Documentation ¶
Overview ¶
Package v1beta1 contains API Schema definitions for the binaryauthorization v1beta1 API group. +k8s:openapi-gen=true +k8s:deepcopy-gen=package,register +k8s:conversion-gen=github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/pkg/apis/binaryauthorization +k8s:defaulter-gen=TypeMeta +groupName=binaryauthorization.cnrm.cloud.google.com
Index ¶
- Variables
- type AttestorPkixPublicKey
- type AttestorPublicKeys
- type AttestorUserOwnedDrydockNote
- type AttestorUserOwnedDrydockNoteStatus
- type BinaryAuthorizationAttestor
- type BinaryAuthorizationAttestorList
- type BinaryAuthorizationAttestorSpec
- type BinaryAuthorizationAttestorStatus
- type BinaryAuthorizationPolicy
- type BinaryAuthorizationPolicyList
- type BinaryAuthorizationPolicySpec
- type BinaryAuthorizationPolicyStatus
- type PolicyAdmissionWhitelistPatterns
- type PolicyClusterAdmissionRules
- type PolicyDefaultAdmissionRule
- type PolicyIstioServiceIdentityAdmissionRules
- type PolicyKubernetesNamespaceAdmissionRules
- type PolicyKubernetesServiceAccountAdmissionRules
Constants ¶
This section is empty.
Variables ¶
var ( // SchemeGroupVersion is the group version used to register these objects. SchemeGroupVersion = schema.GroupVersion{Group: "binaryauthorization.cnrm.cloud.google.com", Version: "v1beta1"} // SchemeBuilder is used to add go types to the GroupVersionKind scheme. SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion} // AddToScheme is a global function that registers this API group & version to a scheme AddToScheme = SchemeBuilder.AddToScheme BinaryAuthorizationAttestorGVK = schema.GroupVersionKind{ Group: SchemeGroupVersion.Group, Version: SchemeGroupVersion.Version, Kind: reflect.TypeOf(BinaryAuthorizationAttestor{}).Name(), } BinaryAuthorizationPolicyGVK = schema.GroupVersionKind{ Group: SchemeGroupVersion.Group, Version: SchemeGroupVersion.Version, Kind: reflect.TypeOf(BinaryAuthorizationPolicy{}).Name(), } )
Functions ¶
This section is empty.
Types ¶
type AttestorPkixPublicKey ¶
type AttestorPkixPublicKey struct { /* A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13 */ // +optional PublicKeyPem *string `json:"publicKeyPem,omitempty"` /* The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key). Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512 */ // +optional SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty"` }
func (*AttestorPkixPublicKey) DeepCopy ¶
func (in *AttestorPkixPublicKey) DeepCopy() *AttestorPkixPublicKey
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorPkixPublicKey.
func (*AttestorPkixPublicKey) DeepCopyInto ¶
func (in *AttestorPkixPublicKey) DeepCopyInto(out *AttestorPkixPublicKey)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AttestorPublicKeys ¶
type AttestorPublicKeys struct { /* ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID. */ // +optional AsciiArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty"` /* Optional. A descriptive comment. This field may be updated. */ // +optional Comment *string `json:"comment,omitempty"` /* The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details. */ // +optional Id *string `json:"id,omitempty"` /* A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key. */ // +optional PkixPublicKey *AttestorPkixPublicKey `json:"pkixPublicKey,omitempty"` }
func (*AttestorPublicKeys) DeepCopy ¶
func (in *AttestorPublicKeys) DeepCopy() *AttestorPublicKeys
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorPublicKeys.
func (*AttestorPublicKeys) DeepCopyInto ¶
func (in *AttestorPublicKeys) DeepCopyInto(out *AttestorPublicKeys)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AttestorUserOwnedDrydockNote ¶
type AttestorUserOwnedDrydockNote struct { /* Immutable. */ NoteRef v1alpha1.ResourceRef `json:"noteRef"` /* Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist. */ // +optional PublicKeys []AttestorPublicKeys `json:"publicKeys,omitempty"` }
func (*AttestorUserOwnedDrydockNote) DeepCopy ¶
func (in *AttestorUserOwnedDrydockNote) DeepCopy() *AttestorUserOwnedDrydockNote
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorUserOwnedDrydockNote.
func (*AttestorUserOwnedDrydockNote) DeepCopyInto ¶
func (in *AttestorUserOwnedDrydockNote) DeepCopyInto(out *AttestorUserOwnedDrydockNote)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type AttestorUserOwnedDrydockNoteStatus ¶
type AttestorUserOwnedDrydockNoteStatus struct { /* Output only. This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern. */ // +optional DelegationServiceAccountEmail *string `json:"delegationServiceAccountEmail,omitempty"` }
func (*AttestorUserOwnedDrydockNoteStatus) DeepCopy ¶
func (in *AttestorUserOwnedDrydockNoteStatus) DeepCopy() *AttestorUserOwnedDrydockNoteStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorUserOwnedDrydockNoteStatus.
