Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance. Project price only 1 $
You can buy this project and download/modify it how often you want.
@file:Suppress("NAME_SHADOWING", "DEPRECATION")
package com.pulumi.gcp.binaryauthorization.kotlin
import com.pulumi.core.Output
import com.pulumi.core.Output.of
import com.pulumi.gcp.binaryauthorization.PolicyArgs.builder
import com.pulumi.gcp.binaryauthorization.kotlin.inputs.PolicyAdmissionWhitelistPatternArgs
import com.pulumi.gcp.binaryauthorization.kotlin.inputs.PolicyAdmissionWhitelistPatternArgsBuilder
import com.pulumi.gcp.binaryauthorization.kotlin.inputs.PolicyClusterAdmissionRuleArgs
import com.pulumi.gcp.binaryauthorization.kotlin.inputs.PolicyClusterAdmissionRuleArgsBuilder
import com.pulumi.gcp.binaryauthorization.kotlin.inputs.PolicyDefaultAdmissionRuleArgs
import com.pulumi.gcp.binaryauthorization.kotlin.inputs.PolicyDefaultAdmissionRuleArgsBuilder
import com.pulumi.kotlin.ConvertibleToJava
import com.pulumi.kotlin.PulumiTagMarker
import com.pulumi.kotlin.applySuspend
import kotlin.String
import kotlin.Suppress
import kotlin.Unit
import kotlin.collections.List
import kotlin.jvm.JvmName
/**
* A policy for container image binary authorization.
* To get more information about Policy, see:
* * [API documentation](https://cloud.google.com/binary-authorization/docs/reference/rest/)
* * How-to Guides
* * [Official Documentation](https://cloud.google.com/binary-authorization/)
* ## Example Usage
* ### Binary Authorization Policy Basic
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const note = new gcp.containeranalysis.Note("note", {
* name: "test-attestor-note",
* attestationAuthority: {
* hint: {
* humanReadableName: "My attestor",
* },
* },
* });
* const attestor = new gcp.binaryauthorization.Attestor("attestor", {
* name: "test-attestor",
* attestationAuthorityNote: {
* noteReference: note.name,
* },
* });
* const policy = new gcp.binaryauthorization.Policy("policy", {
* admissionWhitelistPatterns: [{
* namePattern: "gcr.io/google_containers/*",
* }],
* defaultAdmissionRule: {
* evaluationMode: "ALWAYS_ALLOW",
* enforcementMode: "ENFORCED_BLOCK_AND_AUDIT_LOG",
* },
* clusterAdmissionRules: [{
* cluster: "us-central1-a.prod-cluster",
* evaluationMode: "REQUIRE_ATTESTATION",
* enforcementMode: "ENFORCED_BLOCK_AND_AUDIT_LOG",
* requireAttestationsBies: [attestor.name],
* }],
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* note = gcp.containeranalysis.Note("note",
* name="test-attestor-note",
* attestation_authority={
* "hint": {
* "human_readable_name": "My attestor",
* },
* })
* attestor = gcp.binaryauthorization.Attestor("attestor",
* name="test-attestor",
* attestation_authority_note={
* "note_reference": note.name,
* })
* policy = gcp.binaryauthorization.Policy("policy",
* admission_whitelist_patterns=[{
* "name_pattern": "gcr.io/google_containers/*",
* }],
* default_admission_rule={
* "evaluation_mode": "ALWAYS_ALLOW",
* "enforcement_mode": "ENFORCED_BLOCK_AND_AUDIT_LOG",
* },
* cluster_admission_rules=[{
* "cluster": "us-central1-a.prod-cluster",
* "evaluation_mode": "REQUIRE_ATTESTATION",
* "enforcement_mode": "ENFORCED_BLOCK_AND_AUDIT_LOG",
* "require_attestations_bies": [attestor.name],
* }])
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var note = new Gcp.ContainerAnalysis.Note("note", new()
* {
* Name = "test-attestor-note",
* AttestationAuthority = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityArgs
* {
* Hint = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityHintArgs
* {
* HumanReadableName = "My attestor",
* },
* },
* });
* var attestor = new Gcp.BinaryAuthorization.Attestor("attestor", new()
