public sealed class AdmissionRule : IMessage<AdmissionRule>, IEquatable<AdmissionRule>, IDeepCloneable<AdmissionRule>, IBufferMessage, IMessage
An [admission rule][google.cloud.binaryauthorization.v1beta1.AdmissionRule] specifies either that all container images
used in a pod creation request must be attested to by one or more
[attestors][google.cloud.binaryauthorization.v1beta1.Attestor], that all pod creations will be allowed, or that all
pod creations will be denied.
Images matching an [admission allowlist pattern][google.cloud.binaryauthorization.v1beta1.AdmissionWhitelistPattern]
are exempted from admission rules and will never block a pod creation.
public RepeatedField<string> RequireAttestationsBy { get; }
Optional. The resource names of the attestors that must attest to
a container image, in the format projects/*/attestors/*. Each
attestor must exist before a policy can reference it. To add an attestor
to a policy the principal issuing the policy change request must be able
to read the attestor resource.
Note: this field must be non-empty when the evaluation_mode field specifies
REQUIRE_ATTESTATION, otherwise it must be empty.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-07 UTC."],[[["\u003cp\u003eThe \u003ccode\u003eAdmissionRule\u003c/code\u003e class in the \u003ccode\u003eGoogle.Cloud.BinaryAuthorization.V1Beta1\u003c/code\u003e namespace defines rules for pod creation requests, specifying whether images must be attested to by specific attestors, or if all creations will be allowed or denied.\u003c/p\u003e\n"],["\u003cp\u003eImages that match an admission allowlist pattern are exempt from these rules, ensuring they will not block pod creation.\u003c/p\u003e\n"],["\u003cp\u003e\u003ccode\u003eAdmissionRule\u003c/code\u003e has properties \u003ccode\u003eEnforcementMode\u003c/code\u003e and \u003ccode\u003eEvaluationMode\u003c/code\u003e which determine the action when a pod creation is denied and how the rule will be evaluated respectively.\u003c/p\u003e\n"],["\u003cp\u003eThe \u003ccode\u003eRequireAttestationsBy\u003c/code\u003e property allows specifying the resource names of attestors that must verify a container image, and it is mandatory when \u003ccode\u003eevaluation_mode\u003c/code\u003e is set to \u003ccode\u003eREQUIRE_ATTESTATION\u003c/code\u003e.\u003c/p\u003e\n"],["\u003cp\u003eThis class inherits from \u003ccode\u003eObject\u003c/code\u003e and implements interfaces such as \u003ccode\u003eIMessage\u003c/code\u003e, \u003ccode\u003eIEquatable\u003c/code\u003e, \u003ccode\u003eIDeepCloneable\u003c/code\u003e, and \u003ccode\u003eIBufferMessage\u003c/code\u003e, providing functionality for message handling, equality comparison, deep cloning, and buffer management.\u003c/p\u003e\n"]]],[],null,[]]
