v1beta1

package
v1.89.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jun 21, 2022 License: Apache-2.0 Imports: 6 Imported by: 0

Documentation

Overview

Generate deepcopy object for binaryauthorization/v1beta1 API group

Package v1beta1 contains API Schema definitions for the binaryauthorization v1beta1 API group. +k8s:openapi-gen=true +k8s:deepcopy-gen=package,register +k8s:conversion-gen=github.com/GoogleCloudPlatform/k8s-config-connector/pkg/clients/generated/pkg/apis/binaryauthorization +k8s:defaulter-gen=TypeMeta +groupName=binaryauthorization.cnrm.cloud.google.com

Index

Constants

This section is empty.

Variables

View Source 
var (
	// SchemeGroupVersion is the group version used to register these objects.
	SchemeGroupVersion = schema.GroupVersion{Group: "binaryauthorization.cnrm.cloud.google.com", Version: "v1beta1"}

	// SchemeBuilder is used to add go types to the GroupVersionKind scheme.
	SchemeBuilder = &scheme.Builder{GroupVersion: SchemeGroupVersion}

	// AddToScheme is a global function that registers this API group & version to a scheme
	AddToScheme = SchemeBuilder.AddToScheme

	BinaryAuthorizationAttestorGVK = schema.GroupVersionKind{
		Group:   SchemeGroupVersion.Group,
		Version: SchemeGroupVersion.Version,
		Kind:    reflect.TypeOf(BinaryAuthorizationAttestor{}).Name(),
	}

	BinaryAuthorizationPolicyGVK = schema.GroupVersionKind{
		Group:   SchemeGroupVersion.Group,
		Version: SchemeGroupVersion.Version,
		Kind:    reflect.TypeOf(BinaryAuthorizationPolicy{}).Name(),
	}
)

Functions

This section is empty.

Types

type AttestorPkixPublicKey 

type AttestorPkixPublicKey struct {
	/* A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13 */
	// +optional
	PublicKeyPem *string `json:"publicKeyPem,omitempty"`

	/* The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key). Possible values: SIGNATURE_ALGORITHM_UNSPECIFIED, RSA_PSS_2048_SHA256, RSA_PSS_3072_SHA256, RSA_PSS_4096_SHA256, RSA_PSS_4096_SHA512, RSA_SIGN_PKCS1_2048_SHA256, RSA_SIGN_PKCS1_3072_SHA256, RSA_SIGN_PKCS1_4096_SHA256, RSA_SIGN_PKCS1_4096_SHA512, ECDSA_P256_SHA256, EC_SIGN_P256_SHA256, ECDSA_P384_SHA384, EC_SIGN_P384_SHA384, ECDSA_P521_SHA512, EC_SIGN_P521_SHA512 */
	// +optional
	SignatureAlgorithm *string `json:"signatureAlgorithm,omitempty"`
}

func (*AttestorPkixPublicKey) DeepCopy 

func (in *AttestorPkixPublicKey) DeepCopy() *AttestorPkixPublicKey

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorPkixPublicKey.

func (*AttestorPkixPublicKey) DeepCopyInto 

func (in *AttestorPkixPublicKey) DeepCopyInto(out *AttestorPkixPublicKey)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttestorPublicKeys 

type AttestorPublicKeys struct {
	/* ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID. */
	// +optional
	AsciiArmoredPgpPublicKey *string `json:"asciiArmoredPgpPublicKey,omitempty"`

	/* Optional. A descriptive comment. This field may be updated. */
	// +optional
	Comment *string `json:"comment,omitempty"`

	/* The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details. */
	// +optional
	Id *string `json:"id,omitempty"`

	/* A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key. */
	// +optional
	PkixPublicKey *AttestorPkixPublicKey `json:"pkixPublicKey,omitempty"`
}

func (*AttestorPublicKeys) DeepCopy 

func (in *AttestorPublicKeys) DeepCopy() *AttestorPublicKeys

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorPublicKeys.

func (*AttestorPublicKeys) DeepCopyInto 

func (in *AttestorPublicKeys) DeepCopyInto(out *AttestorPublicKeys)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttestorUserOwnedDrydockNote 

type AttestorUserOwnedDrydockNote struct {
	/* Immutable. */
	NoteRef v1alpha1.ResourceRef `json:"noteRef"`

