You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: clients/binary_authorization/lib/google_api/binary_authorization/v1/model/verification_rule.ex
+3Lines changed: 3 additions & 0 deletions
Original file line number
Diff line number
Diff line change
@@ -23,6 +23,7 @@ defmodule GoogleApi.BinaryAuthorization.V1.Model.VerificationRule do
23
23
24
24
* `attestationSource` (*type:* `GoogleApi.BinaryAuthorization.V1.Model.AttestationSource.t`, *default:* `nil`) - Specifies where to fetch the provenances attestations generated by the builder (group).
25
25
* `configBasedBuildRequired` (*type:* `boolean()`, *default:* `nil`) - If true, require the image to be built from a top-level configuration. `trusted_source_repo_patterns` specifies the repositories containing this configuration.
26
+
* `customConstraints` (*type:* `String.t`, *default:* `nil`) - Optional. A CEL expression for specifying custom constraints on the provenance payload. This can be used when users want to specify expectations on provenance fields that are not covered by the general check. For example, users can use this field to require that certain parameters should never be used during the build process.
26
27
* `trustedBuilder` (*type:* `String.t`, *default:* `nil`) - Each verification rule is used for evaluation against provenances generated by a specific builder (group). For some of the builders, such as the Google Cloud Build, users don't need to explicitly specify their roots of trust in the policy since the evaluation service can automatically fetch them based on the builder (group).
27
28
* `trustedSourceRepoPatterns` (*type:* `list(String.t)`, *default:* `nil`) - List of trusted source code repository URL patterns. These patterns match the full repository URL without its scheme (e.g. `https://`). The patterns must not include schemes. For example, the pattern `source.cloud.google.com/my-project/my-repo-name` matches the following URLs: - `source.cloud.google.com/my-project/my-repo-name` - `git+ssh://source.cloud.google.com/my-project/my-repo-name` - `https://source.cloud.google.com/my-project/my-repo-name` A pattern matches a URL either exactly or with `*` wildcards. `*` can be used in only two ways: 1. trailing `*` after hosturi/ to match varying endings; 2. trailing `**` after hosturi/ to match `/` as well. `*` and `**` can only be used as wildcards and can only occur at the end of the pattern after a `/`. (So it's not possible to match a URL that contains literal `*`.) For example: - `github.com/my-project/my-repo` is valid to match a single repo - `github.com/my-project/*` will match all direct repos in `my-project` - `github.com/**` matches all repos in GitHub
28
29
"""
@@ -33,12 +34,14 @@ defmodule GoogleApi.BinaryAuthorization.V1.Model.VerificationRule do
0 commit comments