* {
* Name = "test-attestor",
* AttestationAuthorityNote = new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNoteArgs
* {
* NoteReference = note.Name,
* },
* });
* var policy = new Gcp.BinaryAuthorization.Policy("policy", new()
* {
* AdmissionWhitelistPatterns = new[]
* {
* new Gcp.BinaryAuthorization.Inputs.PolicyAdmissionWhitelistPatternArgs
* {
* NamePattern = "gcr.io/google_containers/*",
* },
* },
* DefaultAdmissionRule = new Gcp.BinaryAuthorization.Inputs.PolicyDefaultAdmissionRuleArgs
* {
* EvaluationMode = "ALWAYS_ALLOW",
* EnforcementMode = "ENFORCED_BLOCK_AND_AUDIT_LOG",
* },
* ClusterAdmissionRules = new[]
* {
* new Gcp.BinaryAuthorization.Inputs.PolicyClusterAdmissionRuleArgs
* {
* Cluster = "us-central1-a.prod-cluster",
* EvaluationMode = "REQUIRE_ATTESTATION",
* EnforcementMode = "ENFORCED_BLOCK_AND_AUDIT_LOG",
* RequireAttestationsBies = new[]
* {
* attestor.Name,
* },
* },
* },
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* note, err := containeranalysis.NewNote(ctx, "note", &containeranalysis.NoteArgs{
* Name: pulumi.String("test-attestor-note"),
* AttestationAuthority: &containeranalysis.NoteAttestationAuthorityArgs{
* Hint: &containeranalysis.NoteAttestationAuthorityHintArgs{
* HumanReadableName: pulumi.String("My attestor"),
* },
* },
* })
* if err != nil {
* return err
* }
* attestor, err := binaryauthorization.NewAttestor(ctx, "attestor", &binaryauthorization.AttestorArgs{
* Name: pulumi.String("test-attestor"),
* AttestationAuthorityNote: &binaryauthorization.AttestorAttestationAuthorityNoteArgs{
* NoteReference: note.Name,
* },
* })
* if err != nil {
* return err
* }
* _, err = binaryauthorization.NewPolicy(ctx, "policy", &binaryauthorization.PolicyArgs{
* AdmissionWhitelistPatterns: binaryauthorization.PolicyAdmissionWhitelistPatternArray{
* &binaryauthorization.PolicyAdmissionWhitelistPatternArgs{
* NamePattern: pulumi.String("gcr.io/google_containers/*"),
* },
* },
* DefaultAdmissionRule: &binaryauthorization.PolicyDefaultAdmissionRuleArgs{
* EvaluationMode: pulumi.String("ALWAYS_ALLOW"),
* EnforcementMode: pulumi.String("ENFORCED_BLOCK_AND_AUDIT_LOG"),
* },
* ClusterAdmissionRules: binaryauthorization.PolicyClusterAdmissionRuleArray{
* &binaryauthorization.PolicyClusterAdmissionRuleArgs{
* Cluster: pulumi.String("us-central1-a.prod-cluster"),
* EvaluationMode: pulumi.String("REQUIRE_ATTESTATION"),
* EnforcementMode: pulumi.String("ENFORCED_BLOCK_AND_AUDIT_LOG"),
* RequireAttestationsBies: pulumi.StringArray{
* attestor.Name,
* },
* },
* },
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.containeranalysis.Note;
* import com.pulumi.gcp.containeranalysis.NoteArgs;
* import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;
* import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;
* import com.pulumi.gcp.binaryauthorization.Attestor;
* import com.pulumi.gcp.binaryauthorization.AttestorArgs;
* import com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;
* import com.pulumi.gcp.binaryauthorization.Policy;
* import com.pulumi.gcp.binaryauthorization.PolicyArgs;
* import com.pulumi.gcp.binaryauthorization.inputs.PolicyAdmissionWhitelistPatternArgs;
* import com.pulumi.gcp.binaryauthorization.inputs.PolicyDefaultAdmissionRuleArgs;
* import com.pulumi.gcp.binaryauthorization.inputs.PolicyClusterAdmissionRuleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var note = new Note("note", NoteArgs.builder()
* .name("test-attestor-note")
* .attestationAuthority(NoteAttestationAuthorityArgs.builder()
* .hint(NoteAttestationAuthorityHintArgs.builder()
* .humanReadableName("My attestor")
