v1beta1

package
v1.120.1 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jul 3, 2024 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Generate deepcopy object for binaryauthorization/v1beta1 API group

Package v1beta1 contains API Schema definitions for the binaryauthorization v1beta1 API group. +k8s:openapi-gen=true +k8s:deepcopy-gen=package,register +k8s:conversion-gen=github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/pkg/apis/binaryauthorization +k8s:defaulter-gen=TypeMeta +groupName=binaryauthorization.cnrm.cloud.google.com

Index

Constants

This section is empty.

Variables

View Source
var (
	// SchemeGroupVersion is the group version used to register these objects.
	SchemeGroupVersion = schema.GroupVersion{Group: "binaryauthorization.cnrm.cloud.google.com", Version: "v1beta1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}

	// AddToScheme is a global function that registers this API group & version to a scheme
	AddToScheme = SchemeBuilder.AddToScheme

	BinaryAuthorizationAttestorGVK = schema.GroupVersionKind{
		Group:   SchemeGroupVersion.Group,
		Version: SchemeGroupVersion.Version,
		Kind:    reflect.TypeOf(BinaryAuthorizationAttestor{}).Name(),
	}

	BinaryAuthorizationPolicyGVK = schema.GroupVersionKind{
		Group:   SchemeGroupVersion.Group,
		Version: SchemeGroupVersion.Version,
		Kind:    reflect.TypeOf(BinaryAuthorizationPolicy{}).Name(),
	}
)

Functions

This section is empty.

Types

type AttestorPkixPublicKey

type AttestorPkixPublicKey struct {
	/* A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13 */
	// +optional
	PublicKeyPem *string `json:"publicKeyPem,omitempty"`

	/* The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key). Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512 */
	// +optional
	SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty"`
}

func (*AttestorPkixPublicKey) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorPkixPublicKey.

func (*AttestorPkixPublicKey) DeepCopyInto

func (in *AttestorPkixPublicKey) DeepCopyInto(out *AttestorPkixPublicKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttestorPublicKeys

type AttestorPublicKeys struct {
	/* ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID. */
	// +optional
	AsciiArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty"`

	/* Optional. A descriptive comment. This field may be updated. */
	// +optional
	Comment *string `json:"comment,omitempty"`

	/* The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details. */
	// +optional
	Id *string `json:"id,omitempty"`

	/* A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key. */
	// +optional
	PkixPublicKey *AttestorPkixPublicKey `json:"pkixPublicKey,omitempty"`
}

func (*AttestorPublicKeys) DeepCopy

func (in *AttestorPublicKeys) DeepCopy() *AttestorPublicKeys

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorPublicKeys.

func (*AttestorPublicKeys) DeepCopyInto

func (in *AttestorPublicKeys) DeepCopyInto(out *AttestorPublicKeys)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttestorUserOwnedDrydockNote

type AttestorUserOwnedDrydockNote struct {
	/* Immutable. */
	NoteRef v1alpha1.ResourceRef `json:"noteRef"`

	/* Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist. */
	// +optional
	PublicKeys []AttestorPublicKeys `json:"publicKeys,omitempty"`
}

func (*AttestorUserOwnedDrydockNote) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorUserOwnedDrydockNote.

func (*AttestorUserOwnedDrydockNote) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttestorUserOwnedDrydockNoteStatus

type AttestorUserOwnedDrydockNoteStatus struct {
	/* Output only. This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern. */
	// +optional
	DelegationServiceAccountEmail *string `json:"delegationServiceAccountEmail,omitempty"`
}

func (*AttestorUserOwnedDrydockNoteStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorUserOwnedDrydockNoteStatus.

func (*AttestorUserOwnedDrydockNoteStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BinaryAuthorizationAttestor

type BinaryAuthorizationAttestor struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   BinaryAuthorizationAttestorSpec   `json:"spec,omitempty"`
	Status BinaryAuthorizationAttestorStatus `json:"status,omitempty"`
}

BinaryAuthorizationAttestor is the Schema for the binaryauthorization API +k8s:openapi-gen=true

func (*BinaryAuthorizationAttestor) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationAttestor.

func (*BinaryAuthorizationAttestor) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BinaryAuthorizationAttestor) DeepCopyObject

func (in *BinaryAuthorizationAttestor) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BinaryAuthorizationAttestorList

type BinaryAuthorizationAttestorList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []BinaryAuthorizationAttestor `json:"items"`
}