func (*AttestorUserOwnedDrydockNoteStatus) DeepCopyInto ¶
func (in *AttestorUserOwnedDrydockNoteStatus) DeepCopyInto(out *AttestorUserOwnedDrydockNoteStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BinaryAuthorizationAttestor ¶
type BinaryAuthorizationAttestor struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec BinaryAuthorizationAttestorSpec `json:"spec,omitempty"` Status BinaryAuthorizationAttestorStatus `json:"status,omitempty"` }
BinaryAuthorizationAttestor is the Schema for the binaryauthorization API +k8s:openapi-gen=true
func (*BinaryAuthorizationAttestor) DeepCopy ¶
func (in *BinaryAuthorizationAttestor) DeepCopy() *BinaryAuthorizationAttestor
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationAttestor.
func (*BinaryAuthorizationAttestor) DeepCopyInto ¶
func (in *BinaryAuthorizationAttestor) DeepCopyInto(out *BinaryAuthorizationAttestor)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BinaryAuthorizationAttestor) DeepCopyObject ¶
func (in *BinaryAuthorizationAttestor) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BinaryAuthorizationAttestorList ¶
type BinaryAuthorizationAttestorList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []BinaryAuthorizationAttestor `json:"items"` }
BinaryAuthorizationAttestorList contains a list of BinaryAuthorizationAttestor
func (*BinaryAuthorizationAttestorList) DeepCopy ¶
func (in *BinaryAuthorizationAttestorList) DeepCopy() *BinaryAuthorizationAttestorList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationAttestorList.
func (*BinaryAuthorizationAttestorList) DeepCopyInto ¶
func (in *BinaryAuthorizationAttestorList) DeepCopyInto(out *BinaryAuthorizationAttestorList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BinaryAuthorizationAttestorList) DeepCopyObject ¶
func (in *BinaryAuthorizationAttestorList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BinaryAuthorizationAttestorSpec ¶
type BinaryAuthorizationAttestorSpec struct { /* Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs. */ // +optional Description *string `json:"description,omitempty"` /* Immutable. The Project that this resource belongs to. */ ProjectRef v1alpha1.ResourceRef `json:"projectRef"` /* Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. */ // +optional ResourceID *string `json:"resourceID,omitempty"` /* This specifies how an attestation will be read, and how it will be used during policy enforcement. */ // +optional UserOwnedDrydockNote *AttestorUserOwnedDrydockNote `json:"userOwnedDrydockNote,omitempty"` }
func (*BinaryAuthorizationAttestorSpec) DeepCopy ¶
func (in *BinaryAuthorizationAttestorSpec) DeepCopy() *BinaryAuthorizationAttestorSpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationAttestorSpec.
func (*BinaryAuthorizationAttestorSpec) DeepCopyInto ¶
func (in *BinaryAuthorizationAttestorSpec) DeepCopyInto(out *BinaryAuthorizationAttestorSpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BinaryAuthorizationAttestorStatus ¶
type BinaryAuthorizationAttestorStatus struct { /* Conditions represent the latest available observations of the BinaryAuthorizationAttestor's current state. */ Conditions []v1alpha1.Condition `json:"conditions,omitempty"` /* ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. */ // +optional ObservedGeneration *int64 `json:"observedGeneration,omitempty"` /* Output only. Time when the attestor was last updated. */ // +optional UpdateTime *string `json:"updateTime,omitempty"` // +optional UserOwnedDrydockNote *AttestorUserOwnedDrydockNoteStatus `json:"userOwnedDrydockNote,omitempty"` }
func (*BinaryAuthorizationAttestorStatus) DeepCopy ¶
func (in *BinaryAuthorizationAttestorStatus) DeepCopy() *BinaryAuthorizationAttestorStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationAttestorStatus.
func (*BinaryAuthorizationAttestorStatus) DeepCopyInto ¶
func (in *BinaryAuthorizationAttestorStatus) DeepCopyInto(out *BinaryAuthorizationAttestorStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BinaryAuthorizationPolicy ¶
type BinaryAuthorizationPolicy struct { metav1.TypeMeta `json:",inline"` metav1.ObjectMeta `json:"metadata,omitempty"` Spec BinaryAuthorizationPolicySpec `json:"spec,omitempty"` Status BinaryAuthorizationPolicyStatus `json:"status,omitempty"` }
BinaryAuthorizationPolicy is the Schema for the binaryauthorization API +k8s:openapi-gen=true
func (*BinaryAuthorizationPolicy) DeepCopy ¶
func (in *BinaryAuthorizationPolicy) DeepCopy() *BinaryAuthorizationPolicy
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationPolicy.
