xref: /aosp_15_r20/external/googleapis/google/cloud/binaryauthorization/v1/binaryauthorization_v1.yaml (revision d5c09012810ac0c9f33fe448fb6da8260d444cc9) 
1type: google.api.Service
2config_version: 3
3name: binaryauthorization.googleapis.com
4title: Binary Authorization API
5
6apis:
7- name: google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1
8- name: google.cloud.binaryauthorization.v1.SystemPolicyV1
9- name: google.cloud.binaryauthorization.v1.ValidationHelperV1
10
11documentation:
12  summary: |-
13    The management interface for Binary Authorization, a system providing
14    policy control for images deployed to Kubernetes Engine clusters, Anthos
15    clusters on VMware, and Cloud Run.
16  rules:
17  - selector: google.iam.v1.IAMPolicy.GetIamPolicy
18    description: |-
19      Gets the access control policy for a resource. Returns an empty policy
20      if the resource exists and does not have a policy set.
21
22  - selector: google.iam.v1.IAMPolicy.SetIamPolicy
23    description: |-
24      Sets the access control policy on the specified resource. Replaces
25      any existing policy.
26
27      Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED`
28      errors.
29
30  - selector: google.iam.v1.IAMPolicy.TestIamPermissions
31    description: |-
32      Returns permissions that a caller has on the specified resource. If the
33      resource does not exist, this will return an empty set of
34      permissions, not a `NOT_FOUND` error.
35
36      Note: This operation is designed to be used for building
37      permission-aware UIs and command-line tools, not for authorization
38      checking. This operation may "fail open" without warning.
39
40http:
41  rules:
42  - selector: google.iam.v1.IAMPolicy.GetIamPolicy
43    get: '/v1/{resource=projects/*/policy}:getIamPolicy'
44    additional_bindings:
45    - get: '/v1/{resource=projects/*/attestors/*}:getIamPolicy'
46  - selector: google.iam.v1.IAMPolicy.SetIamPolicy
47    post: '/v1/{resource=projects/*/policy}:setIamPolicy'
48    body: '*'
49    additional_bindings:
50    - post: '/v1/{resource=projects/*/attestors/*}:setIamPolicy'
51      body: '*'
52  - selector: google.iam.v1.IAMPolicy.TestIamPermissions
53    post: '/v1/{resource=projects/*/policy}:testIamPermissions'
54    body: '*'
55    additional_bindings:
56    - post: '/v1/{resource=projects/*/attestors/*}:testIamPermissions'
57      body: '*'
58
59authentication:
60  rules:
61  - selector: 'google.cloud.binaryauthorization.v1.BinauthzManagementServiceV1.*'
62    oauth:
63      canonical_scopes: |-
64        https://www.googleapis.com/auth/cloud-platform
65  - selector: google.cloud.binaryauthorization.v1.SystemPolicyV1.GetSystemPolicy
66    oauth:
67      canonical_scopes: |-
68        https://www.googleapis.com/auth/cloud-platform
69  - selector: google.cloud.binaryauthorization.v1.ValidationHelperV1.ValidateAttestationOccurrence
70    oauth:
71      canonical_scopes: |-
72        https://www.googleapis.com/auth/cloud-platform
73  - selector: 'google.iam.v1.IAMPolicy.*'
74    oauth:
75      canonical_scopes: |-
76        https://www.googleapis.com/auth/cloud-platform
77