BinaryAuthorizationAttestorList contains a list of BinaryAuthorizationAttestor

func (*BinaryAuthorizationAttestorList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationAttestorList.

func (*BinaryAuthorizationAttestorList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BinaryAuthorizationAttestorList) DeepCopyObject

func (in *BinaryAuthorizationAttestorList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BinaryAuthorizationAttestorSpec

type BinaryAuthorizationAttestorSpec struct {
	/* Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs. */
	// +optional
	Description *string `json:"description,omitempty"`

	/* Immutable. The Project that this resource belongs to. */
	ProjectRef v1alpha1.ResourceRef `json:"projectRef"`

	/* Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. */
	// +optional
	ResourceID *string `json:"resourceID,omitempty"`

	/* This specifies how an attestation will be read, and how it will be used during policy enforcement. */
	// +optional
	UserOwnedDrydockNote *AttestorUserOwnedDrydockNote `json:"userOwnedDrydockNote,omitempty"`
}

func (*BinaryAuthorizationAttestorSpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationAttestorSpec.

func (*BinaryAuthorizationAttestorSpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BinaryAuthorizationAttestorStatus

type BinaryAuthorizationAttestorStatus struct {
	/* Conditions represent the latest available observations of the
	   BinaryAuthorizationAttestor's current state. */
	Conditions []v1alpha1.Condition `json:"conditions,omitempty"`
	/* ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. */
	// +optional
	ObservedGeneration *int64 `json:"observedGeneration,omitempty"`

	/* Output only. Time when the attestor was last updated. */
	// +optional
	UpdateTime *string `json:"updateTime,omitempty"`

	// +optional
	UserOwnedDrydockNote *AttestorUserOwnedDrydockNoteStatus `json:"userOwnedDrydockNote,omitempty"`
}

func (*BinaryAuthorizationAttestorStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationAttestorStatus.

func (*BinaryAuthorizationAttestorStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BinaryAuthorizationPolicy

type BinaryAuthorizationPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   BinaryAuthorizationPolicySpec   `json:"spec,omitempty"`
	Status BinaryAuthorizationPolicyStatus `json:"status,omitempty"`
}

BinaryAuthorizationPolicy is the Schema for the binaryauthorization API +k8s:openapi-gen=true

func (*BinaryAuthorizationPolicy) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationPolicy.

func (*BinaryAuthorizationPolicy) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BinaryAuthorizationPolicy) DeepCopyObject

func (in *BinaryAuthorizationPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BinaryAuthorizationPolicyList

type BinaryAuthorizationPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []BinaryAuthorizationPolicy `json:"items"`
}

BinaryAuthorizationPolicyList contains a list of BinaryAuthorizationPolicy

func (*BinaryAuthorizationPolicyList) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationPolicyList.

func (*BinaryAuthorizationPolicyList) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BinaryAuthorizationPolicyList) DeepCopyObject

func (in *BinaryAuthorizationPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BinaryAuthorizationPolicySpec

type BinaryAuthorizationPolicySpec struct {
	/* Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies. */
	// +optional
	AdmissionWhitelistPatterns []PolicyAdmissionWhitelistPatterns `json:"admissionWhitelistPatterns,omitempty"`

	/* Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters. */
	// +optional
	ClusterAdmissionRules map[string]PolicyClusterAdmissionRules `json:"clusterAdmissionRules,omitempty"`

	/* Required. Default admission rule for a cluster without a per-cluster, per-kubernetes-service-account, or per-istio-service-identity admission rule. */
	DefaultAdmissionRule PolicyDefaultAdmissionRule `json:"defaultAdmissionRule"`

	/* Optional. A descriptive comment. */
	// +optional
	Description *string `json:"description,omitempty"`

	/* Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, ENABLE, DISABLE */
	// +optional
	GlobalPolicyEvaluationMode *string `json:"globalPolicyEvaluationMode,omitempty"`

	/* Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. spiffe://example.com/ns/test-ns/sa/default */
	// +optional
	IstioServiceIdentityAdmissionRules map[string]PolicyIstioServiceIdentityAdmissionRules `json:"istioServiceIdentityAdmissionRules,omitempty"`