* .build())
* .build())
* .build());
* var attestor = new Attestor("attestor", AttestorArgs.builder()
* .name("test-attestor")
* .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()
* .noteReference(note.name())
* .build())
* .build());
* var policy = new Policy("policy", PolicyArgs.builder()
* .admissionWhitelistPatterns(PolicyAdmissionWhitelistPatternArgs.builder()
* .namePattern("gcr.io/google_containers/*")
* .build())
* .defaultAdmissionRule(PolicyDefaultAdmissionRuleArgs.builder()
* .evaluationMode("ALWAYS_ALLOW")
* .enforcementMode("ENFORCED_BLOCK_AND_AUDIT_LOG")
* .build())
* .clusterAdmissionRules(PolicyClusterAdmissionRuleArgs.builder()
* .cluster("us-central1-a.prod-cluster")
* .evaluationMode("REQUIRE_ATTESTATION")
* .enforcementMode("ENFORCED_BLOCK_AND_AUDIT_LOG")
* .requireAttestationsBies(attestor.name())
* .build())
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:binaryauthorization:Policy
* properties:
* admissionWhitelistPatterns:
* - namePattern: gcr.io/google_containers/*
* defaultAdmissionRule:
* evaluationMode: ALWAYS_ALLOW
* enforcementMode: ENFORCED_BLOCK_AND_AUDIT_LOG
* clusterAdmissionRules:
* - cluster: us-central1-a.prod-cluster
* evaluationMode: REQUIRE_ATTESTATION
* enforcementMode: ENFORCED_BLOCK_AND_AUDIT_LOG
* requireAttestationsBies:
* - ${attestor.name}
* note:
* type: gcp:containeranalysis:Note
* properties:
* name: test-attestor-note
* attestationAuthority:
* hint:
* humanReadableName: My attestor
* attestor:
* type: gcp:binaryauthorization:Attestor
* properties:
* name: test-attestor
* attestationAuthorityNote:
* noteReference: ${note.name}
* ```
*
* ### Binary Authorization Policy Global Evaluation
*
* ```typescript
* import * as pulumi from "@pulumi/pulumi";
* import * as gcp from "@pulumi/gcp";
* const note = new gcp.containeranalysis.Note("note", {
* name: "test-attestor-note",
* attestationAuthority: {
* hint: {
* humanReadableName: "My attestor",
* },
* },
* });
* const attestor = new gcp.binaryauthorization.Attestor("attestor", {
* name: "test-attestor",
* attestationAuthorityNote: {
* noteReference: note.name,
* },
* });
* const policy = new gcp.binaryauthorization.Policy("policy", {
* defaultAdmissionRule: {
* evaluationMode: "REQUIRE_ATTESTATION",
* enforcementMode: "ENFORCED_BLOCK_AND_AUDIT_LOG",
* requireAttestationsBies: [attestor.name],
* },
* globalPolicyEvaluationMode: "ENABLE",
* });
* ```
* ```python
* import pulumi
* import pulumi_gcp as gcp
* note = gcp.containeranalysis.Note("note",
* name="test-attestor-note",
* attestation_authority={
* "hint": {
* "human_readable_name": "My attestor",
* },
* })
* attestor = gcp.binaryauthorization.Attestor("attestor",
* name="test-attestor",
* attestation_authority_note={
* "note_reference": note.name,
* })
* policy = gcp.binaryauthorization.Policy("policy",
* default_admission_rule={
* "evaluation_mode": "REQUIRE_ATTESTATION",
* "enforcement_mode": "ENFORCED_BLOCK_AND_AUDIT_LOG",
* "require_attestations_bies": [attestor.name],
* },
* global_policy_evaluation_mode="ENABLE")
* ```
* ```csharp
* using System.Collections.Generic;
* using System.Linq;
* using Pulumi;
* using Gcp = Pulumi.Gcp;
* return await Deployment.RunAsync(() =>
* {
* var note = new Gcp.ContainerAnalysis.Note("note", new()
* {
* Name = "test-attestor-note",
* AttestationAuthority = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityArgs
* {
* Hint = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityHintArgs
* {
* HumanReadableName = "My attestor",
* },
* },
* });
* var attestor = new Gcp.BinaryAuthorization.Attestor("attestor", new()
* {
* Name = "test-attestor",