func (*BinaryAuthorizationPolicy) DeepCopyInto ¶
func (in *BinaryAuthorizationPolicy) DeepCopyInto(out *BinaryAuthorizationPolicy)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BinaryAuthorizationPolicy) DeepCopyObject ¶
func (in *BinaryAuthorizationPolicy) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BinaryAuthorizationPolicyList ¶
type BinaryAuthorizationPolicyList struct { metav1.TypeMeta `json:",inline"` metav1.ListMeta `json:"metadata,omitempty"` Items []BinaryAuthorizationPolicy `json:"items"` }
BinaryAuthorizationPolicyList contains a list of BinaryAuthorizationPolicy
func (*BinaryAuthorizationPolicyList) DeepCopy ¶
func (in *BinaryAuthorizationPolicyList) DeepCopy() *BinaryAuthorizationPolicyList
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationPolicyList.
func (*BinaryAuthorizationPolicyList) DeepCopyInto ¶
func (in *BinaryAuthorizationPolicyList) DeepCopyInto(out *BinaryAuthorizationPolicyList)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
func (*BinaryAuthorizationPolicyList) DeepCopyObject ¶
func (in *BinaryAuthorizationPolicyList) DeepCopyObject() runtime.Object
DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.
type BinaryAuthorizationPolicySpec ¶
type BinaryAuthorizationPolicySpec struct { /* Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies. */ // +optional AdmissionWhitelistPatterns []PolicyAdmissionWhitelistPatterns `json:"admissionWhitelistPatterns,omitempty"` /* Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters. */ // +optional ClusterAdmissionRules map[string]PolicyClusterAdmissionRules `json:"clusterAdmissionRules,omitempty"` /* Required. Default admission rule for a cluster without a per-cluster, per-kubernetes-service-account, or per-istio-service-identity admission rule. */ DefaultAdmissionRule PolicyDefaultAdmissionRule `json:"defaultAdmissionRule"` /* Optional. A descriptive comment. */ // +optional Description *string `json:"description,omitempty"` /* Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, ENABLE, DISABLE */ // +optional GlobalPolicyEvaluationMode *string `json:"globalPolicyEvaluationMode,omitempty"` /* Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. spiffe://example.com/ns/test-ns/sa/default */ // +optional IstioServiceIdentityAdmissionRules map[string]PolicyIstioServiceIdentityAdmissionRules `json:"istioServiceIdentityAdmissionRules,omitempty"` /* Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace' */ // +optional KubernetesNamespaceAdmissionRules map[string]PolicyKubernetesNamespaceAdmissionRules `json:"kubernetesNamespaceAdmissionRules,omitempty"` /* Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. 'test-ns:default' */ // +optional KubernetesServiceAccountAdmissionRules map[string]PolicyKubernetesServiceAccountAdmissionRules `json:"kubernetesServiceAccountAdmissionRules,omitempty"` /* Immutable. The Project that this resource belongs to. */ ProjectRef v1alpha1.ResourceRef `json:"projectRef"` }
func (*BinaryAuthorizationPolicySpec) DeepCopy ¶
func (in *BinaryAuthorizationPolicySpec) DeepCopy() *BinaryAuthorizationPolicySpec
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationPolicySpec.
func (*BinaryAuthorizationPolicySpec) DeepCopyInto ¶
func (in *BinaryAuthorizationPolicySpec) DeepCopyInto(out *BinaryAuthorizationPolicySpec)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type BinaryAuthorizationPolicyStatus ¶
type BinaryAuthorizationPolicyStatus struct { /* Conditions represent the latest available observations of the BinaryAuthorizationPolicy's current state. */ Conditions []v1alpha1.Condition `json:"conditions,omitempty"` /* ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. */ // +optional ObservedGeneration *int64 `json:"observedGeneration,omitempty"` /* Output only. The resource name, in the format `projects/* /policy`. There is at most one policy per project. */ // +optional SelfLink *string `json:"selfLink,omitempty"` /* Output only. Time when the policy was last updated. */ // +optional UpdateTime *string `json:"updateTime,omitempty"` }
func (*BinaryAuthorizationPolicyStatus) DeepCopy ¶
func (in *BinaryAuthorizationPolicyStatus) DeepCopy() *BinaryAuthorizationPolicyStatus
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationPolicyStatus.
