feat: Adds a pod_namespace field to pod events created by Continuous Validation, to distinguish pods with the same name that run in different namespaces

Committer: @tswift242 PiperOrigin-RevId: 455380856
3 years ago · 1cbacff2f2
parent a9969d336b
commit 1cbacff2f2
1 changed files with 12 additions and 9 deletions
--- a/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto
+++ b/google/cloud/binaryauthorization/v1beta1/continuous_validation_logging.proto
@ -1,4 +1,4 @@
-// Copyright 2021 Google LLC
+// Copyright 2022 Google LLC
 //
 // Licensed under the Apache License, Version 2.0 (the "License");
 // you may not use this file except in compliance with the License.
@ -31,6 +31,15 @@ option ruby_package = "Google::Cloud::BinaryAuthorization::V1beta1";
 message ContinuousValidationEvent {
  // An auditing event for one Pod.
  message ContinuousValidationPodEvent {
+    // Audit time policy conformance verdict.
+    enum PolicyConformanceVerdict {
+      // We should always have a verdict. This is an error.
+      POLICY_CONFORMANCE_VERDICT_UNSPECIFIED = 0;
+
+      // The pod violates the policy.
+      VIOLATES_POLICY = 1;
+    }
+
    // Container image with auditing details.
    message ImageDetails {
      // Result of the audit.
@ -55,14 +64,8 @@ message ContinuousValidationEvent {
      string description = 3;
    }

-    // Audit time policy conformance verdict.
-    enum PolicyConformanceVerdict {
-      // We should always have a verdict. This is an error.
-      POLICY_CONFORMANCE_VERDICT_UNSPECIFIED = 0;
-
-      // The pod violates the policy.
-      VIOLATES_POLICY = 1;
-    }
+    // The k8s namespace of the Pod.
+    string pod_namespace = 7;

    // The name of the Pod.
    string pod = 1;