* AttestationAuthorityNote = new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNoteArgs
* {
* NoteReference = note.Name,
* },
* });
* var policy = new Gcp.BinaryAuthorization.Policy("policy", new()
* {
* DefaultAdmissionRule = new Gcp.BinaryAuthorization.Inputs.PolicyDefaultAdmissionRuleArgs
* {
* EvaluationMode = "REQUIRE_ATTESTATION",
* EnforcementMode = "ENFORCED_BLOCK_AND_AUDIT_LOG",
* RequireAttestationsBies = new[]
* {
* attestor.Name,
* },
* },
* GlobalPolicyEvaluationMode = "ENABLE",
* });
* });
* ```
* ```go
* package main
* import (
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
* "github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis"
* "github.com/pulumi/pulumi/sdk/v3/go/pulumi"
* )
* func main() {
* pulumi.Run(func(ctx *pulumi.Context) error {
* note, err := containeranalysis.NewNote(ctx, "note", &containeranalysis.NoteArgs{
* Name: pulumi.String("test-attestor-note"),
* AttestationAuthority: &containeranalysis.NoteAttestationAuthorityArgs{
* Hint: &containeranalysis.NoteAttestationAuthorityHintArgs{
* HumanReadableName: pulumi.String("My attestor"),
* },
* },
* })
* if err != nil {
* return err
* }
* attestor, err := binaryauthorization.NewAttestor(ctx, "attestor", &binaryauthorization.AttestorArgs{
* Name: pulumi.String("test-attestor"),
* AttestationAuthorityNote: &binaryauthorization.AttestorAttestationAuthorityNoteArgs{
* NoteReference: note.Name,
* },
* })
* if err != nil {
* return err
* }
* _, err = binaryauthorization.NewPolicy(ctx, "policy", &binaryauthorization.PolicyArgs{
* DefaultAdmissionRule: &binaryauthorization.PolicyDefaultAdmissionRuleArgs{
* EvaluationMode: pulumi.String("REQUIRE_ATTESTATION"),
* EnforcementMode: pulumi.String("ENFORCED_BLOCK_AND_AUDIT_LOG"),
* RequireAttestationsBies: pulumi.StringArray{
* attestor.Name,
* },
* },
* GlobalPolicyEvaluationMode: pulumi.String("ENABLE"),
* })
* if err != nil {
* return err
* }
* return nil
* })
* }
* ```
* ```java
* package generated_program;
* import com.pulumi.Context;
* import com.pulumi.Pulumi;
* import com.pulumi.core.Output;
* import com.pulumi.gcp.containeranalysis.Note;
* import com.pulumi.gcp.containeranalysis.NoteArgs;
* import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;
* import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;
* import com.pulumi.gcp.binaryauthorization.Attestor;
* import com.pulumi.gcp.binaryauthorization.AttestorArgs;
* import com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;
* import com.pulumi.gcp.binaryauthorization.Policy;
* import com.pulumi.gcp.binaryauthorization.PolicyArgs;
* import com.pulumi.gcp.binaryauthorization.inputs.PolicyDefaultAdmissionRuleArgs;
* import java.util.List;
* import java.util.ArrayList;
* import java.util.Map;
* import java.io.File;
* import java.nio.file.Files;
* import java.nio.file.Paths;
* public class App {
* public static void main(String[] args) {
* Pulumi.run(App::stack);
* }
* public static void stack(Context ctx) {
* var note = new Note("note", NoteArgs.builder()
* .name("test-attestor-note")
* .attestationAuthority(NoteAttestationAuthorityArgs.builder()
* .hint(NoteAttestationAuthorityHintArgs.builder()
* .humanReadableName("My attestor")
* .build())
* .build())
* .build());
* var attestor = new Attestor("attestor", AttestorArgs.builder()
* .name("test-attestor")
* .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()
* .noteReference(note.name())
* .build())
* .build());
* var policy = new Policy("policy", PolicyArgs.builder()
* .defaultAdmissionRule(PolicyDefaultAdmissionRuleArgs.builder()
* .evaluationMode("REQUIRE_ATTESTATION")
* .enforcementMode("ENFORCED_BLOCK_AND_AUDIT_LOG")