	/* Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist. */
	// +optional
	PublicKeys []AttestorPublicKeys `json:"publicKeys,omitempty"`
}

func (*AttestorUserOwnedDrydockNote) DeepCopy 

func (in *AttestorUserOwnedDrydockNote) DeepCopy() *AttestorUserOwnedDrydockNote

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorUserOwnedDrydockNote.

func (*AttestorUserOwnedDrydockNote) DeepCopyInto 

func (in *AttestorUserOwnedDrydockNote) DeepCopyInto(out *AttestorUserOwnedDrydockNote)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type AttestorUserOwnedDrydockNoteStatus 

type AttestorUserOwnedDrydockNoteStatus struct {
	/* Output only. This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the in Container Analysis (`containeranalysis.notes.occurrences.viewer`). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern. */
	DelegationServiceAccountEmail string `json:"delegationServiceAccountEmail,omitempty"`
}

func (*AttestorUserOwnedDrydockNoteStatus) DeepCopy 

func (in *AttestorUserOwnedDrydockNoteStatus) DeepCopy() *AttestorUserOwnedDrydockNoteStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new AttestorUserOwnedDrydockNoteStatus.

func (*AttestorUserOwnedDrydockNoteStatus) DeepCopyInto 

func (in *AttestorUserOwnedDrydockNoteStatus) DeepCopyInto(out *AttestorUserOwnedDrydockNoteStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BinaryAuthorizationAttestor 

type BinaryAuthorizationAttestor struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   BinaryAuthorizationAttestorSpec   `json:"spec,omitempty"`
	Status BinaryAuthorizationAttestorStatus `json:"status,omitempty"`
}

BinaryAuthorizationAttestor is the Schema for the binaryauthorization API +k8s:openapi-gen=true

func (*BinaryAuthorizationAttestor) DeepCopy 

func (in *BinaryAuthorizationAttestor) DeepCopy() *BinaryAuthorizationAttestor

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationAttestor.

func (*BinaryAuthorizationAttestor) DeepCopyInto 

func (in *BinaryAuthorizationAttestor) DeepCopyInto(out *BinaryAuthorizationAttestor)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BinaryAuthorizationAttestor) DeepCopyObject 

func (in *BinaryAuthorizationAttestor) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BinaryAuthorizationAttestorList 

type BinaryAuthorizationAttestorList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []BinaryAuthorizationAttestor `json:"items"`
}

BinaryAuthorizationAttestorList contains a list of BinaryAuthorizationAttestor

func (*BinaryAuthorizationAttestorList) DeepCopy 

func (in *BinaryAuthorizationAttestorList) DeepCopy() *BinaryAuthorizationAttestorList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationAttestorList.

func (*BinaryAuthorizationAttestorList) DeepCopyInto 

func (in *BinaryAuthorizationAttestorList) DeepCopyInto(out *BinaryAuthorizationAttestorList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BinaryAuthorizationAttestorList) DeepCopyObject 

func (in *BinaryAuthorizationAttestorList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BinaryAuthorizationAttestorSpec 

type BinaryAuthorizationAttestorSpec struct {
	/* Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs. */
	// +optional
	Description *string `json:"description,omitempty"`

	/* Immutable. The Project that this resource belongs to. */
	ProjectRef v1alpha1.ResourceRef `json:"projectRef"`

	/* Immutable. Optional. The name of the resource. Used for creation and acquisition. When unset, the value of `metadata.name` is used as the default. */
	// +optional
	ResourceID *string `json:"resourceID,omitempty"`

	/* This specifies how an attestation will be read, and how it will be used during policy enforcement. */
	// +optional
	UserOwnedDrydockNote *AttestorUserOwnedDrydockNote `json:"userOwnedDrydockNote,omitempty"`
}

func (*BinaryAuthorizationAttestorSpec) DeepCopy 

func (in *BinaryAuthorizationAttestorSpec) DeepCopy() *BinaryAuthorizationAttestorSpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationAttestorSpec.

