Package cloud.google.com/go/binaryauthorization/apiv1/binaryauthorizationpb (v1.9.5)

var (
	Policy_GlobalPolicyEvaluationMode_name = map[int32]string{
		0: "GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED",
		1: "ENABLE",
		2: "DISABLE",
	}
	Policy_GlobalPolicyEvaluationMode_value = map[string]int32{
		"GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED": 0,
		"ENABLE":  1,
		"DISABLE": 2,
	}
)

var (
	AdmissionRule_EvaluationMode_name = map[int32]string{
		0: "EVALUATION_MODE_UNSPECIFIED",
		1: "ALWAYS_ALLOW",
		2: "REQUIRE_ATTESTATION",
		3: "ALWAYS_DENY",
	}
	AdmissionRule_EvaluationMode_value = map[string]int32{
		"EVALUATION_MODE_UNSPECIFIED": 0,
		"ALWAYS_ALLOW":                1,
		"REQUIRE_ATTESTATION":         2,
		"ALWAYS_DENY":                 3,
	}
)

var (
	AdmissionRule_EnforcementMode_name = map[int32]string{
		0: "ENFORCEMENT_MODE_UNSPECIFIED",
		1: "ENFORCED_BLOCK_AND_AUDIT_LOG",
		2: "DRYRUN_AUDIT_LOG_ONLY",
	}
	AdmissionRule_EnforcementMode_value = map[string]int32{
		"ENFORCEMENT_MODE_UNSPECIFIED": 0,
		"ENFORCED_BLOCK_AND_AUDIT_LOG": 1,
		"DRYRUN_AUDIT_LOG_ONLY":        2,
	}
)

var (
	PkixPublicKey_SignatureAlgorithm_name = map[int32]string{
		0: "SIGNATURE_ALGORITHM_UNSPECIFIED",
		1: "RSA_PSS_2048_SHA256",
		2: "RSA_PSS_3072_SHA256",
		3: "RSA_PSS_4096_SHA256",
		4: "RSA_PSS_4096_SHA512",
		5: "RSA_SIGN_PKCS1_2048_SHA256",
		6: "RSA_SIGN_PKCS1_3072_SHA256",
		7: "RSA_SIGN_PKCS1_4096_SHA256",
		8: "RSA_SIGN_PKCS1_4096_SHA512",
		9: "ECDSA_P256_SHA256",

		10: "ECDSA_P384_SHA384",

		11: "ECDSA_P521_SHA512",
	}
	PkixPublicKey_SignatureAlgorithm_value = map[string]int32{
		"SIGNATURE_ALGORITHM_UNSPECIFIED": 0,
		"RSA_PSS_2048_SHA256":             1,
		"RSA_PSS_3072_SHA256":             2,
		"RSA_PSS_4096_SHA256":             3,
		"RSA_PSS_4096_SHA512":             4,
		"RSA_SIGN_PKCS1_2048_SHA256":      5,
		"RSA_SIGN_PKCS1_3072_SHA256":      6,
		"RSA_SIGN_PKCS1_4096_SHA256":      7,
		"RSA_SIGN_PKCS1_4096_SHA512":      8,
		"ECDSA_P256_SHA256":               9,
		"EC_SIGN_P256_SHA256":             9,
		"ECDSA_P384_SHA384":               10,
		"EC_SIGN_P384_SHA384":             10,
		"ECDSA_P521_SHA512":               11,
		"EC_SIGN_P521_SHA512":             11,
	}
)

var (
	ValidateAttestationOccurrenceResponse_Result_name = map[int32]string{
		0: "RESULT_UNSPECIFIED",
		1: "VERIFIED",
		2: "ATTESTATION_NOT_VERIFIABLE",
	}
	ValidateAttestationOccurrenceResponse_Result_value = map[string]int32{
		"RESULT_UNSPECIFIED":         0,
		"VERIFIED":                   1,
		"ATTESTATION_NOT_VERIFIABLE": 2,
	}
)

var File_google_cloud_binaryauthorization_v1_resources_proto protoreflect.FileDescriptor

var File_google_cloud_binaryauthorization_v1_service_proto protoreflect.FileDescriptor

func RegisterBinauthzManagementServiceV1Server(s *grpc.Server, srv BinauthzManagementServiceV1Server)