* .requireAttestationsBies(attestor.name())
* .build())
* .globalPolicyEvaluationMode("ENABLE")
* .build());
* }
* }
* ```
* ```yaml
* resources:
* policy:
* type: gcp:binaryauthorization:Policy
* properties:
* defaultAdmissionRule:
* evaluationMode: REQUIRE_ATTESTATION
* enforcementMode: ENFORCED_BLOCK_AND_AUDIT_LOG
* requireAttestationsBies:
* - ${attestor.name}
* globalPolicyEvaluationMode: ENABLE
* note:
* type: gcp:containeranalysis:Note
* properties:
* name: test-attestor-note
* attestationAuthority:
* hint:
* humanReadableName: My attestor
* attestor:
* type: gcp:binaryauthorization:Attestor
* properties:
* name: test-attestor
* attestationAuthorityNote:
* noteReference: ${note.name}
* ```
*
* ## Import
* Policy can be imported using any of these accepted formats:
* * `projects/{{project}}`
* * `{{project}}`
* When using the `pulumi import` command, Policy can be imported using one of the formats above. For example:
* ```sh
* $ pulumi import gcp:binaryauthorization/policy:Policy default projects/{{project}}
* ```
* ```sh
* $ pulumi import gcp:binaryauthorization/policy:Policy default {{project}}
* ```
* @property admissionWhitelistPatterns A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
* image's admission requests will always be permitted regardless of your admission rules.
* @property clusterAdmissionRules Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
* must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
* denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
* location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
* @property defaultAdmissionRule Default admission rule for a cluster without a per-cluster admission
* rule.
* Structure is documented below.
* @property description A descriptive comment.
* @property globalPolicyEvaluationMode Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not
* covered by the global policy will be subject to the project admission policy. Possible values: ["ENABLE", "DISABLE"]
* @property project
* */*/*/*/*/*/
*/
public data class PolicyArgs(
public val admissionWhitelistPatterns: Output>? = null,
public val clusterAdmissionRules: Output>? = null,
public val defaultAdmissionRule: Output? = null,
public val description: Output? = null,
public val globalPolicyEvaluationMode: Output? = null,
public val project: Output? = null,
) : ConvertibleToJava {
override fun toJava(): com.pulumi.gcp.binaryauthorization.PolicyArgs =
com.pulumi.gcp.binaryauthorization.PolicyArgs.builder()
.admissionWhitelistPatterns(
admissionWhitelistPatterns?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> args0.toJava() })
})
}),
)
.clusterAdmissionRules(
clusterAdmissionRules?.applyValue({ args0 ->
args0.map({ args0 ->
args0.let({ args0 -> args0.toJava() })
})
}),
)
.defaultAdmissionRule(
defaultAdmissionRule?.applyValue({ args0 ->
args0.let({ args0 ->
args0.toJava()
})
}),
)
.description(description?.applyValue({ args0 -> args0 }))
.globalPolicyEvaluationMode(globalPolicyEvaluationMode?.applyValue({ args0 -> args0 }))
.project(project?.applyValue({ args0 -> args0 })).build()
}
/**
* Builder for [PolicyArgs].
*/
@PulumiTagMarker
public class PolicyArgsBuilder internal constructor() {
private var admissionWhitelistPatterns: Output>? = null
private var clusterAdmissionRules: Output>? = null
private var defaultAdmissionRule: Output? = null
private var description: Output? = null
private var globalPolicyEvaluationMode: Output? = null
private var project: Output? = null
/**
* @param value A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
* image's admission requests will always be permitted regardless of your admission rules.