	/* Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace' */
	// +optional
	KubernetesNamespaceAdmissionRules map[string]PolicyKubernetesNamespaceAdmissionRules `json:"kubernetesNamespaceAdmissionRules,omitempty"`

	/* Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. 'test-ns:default' */
	// +optional
	KubernetesServiceAccountAdmissionRules map[string]PolicyKubernetesServiceAccountAdmissionRules `json:"kubernetesServiceAccountAdmissionRules,omitempty"`

	/* Immutable. The Project that this resource belongs to. */
	ProjectRef v1alpha1.ResourceRef `json:"projectRef"`
}

func (*BinaryAuthorizationPolicySpec) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationPolicySpec.

func (*BinaryAuthorizationPolicySpec) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BinaryAuthorizationPolicyStatus

type BinaryAuthorizationPolicyStatus struct {
	/* Conditions represent the latest available observations of the
	   BinaryAuthorizationPolicy's current state. */
	Conditions []v1alpha1.Condition `json:"conditions,omitempty"`
	/* ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. */
	// +optional
	ObservedGeneration *int64 `json:"observedGeneration,omitempty"`

	/* Output only. The resource name, in the format `projects/* /policy`. There is at most one policy per project. */
	// +optional
	SelfLink *string `json:"selfLink,omitempty"`

	/* Output only. Time when the policy was last updated. */
	// +optional
	UpdateTime *string `json:"updateTime,omitempty"`
}

func (*BinaryAuthorizationPolicyStatus) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationPolicyStatus.

func (*BinaryAuthorizationPolicyStatus) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyAdmissionWhitelistPatterns

type PolicyAdmissionWhitelistPatterns struct {
	/* An image name pattern to allowlist, in the form `registry/path/to/image`. This supports a trailing `*` as a wildcard, but this is allowed only in text after the `registry/` part. */
	// +optional
	NamePattern *string `json:"namePattern,omitempty"`
}

func (*PolicyAdmissionWhitelistPatterns) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyAdmissionWhitelistPatterns.

func (*PolicyAdmissionWhitelistPatterns) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyClusterAdmissionRules

type PolicyClusterAdmissionRules struct {
	/* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */
	EnforcementMode string `json:"enforcementMode"`

	/* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */
	EvaluationMode string `json:"evaluationMode"`

	// +optional
	RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"`
}

func (*PolicyClusterAdmissionRules) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyClusterAdmissionRules.

func (*PolicyClusterAdmissionRules) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyDefaultAdmissionRule

type PolicyDefaultAdmissionRule struct {
	/* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */
	EnforcementMode string `json:"enforcementMode"`

	/* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */
	EvaluationMode string `json:"evaluationMode"`

	// +optional
	RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"`
}

func (*PolicyDefaultAdmissionRule) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyDefaultAdmissionRule.

func (*PolicyDefaultAdmissionRule) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyIstioServiceIdentityAdmissionRules

type PolicyIstioServiceIdentityAdmissionRules struct {
	/* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */
	EnforcementMode string `json:"enforcementMode"`

	/* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */
	EvaluationMode string `json:"evaluationMode"`

	// +optional
	RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"`
}

func (*PolicyIstioServiceIdentityAdmissionRules) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyIstioServiceIdentityAdmissionRules.

func (*PolicyIstioServiceIdentityAdmissionRules) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyKubernetesNamespaceAdmissionRules

type PolicyKubernetesNamespaceAdmissionRules struct {
	/* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */
	EnforcementMode string `json:"enforcementMode"`

	/* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */
	EvaluationMode string `json:"evaluationMode"`

	// +optional
	RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"`
}

func (*PolicyKubernetesNamespaceAdmissionRules) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyKubernetesNamespaceAdmissionRules.

func (*PolicyKubernetesNamespaceAdmissionRules) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyKubernetesServiceAccountAdmissionRules

type PolicyKubernetesServiceAccountAdmissionRules struct {
	/* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */
	EnforcementMode string `json:"enforcementMode"`

	/* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */
	EvaluationMode string `json:"evaluationMode"`

	// +optional
	RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"`
}

func (*PolicyKubernetesServiceAccountAdmissionRules) DeepCopy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyKubernetesServiceAccountAdmissionRules.

func (*PolicyKubernetesServiceAccountAdmissionRules) DeepCopyInto

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL