📄 Source: GkePolicy.php
<?php
/*
* Copyright 2014 Google Inc.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not
* use this file except in compliance with the License. You may obtain a copy of
* the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations under
* the License.
*/
namespace Google\Service\BinaryAuthorization;
class GkePolicy extends \Google\Collection
{
protected $collection_key = 'checkSets';
protected $checkSetsType = CheckSet::class;
protected $checkSetsDataType = 'array';
protected $imageAllowlistType = ImageAllowlist::class;
protected $imageAllowlistDataType = '';
/**
* Optional. The `CheckSet` objects to apply, scoped by namespace or namespace
* and service account. Exactly one `CheckSet` will be evaluated for a given
* Pod (unless the list is empty, in which case the behavior is "always
* allow"). If multiple `CheckSet` objects have scopes that match the
* namespace and service account of the Pod being evaluated, only the
* `CheckSet` with the MOST SPECIFIC scope will match. `CheckSet` objects must
* be listed in order of decreasing specificity, i.e. if a scope matches a
* given service account (which must include the namespace), it must come
* before a `CheckSet` with a scope matching just that namespace. This
* property is enforced by server-side validation. The purpose of this
* restriction is to ensure that if more than one `CheckSet` matches a given
* Pod, the `CheckSet` that will be evaluated will always be the first in the
* list to match (because if any other matches, it must be less specific). If
* `check_sets` is empty, the default behavior is to allow all images. If
* `check_sets` is non-empty, the last `check_sets` entry must always be a
* `CheckSet` with no scope set, i.e. a catchall to handle any situation not
* caught by the preceding `CheckSet` objects.
*
* @param CheckSet[] $checkSets
*/
public function setCheckSets($checkSets)
{
$this->checkSets = $checkSets;
}
/**
* @return CheckSet[]
*/
public function getCheckSets()
{
return $this->checkSets;
}
/**
* Optional. Images exempted from this policy. If any of the patterns match
* the image being evaluated, the rest of the policy will not be evaluated.
*
* @param ImageAllowlist $imageAllowlist
*/
public function setImageAllowlist(ImageAllowlist $imageAllowlist)
{
$this->imageAllowlist = $imageAllowlist;
}
/**
* @return ImageAllowlist
*/
public function getImageAllowlist()
{
return $this->imageAllowlist;
}
}
// Adding a class alias for backwards compatibility with the previous class name.
class_alias(GkePolicy::class, 'Google_Service_BinaryAuthorization_GkePolicy');
← Back