*/
@JvmName("txyevmsduxbnbeeo")
public suspend fun admissionWhitelistPatterns(`value`: Output>) {
this.admissionWhitelistPatterns = value
}
@JvmName("fsmxlslyryrxqyjn")
public suspend fun admissionWhitelistPatterns(vararg values: Output) {
this.admissionWhitelistPatterns = Output.all(values.asList())
}
/**
* @param values A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
* image's admission requests will always be permitted regardless of your admission rules.
*/
@JvmName("lifegdociqfjovlo")
public suspend fun admissionWhitelistPatterns(values: List>) {
this.admissionWhitelistPatterns = Output.all(values)
}
/**
* @param value Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
* must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
* denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
* location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
*/
@JvmName("bvbmarhbdbmiehof")
public suspend fun clusterAdmissionRules(`value`: Output>) {
this.clusterAdmissionRules = value
}
@JvmName("rwldrdygqobuipng")
public suspend fun clusterAdmissionRules(vararg values: Output) {
this.clusterAdmissionRules = Output.all(values.asList())
}
/**
* @param values Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
* must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
* denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
* location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
*/
@JvmName("ullkkuuccjqdrqrw")
public suspend fun clusterAdmissionRules(values: List>) {
this.clusterAdmissionRules = Output.all(values)
}
/**
* @param value Default admission rule for a cluster without a per-cluster admission
* rule.
* Structure is documented below.
*/
@JvmName("wdxtsaiofxtwoxhv")
public suspend fun defaultAdmissionRule(`value`: Output) {
this.defaultAdmissionRule = value
}
/**
* @param value A descriptive comment.
*/
@JvmName("rijnejyvcfrgxtpq")
public suspend fun description(`value`: Output) {
this.description = value
}
/**
* @param value Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not
* covered by the global policy will be subject to the project admission policy. Possible values: ["ENABLE", "DISABLE"]
*/
@JvmName("wjidefkibbewcxeq")
public suspend fun globalPolicyEvaluationMode(`value`: Output) {
this.globalPolicyEvaluationMode = value
}
/**
* @param value
*/
@JvmName("qraqyqiqncifyjkk")
public suspend fun project(`value`: Output) {
this.project = value
}
/**
* @param value A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
* image's admission requests will always be permitted regardless of your admission rules.
*/
@JvmName("tqoxsvpuehswywvt")
public suspend fun admissionWhitelistPatterns(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.admissionWhitelistPatterns = mapped
}
/**
* @param argument A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
* image's admission requests will always be permitted regardless of your admission rules.
*/
@JvmName("tshqgtyawueejnkt")
public suspend fun admissionWhitelistPatterns(argument: List Unit>) {
val toBeMapped = argument.toList().map {
PolicyAdmissionWhitelistPatternArgsBuilder().applySuspend { it() }.build()
}
val mapped = of(toBeMapped)
this.admissionWhitelistPatterns = mapped
}
/**
* @param argument A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
* image's admission requests will always be permitted regardless of your admission rules.
*/
@JvmName("qmubgdtdidifmomg")
public suspend fun admissionWhitelistPatterns(vararg argument: suspend PolicyAdmissionWhitelistPatternArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
PolicyAdmissionWhitelistPatternArgsBuilder().applySuspend { it() }.build()
}
val mapped = of(toBeMapped)
this.admissionWhitelistPatterns = mapped
}
/**
* @param argument A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
* image's admission requests will always be permitted regardless of your admission rules.
*/
@JvmName("kpvmgnwkifqbjldc")
public suspend fun admissionWhitelistPatterns(argument: suspend PolicyAdmissionWhitelistPatternArgsBuilder.() -> Unit) {
val toBeMapped = listOf(
PolicyAdmissionWhitelistPatternArgsBuilder().applySuspend {
argument()
}.build(),
)
val mapped = of(toBeMapped)
this.admissionWhitelistPatterns = mapped
}
/**
* @param values A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
* image's admission requests will always be permitted regardless of your admission rules.
