccountEmail string `` /* 152-byte string literal not displayed */
	// contains filtered or unexported fields
}

An [user owned Grafeas note][google.cloud.binaryauthorization.v1.UserOwnedGrafeasNote] references a Grafeas Attestation.Authority Note created by the user.

func (*UserOwnedGrafeasNote) Descriptor deprecated 

func (*UserOwnedGrafeasNote) Descriptor() ([]byte, []int)

Deprecated: Use UserOwnedGrafeasNote.ProtoReflect.Descriptor instead.

func (*UserOwnedGrafeasNote) GetDelegationServiceAccountEmail 

func (x *UserOwnedGrafeasNote) GetDelegationServiceAccountEmail() string

func (*UserOwnedGrafeasNote) GetNoteReference 

func (x *UserOwnedGrafeasNote) GetNoteReference() string

func (*UserOwnedGrafeasNote) GetPublicKeys 

func (x *UserOwnedGrafeasNote) GetPublicKeys() []*AttestorPublicKey

func (*UserOwnedGrafeasNote) ProtoMessage 

func (*UserOwnedGrafeasNote) ProtoMessage()

func (*UserOwnedGrafeasNote) ProtoReflect 

func (x *UserOwnedGrafeasNote) ProtoReflect() protoreflect.Message

func (*UserOwnedGrafeasNote) Reset 

func (x *UserOwnedGrafeasNote) Reset()

func (*UserOwnedGrafeasNote) String 

func (x *UserOwnedGrafeasNote) String() string

type ValidateAttestationOccurrenceRequest 

type ValidateAttestationOccurrenceRequest struct {

	// Required. The resource name of the [Attestor][google.cloud.binaryauthorization.v1.Attestor] of the
	// [occurrence][grafeas.v1.Occurrence], in the format
	// `projects/*/attestors/*`.
	Attestor string `protobuf:"bytes,1,opt,name=attestor,proto3" json:"attestor,omitempty"`
	// Required. An [AttestationOccurrence][grafeas.v1.AttestationOccurrence] to
	// be checked that it can be verified by the Attestor. It does not have to be
	// an existing entity in Container Analysis. It must otherwise be a valid
	// AttestationOccurrence.
	Attestation *v1.AttestationOccurrence `protobuf:"bytes,2,opt,name=attestation,proto3" json:"attestation,omitempty"`
	// Required. The resource name of the [Note][grafeas.v1.Note] to which the
	// containing [Occurrence][grafeas.v1.Occurrence] is associated.
	OccurrenceNote string `protobuf:"bytes,3,opt,name=occurrence_note,json=occurrenceNote,proto3" json:"occurrence_note,omitempty"`
	// Required. The URI of the artifact (e.g. container image) that is the
	// subject of the containing [Occurrence][grafeas.v1.Occurrence].
	OccurrenceResourceUri string `` /* 126-byte string literal not displayed */
	// contains filtered or unexported fields
}

Request message for [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].

func (*ValidateAttestationOccurrenceRequest) Descriptor deprecated 

func (*ValidateAttestationOccurrenceRequest) Descriptor() ([]byte, []int)

Deprecated: Use ValidateAttestationOccurrenceRequest.ProtoReflect.Descriptor instead.

func (*ValidateAttestationOccurrenceRequest) GetAttestation 

func (x *ValidateAttestationOccurrenceRequest) GetAttestation() *v1.AttestationOccurrence

func (*ValidateAttestationOccurrenceRequest) GetAttestor 

func (x *ValidateAttestationOccurrenceRequest) GetAttestor() string

func (*ValidateAttestationOccurrenceRequest) GetOccurrenceNote 

func (x *ValidateAttestationOccurrenceRequest) GetOccurrenceNote() string

func (*ValidateAttestationOccurrenceRequest) GetOccurrenceResourceUri 

func (x *ValidateAttestationOccurrenceRequest) GetOccurrenceResourceUri() string

func (*ValidateAttestationOccurrenceRequest) ProtoMessage 

func (*ValidateAttestationOccurrenceRequest) ProtoMessage()

func (*ValidateAttestationOccurrenceRequest) ProtoReflect 

func (x *ValidateAttestationOccurrenceRequest) ProtoReflect() protoreflect.Message

func (*ValidateAttestationOccurrenceRequest) Reset 

func (x *ValidateAttestationOccurrenceRequest) Reset()

func (*ValidateAttestationOccurrenceRequest) String 

func (x *ValidateAttestationOccurrenceRequest) String() string

type ValidateAttestationOccurrenceResponse 

type ValidateAttestationOccurrenceResponse struct {

	// The result of the Attestation validation.
	Result ValidateAttestationOccurrenceResponse_Result `` /* 152-byte string literal not displayed */
	// The reason for denial if the Attestation couldn't be validated.
	DenialReason string `protobuf:"bytes,2,opt,name=denial_reason,json=denialReason,proto3" json:"denial_reason,omitempty"`
	// contains filtered or unexported fields
}

