pulumi-gcp-kotlin/com.pulumi.gcp.binaryauthorization.kotlin.inputs/PolicyClusterAdmissionRuleArgs

PolicyClusterAdmissionRuleArgs

data class PolicyClusterAdmissionRuleArgs(val cluster: Output<String>, val enforcementMode: Output<String>, val evaluationMode: Output<String>, val requireAttestationsBies: Output<List<String>>? = null) : ConvertibleToJava<PolicyClusterAdmissionRuleArgs>

Constructors

Link copied to clipboard
constructor(cluster: Output<String>, enforcementMode: Output<String>, evaluationMode: Output<String>, requireAttestationsBies: Output<List<String>>? = null)

Properties

Link copied to clipboard
val cluster: Output<String>

The identifier for this object. Format specified above.

Link copied to clipboard
val enforcementMode: Output<String>

The action when a pod creation is denied by the admission rule. Possible values are: ENFORCED_BLOCK_AND_AUDIT_LOG, DRYRUN_AUDIT_LOG_ONLY.

Link copied to clipboard
val evaluationMode: Output<String>

How this admission rule will be evaluated. Possible values are: ALWAYS_ALLOW, REQUIRE_ATTESTATION, ALWAYS_DENY.

Link copied to clipboard
val requireAttestationsBies: Output<List<String>>? = null

The resource names of the attestors that must attest to a container image. If the attestor is in a different project from the policy, it should be specified in the format projects/*/attestors/*. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource. Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty. //

Functions

Link copied to clipboard
open override fun toJava(): PolicyClusterAdmissionRuleArgs