func RegisterSystemPolicyV1Server(s *grpc.Server, srv SystemPolicyV1Server)

func RegisterValidationHelperV1Server(s *grpc.Server, srv ValidationHelperV1Server)

type AdmissionRule struct {

	// Required. How this admission rule will be evaluated.
	EvaluationMode AdmissionRule_EvaluationMode `protobuf:"varint,1,opt,name=evaluation_mode,json=evaluationMode,proto3,enum=google.cloud.binaryauthorization.v1.AdmissionRule_EvaluationMode" json:"evaluation_mode,omitempty"`
	// Optional. The resource names of the attestors that must attest to
	// a container image, in the format `projects/*/attestors/*`. Each
	// attestor must exist before a policy can reference it.  To add an attestor
	// to a policy the principal issuing the policy change request must be able
	// to read the attestor resource.
	//
	// Note: this field must be non-empty when the evaluation_mode field specifies
	// REQUIRE_ATTESTATION, otherwise it must be empty.
	RequireAttestationsBy []string `protobuf:"bytes,2,rep,name=require_attestations_by,json=requireAttestationsBy,proto3" json:"require_attestations_by,omitempty"`
	// Required. The action when a pod creation is denied by the admission rule.
	EnforcementMode AdmissionRule_EnforcementMode `protobuf:"varint,3,opt,name=enforcement_mode,json=enforcementMode,proto3,enum=google.cloud.binaryauthorization.v1.AdmissionRule_EnforcementMode" json:"enforcement_mode,omitempty"`
	// contains filtered or unexported fields
}

func (*AdmissionRule) Descriptor() ([]byte, []int)

func (x *AdmissionRule) GetEnforcementMode() AdmissionRule_EnforcementMode

func (x *AdmissionRule) GetEvaluationMode() AdmissionRule_EvaluationMode

func (x *AdmissionRule) GetRequireAttestationsBy() []string

func (*AdmissionRule) ProtoMessage()

func (x *AdmissionRule) ProtoReflect() protoreflect.Message

func (x *AdmissionRule) Reset()

func (x *AdmissionRule) String() string

type AdmissionRule_EnforcementMode int32

const (
	// Do not use.
	AdmissionRule_ENFORCEMENT_MODE_UNSPECIFIED AdmissionRule_EnforcementMode = 0
	// Enforce the admission rule by blocking the pod creation.
	AdmissionRule_ENFORCED_BLOCK_AND_AUDIT_LOG AdmissionRule_EnforcementMode = 1
	// Dryrun mode: Audit logging only.  This will allow the pod creation as if
	// the admission request had specified break-glass.
	AdmissionRule_DRYRUN_AUDIT_LOG_ONLY AdmissionRule_EnforcementMode = 2
)

func (AdmissionRule_EnforcementMode) Descriptor() protoreflect.EnumDescriptor

func (x AdmissionRule_EnforcementMode) Enum() *AdmissionRule_EnforcementMode

func (AdmissionRule_EnforcementMode) EnumDescriptor() ([]byte, []int)

func (x AdmissionRule_EnforcementMode) Number() protoreflect.EnumNumber

func (x AdmissionRule_EnforcementMode) String() string

func (AdmissionRule_EnforcementMode) Type() protoreflect.EnumType

type AdmissionRule_EvaluationMode int32

const (
	// Do not use.
	AdmissionRule_EVALUATION_MODE_UNSPECIFIED AdmissionRule_EvaluationMode = 0
	// This rule allows all all pod creations.
	AdmissionRule_ALWAYS_ALLOW AdmissionRule_EvaluationMode = 1
	// This rule allows a pod creation if all the attestors listed in
	// 'require_attestations_by' have valid attestations for all of the
	// images in the pod spec.
	AdmissionRule_REQUIRE_ATTESTATION AdmissionRule_EvaluationMode = 2
	// This rule denies all pod creations.
	AdmissionRule_ALWAYS_DENY AdmissionRule_EvaluationMode = 3
)

func (AdmissionRule_EvaluationMode) Descriptor() protoreflect.EnumDescriptor

func (x AdmissionRule_EvaluationMode) Enum() *AdmissionRule_EvaluationMode

func (AdmissionRule_EvaluationMode) EnumDescriptor() ([]byte, []int)