func (*BinaryAuthorizationAttestorSpec) DeepCopyInto 

func (in *BinaryAuthorizationAttestorSpec) DeepCopyInto(out *BinaryAuthorizationAttestorSpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BinaryAuthorizationAttestorStatus 

type BinaryAuthorizationAttestorStatus struct {
	/* Conditions represent the latest available observations of the
	   BinaryAuthorizationAttestor's current state. */
	Conditions []v1alpha1.Condition `json:"conditions,omitempty"`
	/* ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. */
	ObservedGeneration int `json:"observedGeneration,omitempty"`
	/* Output only. Time when the attestor was last updated. */
	UpdateTime string `json:"updateTime,omitempty"`
	/*  */
	UserOwnedDrydockNote AttestorUserOwnedDrydockNoteStatus `json:"userOwnedDrydockNote,omitempty"`
}

func (*BinaryAuthorizationAttestorStatus) DeepCopy 

func (in *BinaryAuthorizationAttestorStatus) DeepCopy() *BinaryAuthorizationAttestorStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationAttestorStatus.

func (*BinaryAuthorizationAttestorStatus) DeepCopyInto 

func (in *BinaryAuthorizationAttestorStatus) DeepCopyInto(out *BinaryAuthorizationAttestorStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BinaryAuthorizationPolicy 

type BinaryAuthorizationPolicy struct {
	metav1.TypeMeta   `json:",inline"`
	metav1.ObjectMeta `json:"metadata,omitempty"`

	Spec   BinaryAuthorizationPolicySpec   `json:"spec,omitempty"`
	Status BinaryAuthorizationPolicyStatus `json:"status,omitempty"`
}

BinaryAuthorizationPolicy is the Schema for the binaryauthorization API +k8s:openapi-gen=true

func (*BinaryAuthorizationPolicy) DeepCopy 

func (in *BinaryAuthorizationPolicy) DeepCopy() *BinaryAuthorizationPolicy

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationPolicy.

func (*BinaryAuthorizationPolicy) DeepCopyInto 

func (in *BinaryAuthorizationPolicy) DeepCopyInto(out *BinaryAuthorizationPolicy)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BinaryAuthorizationPolicy) DeepCopyObject 

func (in *BinaryAuthorizationPolicy) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BinaryAuthorizationPolicyList 

type BinaryAuthorizationPolicyList struct {
	metav1.TypeMeta `json:",inline"`
	metav1.ListMeta `json:"metadata,omitempty"`
	Items           []BinaryAuthorizationPolicy `json:"items"`
}

BinaryAuthorizationPolicyList contains a list of BinaryAuthorizationPolicy

func (*BinaryAuthorizationPolicyList) DeepCopy 

func (in *BinaryAuthorizationPolicyList) DeepCopy() *BinaryAuthorizationPolicyList

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationPolicyList.

func (*BinaryAuthorizationPolicyList) DeepCopyInto 

func (in *BinaryAuthorizationPolicyList) DeepCopyInto(out *BinaryAuthorizationPolicyList)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

func (*BinaryAuthorizationPolicyList) DeepCopyObject 

func (in *BinaryAuthorizationPolicyList) DeepCopyObject() runtime.Object

DeepCopyObject is an autogenerated deepcopy function, copying the receiver, creating a new runtime.Object.

type BinaryAuthorizationPolicySpec 

type BinaryAuthorizationPolicySpec struct {
	/* Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies. */
	// +optional
	AdmissionWhitelistPatterns []PolicyAdmissionWhitelistPatterns `json:"admissionWhitelistPatterns,omitempty"`

	/* Optional. Per-cluster admission rules. Cluster spec format: location.clusterId. There can be at most one admission rule per cluster spec. A location is either a compute zone (e.g. us-central1-a) or a region (e.g. us-central1). For clusterId syntax restrictions see https://cloud.google.com/container-engine/reference/rest/v1/projects.zones.clusters. */
	// +optional
	ClusterAdmissionRules map[string]PolicyClusterAdmissionRules `json:"clusterAdmissionRules,omitempty"`

	/* Required. Default admission rule for a cluster without a per-cluster, per-kubernetes-service-account, or per-istio-service-identity admission rule. */
	DefaultAdmissionRule PolicyDefaultAdmissionRule `json:"defaultAdmissionRule"`

