@@ -88,7 +88,16 @@ class Policy(proto.Message):
8888 """
8989
9090 class GlobalPolicyEvaluationMode (proto .Enum ):
91- r""""""
91+ r"""
92+
93+ Values:
94+ GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED (0):
95+ Not specified: DISABLE is assumed.
96+ ENABLE (1):
97+ Enables system policy evaluation.
98+ DISABLE (2):
99+ Disables system policy evaluation.
100+ """
92101 GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED = 0
93102 ENABLE = 1
94103 DISABLE = 2
@@ -214,7 +223,20 @@ class AdmissionRule(proto.Message):
214223 """
215224
216225 class EvaluationMode (proto .Enum ):
217- r""""""
226+ r"""
227+
228+ Values:
229+ EVALUATION_MODE_UNSPECIFIED (0):
230+ Do not use.
231+ ALWAYS_ALLOW (1):
232+ This rule allows all all pod creations.
233+ REQUIRE_ATTESTATION (2):
234+ This rule allows a pod creation if all the attestors listed
235+ in ``require_attestations_by`` have valid attestations for
236+ all of the images in the pod spec.
237+ ALWAYS_DENY (3):
238+ This rule denies all pod creations.
239+ """
218240 EVALUATION_MODE_UNSPECIFIED = 0
219241 ALWAYS_ALLOW = 1
220242 REQUIRE_ATTESTATION = 2
@@ -223,6 +245,17 @@ class EvaluationMode(proto.Enum):
223245 class EnforcementMode (proto .Enum ):
224246 r"""Defines the possible actions when a pod creation is denied by
225247 an admission rule.
248+
249+ Values:
250+ ENFORCEMENT_MODE_UNSPECIFIED (0):
251+ Do not use.
252+ ENFORCED_BLOCK_AND_AUDIT_LOG (1):
253+ Enforce the admission rule by blocking the
254+ pod creation.
255+ DRYRUN_AUDIT_LOG_ONLY (2):
256+ Dryrun mode: Audit logging only. This will
257+ allow the pod creation as if the admission
258+ request had specified break-glass.
226259 """
227260 ENFORCEMENT_MODE_UNSPECIFIED = 0
228261 ENFORCED_BLOCK_AND_AUDIT_LOG = 1
@@ -372,6 +405,44 @@ class SignatureAlgorithm(proto.Enum):
372405 algorithms. See https://cloud.google.com/kms/docs/algorithms. In
373406 the future, BinAuthz might support additional public key types
374407 independently of Tink and/or KMS.
408+
409+ Values:
410+ SIGNATURE_ALGORITHM_UNSPECIFIED (0):
411+ Not specified.
412+ RSA_PSS_2048_SHA256 (1):
413+ RSASSA-PSS 2048 bit key with a SHA256 digest.
414+ RSA_PSS_3072_SHA256 (2):
415+ RSASSA-PSS 3072 bit key with a SHA256 digest.
416+ RSA_PSS_4096_SHA256 (3):
417+ RSASSA-PSS 4096 bit key with a SHA256 digest.
418+ RSA_PSS_4096_SHA512 (4):
419+ RSASSA-PSS 4096 bit key with a SHA512 digest.
420+ RSA_SIGN_PKCS1_2048_SHA256 (5):
421+ RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
422+ RSA_SIGN_PKCS1_3072_SHA256 (6):
423+ RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
424+ RSA_SIGN_PKCS1_4096_SHA256 (7):
425+ RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
426+ RSA_SIGN_PKCS1_4096_SHA512 (8):
427+ RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
428+ ECDSA_P256_SHA256 (9):
429+ ECDSA on the NIST P-256 curve with a SHA256
430+ digest.
431+ EC_SIGN_P256_SHA256 (9):
432+ ECDSA on the NIST P-256 curve with a SHA256
433+ digest.
434+ ECDSA_P384_SHA384 (10):
435+ ECDSA on the NIST P-384 curve with a SHA384
436+ digest.
437+ EC_SIGN_P384_SHA384 (10):
438+ ECDSA on the NIST P-384 curve with a SHA384
439+ digest.
440+ ECDSA_P521_SHA512 (11):
441+ ECDSA on the NIST P-521 curve with a SHA512
442+ digest.
443+ EC_SIGN_P521_SHA512 (11):
444+ ECDSA on the NIST P-521 curve with a SHA512
445+ digest.
375446 """
376447 _pb_options = {"allow_alias" : True }
377448 SIGNATURE_ALGORITHM_UNSPECIFIED = 0
0 commit comments