func (*BinaryAuthorizationPolicyStatus) DeepCopyInto ¶
func (in *BinaryAuthorizationPolicyStatus) DeepCopyInto(out *BinaryAuthorizationPolicyStatus)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyAdmissionWhitelistPatterns ¶
type PolicyAdmissionWhitelistPatterns struct { /* An image name pattern to allowlist, in the form `registry/path/to/image`. This supports a trailing `*` as a wildcard, but this is allowed only in text after the `registry/` part. */ // +optional NamePattern *string `json:"namePattern,omitempty"` }
func (*PolicyAdmissionWhitelistPatterns) DeepCopy ¶
func (in *PolicyAdmissionWhitelistPatterns) DeepCopy() *PolicyAdmissionWhitelistPatterns
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyAdmissionWhitelistPatterns.
func (*PolicyAdmissionWhitelistPatterns) DeepCopyInto ¶
func (in *PolicyAdmissionWhitelistPatterns) DeepCopyInto(out *PolicyAdmissionWhitelistPatterns)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyClusterAdmissionRules ¶
type PolicyClusterAdmissionRules struct { /* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */ EnforcementMode string `json:"enforcementMode"` /* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */ EvaluationMode string `json:"evaluationMode"` // +optional RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"` }
func (*PolicyClusterAdmissionRules) DeepCopy ¶
func (in *PolicyClusterAdmissionRules) DeepCopy() *PolicyClusterAdmissionRules
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyClusterAdmissionRules.
func (*PolicyClusterAdmissionRules) DeepCopyInto ¶
func (in *PolicyClusterAdmissionRules) DeepCopyInto(out *PolicyClusterAdmissionRules)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyDefaultAdmissionRule ¶
type PolicyDefaultAdmissionRule struct { /* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */ EnforcementMode string `json:"enforcementMode"` /* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */ EvaluationMode string `json:"evaluationMode"` // +optional RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"` }
func (*PolicyDefaultAdmissionRule) DeepCopy ¶
func (in *PolicyDefaultAdmissionRule) DeepCopy() *PolicyDefaultAdmissionRule
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyDefaultAdmissionRule.
func (*PolicyDefaultAdmissionRule) DeepCopyInto ¶
func (in *PolicyDefaultAdmissionRule) DeepCopyInto(out *PolicyDefaultAdmissionRule)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyIstioServiceIdentityAdmissionRules ¶
type PolicyIstioServiceIdentityAdmissionRules struct { /* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */ EnforcementMode string `json:"enforcementMode"` /* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */ EvaluationMode string `json:"evaluationMode"` // +optional RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"` }
func (*PolicyIstioServiceIdentityAdmissionRules) DeepCopy ¶
func (in *PolicyIstioServiceIdentityAdmissionRules) DeepCopy() *PolicyIstioServiceIdentityAdmissionRules
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyIstioServiceIdentityAdmissionRules.
func (*PolicyIstioServiceIdentityAdmissionRules) DeepCopyInto ¶
func (in *PolicyIstioServiceIdentityAdmissionRules) DeepCopyInto(out *PolicyIstioServiceIdentityAdmissionRules)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyKubernetesNamespaceAdmissionRules ¶
type PolicyKubernetesNamespaceAdmissionRules struct { /* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */ EnforcementMode string `json:"enforcementMode"` /* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */ EvaluationMode string `json:"evaluationMode"` // +optional RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"` }
func (*PolicyKubernetesNamespaceAdmissionRules) DeepCopy ¶
func (in *PolicyKubernetesNamespaceAdmissionRules) DeepCopy() *PolicyKubernetesNamespaceAdmissionRules
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyKubernetesNamespaceAdmissionRules.
func (*PolicyKubernetesNamespaceAdmissionRules) DeepCopyInto ¶
func (in *PolicyKubernetesNamespaceAdmissionRules) DeepCopyInto(out *PolicyKubernetesNamespaceAdmissionRules)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.
type PolicyKubernetesServiceAccountAdmissionRules ¶
type PolicyKubernetesServiceAccountAdmissionRules struct { /* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */ EnforcementMode string `json:"enforcementMode"` /* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */ EvaluationMode string `json:"evaluationMode"` // +optional RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"` }
func (*PolicyKubernetesServiceAccountAdmissionRules) DeepCopy ¶
func (in *PolicyKubernetesServiceAccountAdmissionRules) DeepCopy() *PolicyKubernetesServiceAccountAdmissionRules
DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyKubernetesServiceAccountAdmissionRules.
func (*PolicyKubernetesServiceAccountAdmissionRules) DeepCopyInto ¶
func (in *PolicyKubernetesServiceAccountAdmissionRules) DeepCopyInto(out *PolicyKubernetesServiceAccountAdmissionRules)
DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.