*/
@JvmName("sojbyvkdeowfepue")
public suspend fun admissionWhitelistPatterns(vararg values: PolicyAdmissionWhitelistPatternArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.admissionWhitelistPatterns = mapped
}
/**
* @param value Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
* must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
* denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
* location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
*/
@JvmName("xcbbnqkijfkruivt")
public suspend fun clusterAdmissionRules(`value`: List?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.clusterAdmissionRules = mapped
}
/**
* @param argument Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
* must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
* denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
* location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
*/
@JvmName("dnuqgfjnbxgjakfi")
public suspend fun clusterAdmissionRules(argument: List Unit>) {
val toBeMapped = argument.toList().map {
PolicyClusterAdmissionRuleArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.clusterAdmissionRules = mapped
}
/**
* @param argument Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
* must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
* denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
* location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
*/
@JvmName("irgnbufmqavhhhwv")
public suspend fun clusterAdmissionRules(vararg argument: suspend PolicyClusterAdmissionRuleArgsBuilder.() -> Unit) {
val toBeMapped = argument.toList().map {
PolicyClusterAdmissionRuleArgsBuilder().applySuspend {
it()
}.build()
}
val mapped = of(toBeMapped)
this.clusterAdmissionRules = mapped
}
/**
* @param argument Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
* must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
* denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
* location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
*/
@JvmName("rjlevixisgxefdsu")
public suspend fun clusterAdmissionRules(argument: suspend PolicyClusterAdmissionRuleArgsBuilder.() -> Unit) {
val toBeMapped = listOf(
PolicyClusterAdmissionRuleArgsBuilder().applySuspend {
argument()
}.build(),
)
val mapped = of(toBeMapped)
this.clusterAdmissionRules = mapped
}
/**
* @param values Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
* must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
* denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
* location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
*/
@JvmName("xucdufeqtxydgrnl")
public suspend fun clusterAdmissionRules(vararg values: PolicyClusterAdmissionRuleArgs) {
val toBeMapped = values.toList()
val mapped = toBeMapped.let({ args0 -> of(args0) })
this.clusterAdmissionRules = mapped
}
/**
* @param value Default admission rule for a cluster without a per-cluster admission
* rule.
* Structure is documented below.
*/
@JvmName("tbxcctfvjnptoeys")
public suspend fun defaultAdmissionRule(`value`: PolicyDefaultAdmissionRuleArgs?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.defaultAdmissionRule = mapped
}
/**
* @param argument Default admission rule for a cluster without a per-cluster admission
* rule.
* Structure is documented below.
*/
@JvmName("akiseukkdefmrxuk")
public suspend fun defaultAdmissionRule(argument: suspend PolicyDefaultAdmissionRuleArgsBuilder.() -> Unit) {
val toBeMapped = PolicyDefaultAdmissionRuleArgsBuilder().applySuspend { argument() }.build()
val mapped = of(toBeMapped)
this.defaultAdmissionRule = mapped
}
/**
* @param value A descriptive comment.
*/
@JvmName("pgxnivjggsgglaee")
public suspend fun description(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.description = mapped
}
/**
* @param value Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not
* covered by the global policy will be subject to the project admission policy. Possible values: ["ENABLE", "DISABLE"]
*/
@JvmName("fyewnrplnwjcljvq")
public suspend fun globalPolicyEvaluationMode(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.globalPolicyEvaluationMode = mapped
}
/**
* @param value
*/
@JvmName("dhgavfswwrchiumd")
public suspend fun project(`value`: String?) {
val toBeMapped = value
val mapped = toBeMapped?.let({ args0 -> of(args0) })
this.project = mapped
}
internal fun build(): PolicyArgs = PolicyArgs(
admissionWhitelistPatterns = admissionWhitelistPatterns,
clusterAdmissionRules = clusterAdmissionRules,
defaultAdmissionRule = defaultAdmissionRule,
description = description,
globalPolicyEvaluationMode = globalPolicyEvaluationMode,
project = project,
)
}
