mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-04 17:51:11 +00:00
Fix docs for BinAuth Policy cluster_admission_rules (#2125)
<!-- This change is generated by MagicModules. --> /cc @rileykarson
This commit is contained in:
parent
10af01f76e
commit
063f1ba4b1
@ -108,17 +108,21 @@ The `default_admission_rule` block supports:
|
|||||||
|
|
||||||
* `admission_whitelist_patterns` -
|
* `admission_whitelist_patterns` -
|
||||||
(Optional)
|
(Optional)
|
||||||
Admission policy whitelisting. A matching admission request will
|
A whitelist of image patterns to exclude from admission rules. If an
|
||||||
always be permitted. This feature is typically used to exclude Google
|
image's name matches a whitelist pattern, the image's admission
|
||||||
or third-party infrastructure images from Binary Authorization
|
requests will always be permitted regardless of your admission rules. Structure is documented below.
|
||||||
policies. Structure is documented below.
|
|
||||||
|
|
||||||
* `cluster_admission_rules` -
|
* `cluster_admission_rules` -
|
||||||
(Optional)
|
(Optional)
|
||||||
Admission policy whitelisting. A matching admission request will
|
Per-cluster admission rules. An admission rule specifies either that
|
||||||
always be permitted. This feature is typically used to exclude Google
|
all container images used in a pod creation request must be attested
|
||||||
or third-party infrastructure images from Binary Authorization
|
to by one or more attestors, that all pod creations will be allowed,
|
||||||
policies.
|
or that all pod creations will be denied. There can be at most one
|
||||||
|
admission rule per cluster spec.
|
||||||
|
|
||||||
|
Identifier format: `{{location}}.{{clusterId}}`.
|
||||||
|
A location is either a compute zone (e.g. `us-central1-a`) or a region
|
||||||
|
(e.g. `us-central1`). Structure is documented below.
|
||||||
* `project` - (Optional) The ID of the project in which the resource belongs.
|
* `project` - (Optional) The ID of the project in which the resource belongs.
|
||||||
If it is not provided, the provider project is used.
|
If it is not provided, the provider project is used.
|
||||||
|
|
||||||
@ -134,6 +138,8 @@ The `admission_whitelist_patterns` block supports:
|
|||||||
|
|
||||||
The `cluster_admission_rules` block supports:
|
The `cluster_admission_rules` block supports:
|
||||||
|
|
||||||
|
* `cluster` - (Required) The identifier for this object. Format specified above.
|
||||||
|
|
||||||
* `evaluation_mode` -
|
* `evaluation_mode` -
|
||||||
(Optional)
|
(Optional)
|
||||||
How this admission rule will be evaluated.
|
How this admission rule will be evaluated.
|
||||||
|
Loading…
Reference in New Issue
Block a user