	/* Optional. A descriptive comment. */
	// +optional
	Description *string `json:"description,omitempty"`

	/* Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy. Possible values: GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED, ENABLE, DISABLE */
	// +optional
	GlobalPolicyEvaluationMode *string `json:"globalPolicyEvaluationMode,omitempty"`

	/* Optional. Per-istio-service-identity admission rules. Istio service identity spec format: spiffe:///ns//sa/ or /ns//sa/ e.g. spiffe://example.com/ns/test-ns/sa/default */
	// +optional
	IstioServiceIdentityAdmissionRules map[string]PolicyIstioServiceIdentityAdmissionRules `json:"istioServiceIdentityAdmissionRules,omitempty"`

	/* Optional. Per-kubernetes-namespace admission rules. K8s namespace spec format: [a-z.-]+, e.g. 'some-namespace' */
	// +optional
	KubernetesNamespaceAdmissionRules map[string]PolicyKubernetesNamespaceAdmissionRules `json:"kubernetesNamespaceAdmissionRules,omitempty"`

	/* Optional. Per-kubernetes-service-account admission rules. Service account spec format: namespace:serviceaccount. e.g. 'test-ns:default' */
	// +optional
	KubernetesServiceAccountAdmissionRules map[string]PolicyKubernetesServiceAccountAdmissionRules `json:"kubernetesServiceAccountAdmissionRules,omitempty"`

	/* Immutable. The Project that this resource belongs to. */
	ProjectRef v1alpha1.ResourceRef `json:"projectRef"`
}

func (*BinaryAuthorizationPolicySpec) DeepCopy 

func (in *BinaryAuthorizationPolicySpec) DeepCopy() *BinaryAuthorizationPolicySpec

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationPolicySpec.

func (*BinaryAuthorizationPolicySpec) DeepCopyInto 

func (in *BinaryAuthorizationPolicySpec) DeepCopyInto(out *BinaryAuthorizationPolicySpec)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type BinaryAuthorizationPolicyStatus 

type BinaryAuthorizationPolicyStatus struct {
	/* Conditions represent the latest available observations of the
	   BinaryAuthorizationPolicy's current state. */
	Conditions []v1alpha1.Condition `json:"conditions,omitempty"`
	/* ObservedGeneration is the generation of the resource that was most recently observed by the Config Connector controller. If this is equal to metadata.generation, then that means that the current reported status reflects the most recent desired state of the resource. */
	ObservedGeneration int `json:"observedGeneration,omitempty"`
	/* Output only. The resource name, in the format `projects/* /policy`. There is at most one policy per project. */
	SelfLink string `json:"selfLink,omitempty"`
	/* Output only. Time when the policy was last updated. */
	UpdateTime string `json:"updateTime,omitempty"`
}

func (*BinaryAuthorizationPolicyStatus) DeepCopy 

func (in *BinaryAuthorizationPolicyStatus) DeepCopy() *BinaryAuthorizationPolicyStatus

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new BinaryAuthorizationPolicyStatus.

func (*BinaryAuthorizationPolicyStatus) DeepCopyInto 

func (in *BinaryAuthorizationPolicyStatus) DeepCopyInto(out *BinaryAuthorizationPolicyStatus)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyAdmissionWhitelistPatterns 

type PolicyAdmissionWhitelistPatterns struct {
	/* An image name pattern to allowlist, in the form `registry/path/to/image`. This supports a trailing `*` as a wildcard, but this is allowed only in text after the `registry/` part. */
	// +optional
	NamePattern *string `json:"namePattern,omitempty"`
}

func (*PolicyAdmissionWhitelistPatterns) DeepCopy 

func (in *PolicyAdmissionWhitelistPatterns) DeepCopy() *PolicyAdmissionWhitelistPatterns

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyAdmissionWhitelistPatterns.

func (*PolicyAdmissionWhitelistPatterns) DeepCopyInto 

func (in *PolicyAdmissionWhitelistPatterns) DeepCopyInto(out *PolicyAdmissionWhitelistPatterns)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyClusterAdmissionRules 

type PolicyClusterAdmissionRules struct {
	/* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */
	EnforcementMode string `json:"enforcementMode"`

	/* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */
	EvaluationMode string `json:"evaluationMode"`

