Skip to content

Commit 9a4f139

Browse files
gcf-owl-bot[bot]gcf-owl-bot[bot]
authored
feat: [container] Add preview support for monitoring a cluster's pods for compliance with a provided Binary Authorization platform policy via Binary Authorization Continuous Validation (#4541)
* feat: Add preview support for monitoring a cluster's pods for compliance with a provided Binary Authorization platform policy via Binary Authorization Continuous Validation PiperOrigin-RevId: 555745169 Source-Link: googleapis/googleapis@2edfcad Source-Link: googleapis/googleapis-gen@cf19791 Copy-Tag: eyJwIjoicGFja2FnZXMvZ29vZ2xlLWNvbnRhaW5lci8uT3dsQm90LnlhbWwiLCJoIjoiY2YxOTc5MWQ4MmViZjU2OTE3YmY2YjcwNGYyNzRhNGNjNWQ4OTU0NiJ9 * 🦉 Updates from OwlBot post-processor See https://github.com/googleapis/repo-automation-bots/blob/main/packages/owl-bot/README.md --------- Co-authored-by: Owl Bot <gcf-owl-bot[bot]@users.noreply.github.com>
1 parent f2b87b4 commit 9a4f139

4 files changed

Lines changed: 437 additions & 2 deletions

File tree

packages/google-container/protos/google/container/v1beta1/cluster_service.proto

Lines changed: 19 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1730,6 +1730,21 @@ message BinaryAuthorization {
17301730
// project's singleton policy. This is equivalent to setting the
17311731
// enabled boolean to true.
17321732
PROJECT_SINGLETON_POLICY_ENFORCE = 2;
1733+
1734+
// Use Binary Authorization with the policies specified in policy_bindings.
1735+
POLICY_BINDINGS = 5;
1736+
1737+
// Use Binary Authorization with the policies specified in policy_bindings,
1738+
// and also with the project's singleton policy in enforcement mode.
1739+
POLICY_BINDINGS_AND_PROJECT_SINGLETON_POLICY_ENFORCE = 6;
1740+
}
1741+
1742+
// Binauthz policy that applies to this cluster.
1743+
message PolicyBinding {
1744+
// The relative resource name of the binauthz platform policy to audit. GKE
1745+
// platform policies have the following format:
1746+
// `projects/{project_number}/platforms/gke/policies/{policy_id}`.
1747+
optional string name = 1;
17331748
}
17341749

17351750
// This field is deprecated. Leave this unset and instead configure
@@ -1740,6 +1755,10 @@ message BinaryAuthorization {
17401755
// Mode of operation for binauthz policy evaluation. If unspecified, defaults
17411756
// to DISABLED.
17421757
EvaluationMode evaluation_mode = 2;
1758+
1759+
// Optional. Binauthz policies that apply to this cluster.
1760+
repeated PolicyBinding policy_bindings = 5
1761+
[(google.api.field_behavior) = OPTIONAL];
17431762
}
17441763

17451764
// Configuration for the PodSecurityPolicy feature.

packages/google-container/protos/protos.d.ts

Lines changed: 109 additions & 1 deletion
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)