Reference documentation and code samples for the Google Cloud Binary Authorization V1 Client class AdmissionRule.
Anadmission rulespecifies either that all container images
used in a pod creation request must be attested to by one or moreattestors, that all pod creations will be allowed, or that all
pod creations will be denied.
Images matching anadmission allowlist patternare exempted from admission rules and will never block a pod creation.
Generated from protobuf messagegoogle.cloud.binaryauthorization.v1.AdmissionRule
Namespace
Google \ Cloud \ BinaryAuthorization \ V1
Methods
__construct
Constructor.
Parameters
Name
Description
data
array
Optional. Data for populating the Message object.
↳ evaluation_mode
int
Required. How this admission rule will be evaluated.
↳ require_attestations_by
array
Optional. The resource names of the attestors that must attest to a container image, in the formatprojects/*/attestors/*. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource. Note: this field must be non-empty when the evaluation_mode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.
↳ enforcement_mode
int
Required. The action when a pod creation is denied by the admission rule.
getEvaluationMode
Required. How this admission rule will be evaluated.
Returns
Type
Description
int
Enum of typeEvaluationMode.
setEvaluationMode
Required. How this admission rule will be evaluated.
Parameter
Name
Description
var
int
Enum of typeEvaluationMode.
Returns
Type
Description
$this
getRequireAttestationsBy
Optional. The resource names of the attestors that must attest to
a container image, in the formatprojects/*/attestors/*. Each
attestor must exist before a policy can reference it. To add an attestor
to a policy the principal issuing the policy change request must be able
to read the attestor resource.
Note: this field must be non-empty when the evaluation_mode field specifies
REQUIRE_ATTESTATION, otherwise it must be empty.
Optional. The resource names of the attestors that must attest to
a container image, in the formatprojects/*/attestors/*. Each
attestor must exist before a policy can reference it. To add an attestor
to a policy the principal issuing the policy change request must be able
to read the attestor resource.
Note: this field must be non-empty when the evaluation_mode field specifies
REQUIRE_ATTESTATION, otherwise it must be empty.
Parameter
Name
Description
var
string[]
Returns
Type
Description
$this
getEnforcementMode
Required. The action when a pod creation is denied by the admission rule.
Returns
Type
Description
int
Enum of typeEnforcementMode.
setEnforcementMode
Required. The action when a pod creation is denied by the admission rule.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Hard to understand","hardToUnderstand","thumb-down"],["Incorrect information or sample code","incorrectInformationOrSampleCode","thumb-down"],["Missing the information/samples I need","missingTheInformationSamplesINeed","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-09-09 UTC."],[],[],null,["# Google Cloud Binary Authorization V1 Client - Class AdmissionRule (1.0.5)\n\nVersion latestkeyboard_arrow_down\n\n- [1.0.5 (latest)](/php/docs/reference/cloud-binary-authorization/latest/V1.AdmissionRule)\n- [1.0.4](/php/docs/reference/cloud-binary-authorization/1.0.4/V1.AdmissionRule)\n- [0.8.7](/php/docs/reference/cloud-binary-authorization/0.8.7/V1.AdmissionRule)\n- [0.7.0](/php/docs/reference/cloud-binary-authorization/0.7.0/V1.AdmissionRule)\n- [0.6.1](/php/docs/reference/cloud-binary-authorization/0.6.1/V1.AdmissionRule)\n- [0.5.13](/php/docs/reference/cloud-binary-authorization/0.5.13/V1.AdmissionRule) \nReference documentation and code samples for the Google Cloud Binary Authorization V1 Client class AdmissionRule.\n\nAn [admission rule](/php/docs/reference/cloud-binary-authorization/latest/V1.AdmissionRule) specifies either that all container images\nused in a pod creation request must be attested to by one or more\n[attestors](/php/docs/reference/cloud-binary-authorization/latest/V1.Attestor), that all pod creations will be allowed, or that all\npod creations will be denied.\n\nImages matching an [admission allowlist pattern](/php/docs/reference/cloud-binary-authorization/latest/V1.AdmissionWhitelistPattern)\nare exempted from admission rules and will never block a pod creation.\n\nGenerated from protobuf message `google.cloud.binaryauthorization.v1.AdmissionRule`\n\nNamespace\n---------\n\nGoogle \\\\ Cloud \\\\ BinaryAuthorization \\\\ V1\n\nMethods\n-------\n\n### __construct\n\nConstructor.\n\n### getEvaluationMode\n\nRequired. How this admission rule will be evaluated.\n\n### setEvaluationMode\n\nRequired. How this admission rule will be evaluated.\n\n### getRequireAttestationsBy\n\nOptional. The resource names of the attestors that must attest to\na container image, in the format `projects/*/attestors/*`. Each\nattestor must exist before a policy can reference it. To add an attestor\nto a policy the principal issuing the policy change request must be able\nto read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field specifies\nREQUIRE_ATTESTATION, otherwise it must be empty.\n\n### setRequireAttestationsBy\n\nOptional. The resource names of the attestors that must attest to\na container image, in the format `projects/*/attestors/*`. Each\nattestor must exist before a policy can reference it. To add an attestor\nto a policy the principal issuing the policy change request must be able\nto read the attestor resource.\n\nNote: this field must be non-empty when the evaluation_mode field specifies\nREQUIRE_ATTESTATION, otherwise it must be empty.\n\n### getEnforcementMode\n\nRequired. The action when a pod creation is denied by the admission rule.\n\n### setEnforcementMode\n\nRequired. The action when a pod creation is denied by the admission rule."]]
