Class Policy
A policy for container image binary authorization.
To get more information about Policy, see:
- API documentation
- How-to Guides
- Official Documentation
Inherited Members
Namespace: Pulumi.Gcp.BinaryAuthorization
Assembly: Pulumi.Gcp.dll
Syntax
public class Policy : CustomResourceConstructors
View SourcePolicy(String, PolicyArgs, CustomResourceOptions)
Create a Policy resource with the given unique name, arguments, and options.
Declaration
public Policy(string name, PolicyArgs args, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resource |
| PolicyArgs | args | The arguments used to populate this resource's properties |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Properties
View SourceAdmissionWhitelistPatterns
A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the image's admission requests will always be permitted regardless of your admission rules. Structure is documented below.
Declaration
public Output<ImmutableArray<PolicyAdmissionWhitelistPattern>> AdmissionWhitelistPatterns { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<PolicyAdmissionWhitelistPattern>> |
ClusterAdmissionRules
Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. There can be at most one admission rule per cluster spec.
Declaration
public Output<ImmutableArray<PolicyClusterAdmissionRule>> ClusterAdmissionRules { get; }Property Value
| Type | Description |
|---|---|
| Output<System.Collections.Immutable.ImmutableArray<PolicyClusterAdmissionRule>> |
DefaultAdmissionRule
Default admission rule for a cluster without a per-cluster admission rule. Structure is documented below.
Declaration
public Output<PolicyDefaultAdmissionRule> DefaultAdmissionRule { get; }Property Value
| Type | Description |
|---|---|
| Output<PolicyDefaultAdmissionRule> |
Description
A descriptive comment.
Declaration
public Output<string> Description { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
GlobalPolicyEvaluationMode
Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy.
Declaration
public Output<string> GlobalPolicyEvaluationMode { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Project
The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
Declaration
public Output<string> Project { get; }Property Value
| Type | Description |
|---|---|
| Output<System.String> |
Methods
View SourceGet(String, Input<String>, PolicyState, CustomResourceOptions)
Get an existing Policy resource's state with the given name, ID, and optional extra properties used to qualify the lookup.
Declaration
public static Policy Get(string name, Input<string> id, PolicyState state = null, CustomResourceOptions options = null)Parameters
| Type | Name | Description |
|---|---|---|
| System.String | name | The unique name of the resulting resource. |
| Input<System.String> | id | The unique provider ID of the resource to lookup. |
| PolicyState | state | Any extra arguments used during the lookup. |
| CustomResourceOptions | options | A bag of options that control this resource's behavior |
Returns
| Type | Description |
|---|---|
| Policy |