func (x AdmissionRule_EvaluationMode) Number() protoreflect.EnumNumber

func (x AdmissionRule_EvaluationMode) String() string

func (AdmissionRule_EvaluationMode) Type() protoreflect.EnumType

type AdmissionWhitelistPattern struct {

	// An image name pattern to allowlist, in the form `registry/path/to/image`.
	// This supports a trailing `*` wildcard, but this is allowed only in
	// text after the `registry/` part. This also supports a trailing `**`
	// wildcard which matches subdirectories of a given entry.
	NamePattern string `protobuf:"bytes,1,opt,name=name_pattern,json=namePattern,proto3" json:"name_pattern,omitempty"`
	// contains filtered or unexported fields
}

func (*AdmissionWhitelistPattern) Descriptor() ([]byte, []int)

func (x *AdmissionWhitelistPattern) GetNamePattern() string

func (*AdmissionWhitelistPattern) ProtoMessage()

func (x *AdmissionWhitelistPattern) ProtoReflect() protoreflect.Message

func (x *AdmissionWhitelistPattern) Reset()

func (x *AdmissionWhitelistPattern) String() string

type Attestor struct {

	// Required. The resource name, in the format:
	// `projects/*/attestors/*`. This field may not be updated.
	Name string `protobuf:"bytes,1,opt,name=name,proto3" json:"name,omitempty"`
	// Optional. A descriptive comment.  This field may be updated.
	// The field may be displayed in chooser dialogs.
	Description string `protobuf:"bytes,6,opt,name=description,proto3" json:"description,omitempty"`
	// Types that are assignable to AttestorType:
	//
	//	*Attestor_UserOwnedGrafeasNote
	AttestorType isAttestor_AttestorType `protobuf_oneof:"attestor_type"`
	// Output only. Time when the attestor was last updated.
	UpdateTime *timestamppb.Timestamp `protobuf:"bytes,4,opt,name=update_time,json=updateTime,proto3" json:"update_time,omitempty"`
	// contains filtered or unexported fields
}

func (*Attestor) Descriptor() ([]byte, []int)

func (m *Attestor) GetAttestorType() isAttestor_AttestorType

func (x *Attestor) GetDescription() string

func (x *Attestor) GetName() string

func (x *Attestor) GetUpdateTime() *timestamppb.Timestamp

func (x *Attestor) GetUserOwnedGrafeasNote() *UserOwnedGrafeasNote

func (*Attestor) ProtoMessage()

func (x *Attestor) ProtoReflect() protoreflect.Message

func (x *Attestor) Reset()

func (x *Attestor) String() string

type AttestorPublicKey struct {

	// Optional. A descriptive comment. This field may be updated.
	Comment string `protobuf:"bytes,1,opt,name=comment,proto3" json:"comment,omitempty"`
	// The ID of this public key.
	// Signatures verified by BinAuthz must include the ID of the public key that
	// can be used to verify them, and that ID must match the contents of this
	// field exactly.
	// Additional restrictions on this field can be imposed based on which public
	// key type is encapsulated. See the documentation on `public_key` cases below
	// for details.
	Id string `protobuf:"bytes,2,opt,name=id,proto3" json:"id,omitempty"`
	// Types that are assignable to PublicKey:
	//
	//	*AttestorPublicKey_AsciiArmoredPgpPublicKey
	//	*AttestorPublicKey_PkixPublicKey
	PublicKey isAttestorPublicKey_PublicKey `protobuf_oneof:"public_key"`
	// contains filtered or unexported fields
}

func (*AttestorPublicKey) Descriptor() ([]byte, []int)

func (x *AttestorPublicKey) GetAsciiArmoredPgpPublicKey() string

func (x *AttestorPublicKey) GetComment() string

func (x *AttestorPublicKey) GetId() string

func (x *AttestorPublicKey) GetPkixPublicKey() *PkixPublicKey

func (m *AttestorPublicKey) GetPublicKey() isAttestorPublicKey_PublicKey

func (*AttestorPublicKey) ProtoMessage()

func (x *AttestorPublicKey) ProtoReflect() protoreflect.Message

func (x *AttestorPublicKey) Reset()

func (x *AttestorPublicKey) String()