	/*  */
	// +optional
	RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"`
}

func (*PolicyClusterAdmissionRules) DeepCopy 

func (in *PolicyClusterAdmissionRules) DeepCopy() *PolicyClusterAdmissionRules

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyClusterAdmissionRules.

func (*PolicyClusterAdmissionRules) DeepCopyInto 

func (in *PolicyClusterAdmissionRules) DeepCopyInto(out *PolicyClusterAdmissionRules)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyDefaultAdmissionRule 

type PolicyDefaultAdmissionRule struct {
	/* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */
	EnforcementMode string `json:"enforcementMode"`

	/* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */
	EvaluationMode string `json:"evaluationMode"`

	/*  */
	// +optional
	RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"`
}

func (*PolicyDefaultAdmissionRule) DeepCopy 

func (in *PolicyDefaultAdmissionRule) DeepCopy() *PolicyDefaultAdmissionRule

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyDefaultAdmissionRule.

func (*PolicyDefaultAdmissionRule) DeepCopyInto 

func (in *PolicyDefaultAdmissionRule) DeepCopyInto(out *PolicyDefaultAdmissionRule)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyIstioServiceIdentityAdmissionRules 

type PolicyIstioServiceIdentityAdmissionRules struct {
	/* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */
	EnforcementMode string `json:"enforcementMode"`

	/* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */
	EvaluationMode string `json:"evaluationMode"`

	/*  */
	// +optional
	RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"`
}

func (*PolicyIstioServiceIdentityAdmissionRules) DeepCopy 

func (in *PolicyIstioServiceIdentityAdmissionRules) DeepCopy() *PolicyIstioServiceIdentityAdmissionRules

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyIstioServiceIdentityAdmissionRules.

func (*PolicyIstioServiceIdentityAdmissionRules) DeepCopyInto 

func (in *PolicyIstioServiceIdentityAdmissionRules) DeepCopyInto(out *PolicyIstioServiceIdentityAdmissionRules)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyKubernetesNamespaceAdmissionRules 

type PolicyKubernetesNamespaceAdmissionRules struct {
	/* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */
	EnforcementMode string `json:"enforcementMode"`

	/* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */
	EvaluationMode string `json:"evaluationMode"`

	/*  */
	// +optional
	RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"`
}

func (*PolicyKubernetesNamespaceAdmissionRules) DeepCopy 

func (in *PolicyKubernetesNamespaceAdmissionRules) DeepCopy() *PolicyKubernetesNamespaceAdmissionRules

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyKubernetesNamespaceAdmissionRules.

func (*PolicyKubernetesNamespaceAdmissionRules) DeepCopyInto 

func (in *PolicyKubernetesNamespaceAdmissionRules) DeepCopyInto(out *PolicyKubernetesNamespaceAdmissionRules)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

type PolicyKubernetesServiceAccountAdmissionRules 

type PolicyKubernetesServiceAccountAdmissionRules struct {
	/* Required. The action when a pod creation is denied by the admission rule. Possible values: ENFORCEMENT_MODE_UNSPECIFIED, ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY */
	EnforcementMode string `json:"enforcementMode"`

	/* Required. How this admission rule will be evaluated. Possible values: ALWAYS_ALLOW, ALWAYS_DENY, REQUIRE_ATTESTATION */
	EvaluationMode string `json:"evaluationMode"`

	/*  */
	// +optional
	RequireAttestationsBy []v1alpha1.ResourceRef `json:"requireAttestationsBy,omitempty"`
}

func (*PolicyKubernetesServiceAccountAdmissionRules) DeepCopy 

func (in *PolicyKubernetesServiceAccountAdmissionRules) DeepCopy() *PolicyKubernetesServiceAccountAdmissionRules

DeepCopy is an autogenerated deepcopy function, copying the receiver, creating a new PolicyKubernetesServiceAccountAdmissionRules.

func (*PolicyKubernetesServiceAccountAdmissionRules) DeepCopyInto 

func (in *PolicyKubernetesServiceAccountAdmissionRules) DeepCopyInto(out *PolicyKubernetesServiceAccountAdmissionRules)

DeepCopyInto is an autogenerated deepcopy function, copying the receiver, writing into out. in must be non-nil.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.