public sealed class AdmissionRule : IMessage<AdmissionRule>, IEquatable<AdmissionRule>, IDeepCloneable<AdmissionRule>, IBufferMessage, IMessageReference documentation and code samples for the Binary Authorization v1 API class AdmissionRule.
An [admission rule][google.cloud.binaryauthorization.v1.AdmissionRule] specifies either that all container images used in a pod creation request must be attested to by one or more [attestors][google.cloud.binaryauthorization.v1.Attestor], that all pod creations will be allowed, or that all pod creations will be denied.
Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1.AdmissionWhitelistPattern] are exempted from admission rules and will never block a pod creation.
Implements
IMessageAdmissionRule, IEquatableAdmissionRule, IDeepCloneableAdmissionRule, IBufferMessage, IMessageNamespace
Google.Cloud.BinaryAuthorization.V1Assembly
Google.Cloud.BinaryAuthorization.V1.dll
Constructors
AdmissionRule()
public AdmissionRule()AdmissionRule(AdmissionRule)
public AdmissionRule(AdmissionRule other)| Parameter | |
|---|---|
| Name | Description | 
| other | AdmissionRule | 
Properties
EnforcementMode
public AdmissionRule.Types.EnforcementMode EnforcementMode { get; set; }Required. The action when a pod creation is denied by the admission rule.
| Property Value | |
|---|---|
| Type | Description | 
| AdmissionRuleTypesEnforcementMode | |
EvaluationMode
public AdmissionRule.Types.EvaluationMode EvaluationMode { get; set; }Required. How this admission rule will be evaluated.
| Property Value | |
|---|---|
| Type | Description | 
| AdmissionRuleTypesEvaluationMode | |
RequireAttestationsBy
public RepeatedField<string> RequireAttestationsBy { get; }Optional. The resource names of the attestors that must attest to
a container image, in the format projects/*/attestors/*. Each
attestor must exist before a policy can reference it.  To add an attestor
to a policy the principal issuing the policy change request must be able
to read the attestor resource.
Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.
| Property Value | |
|---|---|
| Type | Description | 
| RepeatedFieldstring | |