100 lines
3.0 KiB
100 lines
3.0 KiB
// Copyright 2022 Google LLC |
|
// |
|
// Licensed under the Apache License, Version 2.0 (the "License"); |
|
// you may not use this file except in compliance with the License. |
|
// You may obtain a copy of the License at |
|
// |
|
// http://www.apache.org/licenses/LICENSE-2.0 |
|
// |
|
// Unless required by applicable law or agreed to in writing, software |
|
// distributed under the License is distributed on an "AS IS" BASIS, |
|
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
|
// See the License for the specific language governing permissions and |
|
// limitations under the License. |
|
|
|
syntax = "proto3"; |
|
|
|
package google.cloud.binaryauthorization.v1beta1; |
|
|
|
import "google/protobuf/timestamp.proto"; |
|
|
|
option cc_enable_arenas = true; |
|
option csharp_namespace = "Google.Cloud.BinaryAuthorization.V1Beta1"; |
|
option go_package = "google.golang.org/genproto/googleapis/cloud/binaryauthorization/v1beta1;binaryauthorization"; |
|
option java_multiple_files = true; |
|
option java_outer_classname = "ContinuousValidationLoggingProto"; |
|
option java_package = "com.google.cloud.binaryauthorization.v1beta1"; |
|
option php_namespace = "Google\\Cloud\\BinaryAuthorization\\V1beta1"; |
|
option ruby_package = "Google::Cloud::BinaryAuthorization::V1beta1"; |
|
|
|
// Represents an auditing event from Continuous Validation. |
|
message ContinuousValidationEvent { |
|
// An auditing event for one Pod. |
|
message ContinuousValidationPodEvent { |
|
// Audit time policy conformance verdict. |
|
enum PolicyConformanceVerdict { |
|
// We should always have a verdict. This is an error. |
|
POLICY_CONFORMANCE_VERDICT_UNSPECIFIED = 0; |
|
|
|
// The pod violates the policy. |
|
VIOLATES_POLICY = 1; |
|
} |
|
|
|
// Container image with auditing details. |
|
message ImageDetails { |
|
// Result of the audit. |
|
enum AuditResult { |
|
// Unspecified result. This is an error. |
|
AUDIT_RESULT_UNSPECIFIED = 0; |
|
|
|
// Image is allowed. |
|
ALLOW = 1; |
|
|
|
// Image is denied. |
|
DENY = 2; |
|
} |
|
|
|
// The name of the image. |
|
string image = 1; |
|
|
|
// The result of the audit for this image. |
|
AuditResult result = 2; |
|
|
|
// Description of the above result. |
|
string description = 3; |
|
} |
|
|
|
// The k8s namespace of the Pod. |
|
string pod_namespace = 7; |
|
|
|
// The name of the Pod. |
|
string pod = 1; |
|
|
|
// Deploy time of the Pod from k8s. |
|
google.protobuf.Timestamp deploy_time = 2; |
|
|
|
// Termination time of the Pod from k8s, or nothing if still running. |
|
google.protobuf.Timestamp end_time = 3; |
|
|
|
// Auditing verdict for this Pod. |
|
PolicyConformanceVerdict verdict = 4; |
|
|
|
// List of images with auditing details. |
|
repeated ImageDetails images = 5; |
|
} |
|
|
|
// An event describing that the project policy is unsupported by CV. |
|
message UnsupportedPolicyEvent { |
|
// A description of the unsupported policy. |
|
string description = 1; |
|
} |
|
|
|
// Type of CV event. |
|
oneof event_type { |
|
// Pod event. |
|
ContinuousValidationPodEvent pod_event = 1; |
|
|
|
// Unsupported policy event. |
|
UnsupportedPolicyEvent unsupported_policy_event = 2; |
|
} |
|
}
|
|
|