Response message for [ValidationHelperV1.ValidateAttestationOccurrence][google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence].

func (*ValidateAttestationOccurrenceResponse) Descriptor deprecated 

func (*ValidateAttestationOccurrenceResponse) Descriptor() ([]byte, []int)

Deprecated: Use ValidateAttestationOccurrenceResponse.ProtoReflect.Descriptor instead.

func (*ValidateAttestationOccurrenceResponse) GetDenialReason 

func (x *ValidateAttestationOccurrenceResponse) GetDenialReason() string

func (*ValidateAttestationOccurrenceResponse) GetResult 

func (x *ValidateAttestationOccurrenceResponse) GetResult() ValidateAttestationOccurrenceResponse_Result

func (*ValidateAttestationOccurrenceResponse) ProtoMessage 

func (*ValidateAttestationOccurrenceResponse) ProtoMessage()

func (*ValidateAttestationOccurrenceResponse) ProtoReflect 

func (x *ValidateAttestationOccurrenceResponse) ProtoReflect() protoreflect.Message

func (*ValidateAttestationOccurrenceResponse) Reset 

func (x *ValidateAttestationOccurrenceResponse) Reset()

func (*ValidateAttestationOccurrenceResponse) String 

func (x *ValidateAttestationOccurrenceResponse) String() string

type ValidateAttestationOccurrenceResponse_Result 

type ValidateAttestationOccurrenceResponse_Result int32

The enum returned in the "result" field. 

const (
	// Unspecified.
	ValidateAttestationOccurrenceResponse_RESULT_UNSPECIFIED ValidateAttestationOccurrenceResponse_Result = 0
	// The Attestation was able to verified by the Attestor.
	ValidateAttestationOccurrenceResponse_VERIFIED ValidateAttestationOccurrenceResponse_Result = 1
	// The Attestation was not able to verified by the Attestor.
	ValidateAttestationOccurrenceResponse_ATTESTATION_NOT_VERIFIABLE ValidateAttestationOccurrenceResponse_Result = 2
)

func (ValidateAttestationOccurrenceResponse_Result) Descriptor 

func (ValidateAttestationOccurrenceResponse_Result) Descriptor() protoreflect.EnumDescriptor

func (ValidateAttestationOccurrenceResponse_Result) Enum 

func (x ValidateAttestationOccurrenceResponse_Result) Enum() *ValidateAttestationOccurrenceResponse_Result

func (ValidateAttestationOccurrenceResponse_Result) EnumDescriptor deprecated 

func (ValidateAttestationOccurrenceResponse_Result) EnumDescriptor() ([]byte, []int)

Deprecated: Use ValidateAttestationOccurrenceResponse_Result.Descriptor instead.

func (ValidateAttestationOccurrenceResponse_Result) Number 

func (x ValidateAttestationOccurrenceResponse_Result) Number() protoreflect.EnumNumber

func (ValidateAttestationOccurrenceResponse_Result) String 

func (x ValidateAttestationOccurrenceResponse_Result) String() string

func (ValidateAttestationOccurrenceResponse_Result) Type 

func (ValidateAttestationOccurrenceResponse_Result) Type() protoreflect.EnumType

type ValidationHelperV1Client 

type ValidationHelperV1Client interface {
	// Returns whether the given Attestation for the given image URI
	// was signed by the given Attestor
	ValidateAttestationOccurrence(ctx context.Context, in *ValidateAttestationOccurrenceRequest, opts ...grpc.CallOption) (*ValidateAttestationOccurrenceResponse, error)
}

ValidationHelperV1Client is the client API for ValidationHelperV1 service.

For semantics around ctx use and closing/ending streaming RPCs, please refer to https://godoc.org/google.golang.org/grpc#ClientConn.NewStream.

func NewValidationHelperV1Client 

func NewValidationHelperV1Client(cc grpc.ClientConnInterface) ValidationHelperV1Client

type ValidationHelperV1Server 

type ValidationHelperV1Server interface {
	// Returns whether the given Attestation for the given image URI
	// was signed by the given Attestor
	ValidateAttestationOccurrence(context.Context, *ValidateAttestationOccurrenceRequest) (*ValidateAttestationOccurrenceResponse, error)
}

ValidationHelperV1Server is the server API for ValidationHelperV1 service.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.