Google Binary Authorization Policy

This page shows how to write Terraform for Binary Authorization Policy and write them securely.

code-icon

Fix issues in your cloud & app configurations

Test for misconfigurations of this resource in your cloud.

get-started-button

Terraform Example (google_binary_authorization_policy)

A policy for container image binary authorization. To get more information about Policy, see:

Parameters

  • description optional - string
    • A descriptive comment.

  • global_policy_evaluation_mode optionalcomputed - string
    • Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. Possible values: ["ENABLE", "DISABLE"]

  • id optionalcomputed - string
  • project optionalcomputed - string

Example Usage (from GitHub)

github-iconrosmo/gke-commonground-haven
resource "google_binary_authorization_policy" "binauthz-policy" {
  project = var.project_id

  dynamic "admission_whitelist_patterns" {
    for_each = var.compliance_testing_use ? concat(var.admission_allowlist, local.compliance_containers) : var.admission_allowlist
    content {
github-iconniveklabs/google
resource "google_binary_authorization_policy" "this" {
  description                   = var.description
  global_policy_evaluation_mode = var.global_policy_evaluation_mode
  project                       = var.project

  dynamic "admission_whitelist_patterns" {
github-iconmathieu-benoit/mygkecluster
resource "google_binary_authorization_policy" "policy" {
    admission_whitelist_patterns {
        name_pattern = "$region-docker.pkg.dev/$projectId/$containerRegistryName/*"
    }

    default_admission_rule {

Frequently asked questions

What is Google Binary Authorization Policy?

Google Binary Authorization Policy is a resource for Binary Authorization of Google Cloud Platform. Settings can be wrote in Terraform.

Where can I find the example code for the Google Binary Authorization Policy?

For Terraform, the rosmo/gke-commonground-haven, niveklabs/google and mathieu-benoit/mygkecluster source code examples are useful. See the Terraform Example section for further details.