--- title: Getting Started with Datadog description: Datadog, the leading service for cloud-scale monitoring. breadcrumbs: Docs > Infrastructure > Datadog Resource Catalog --- # gcp_binaryauthorization_policy{% #gcp_binaryauthorization_policy %} ## `admission_whitelist_patterns`{% #admission_whitelist_patterns %} **Type**: `UNORDERED_LIST_STRUCT`**Provider name**: `admissionWhitelistPatterns`**Description**: Optional. Admission policy allowlisting. A matching admission request will always be permitted. This feature is typically used to exclude Google or third-party infrastructure images from Binary Authorization policies. - `name_pattern`**Type**: `STRING`**Provider name**: `namePattern`**Description**: An image name pattern to allowlist, in the form `registry/path/to/image`. This supports a trailing `*` wildcard, but this is allowed only in text after the `registry/` part. This also supports a trailing `**` wildcard which matches subdirectories of a given entry. ## `ancestors`{% #ancestors %} **Type**: `UNORDERED_LIST_STRING` ## `default_admission_rule`{% #default_admission_rule %} **Type**: `STRUCT`**Provider name**: `defaultAdmissionRule`**Description**: Required. Default admission rule for a cluster without a per-cluster, per- kubernetes-service-account, or per-istio-service-identity admission rule. - `enforcement_mode`**Type**: `STRING`**Provider name**: `enforcementMode`**Description**: Required. The action when a pod creation is denied by the admission rule.**Possible values**: - `ENFORCEMENT_MODE_UNSPECIFIED` - Do not use. - `ENFORCED_BLOCK_AND_AUDIT_LOG` - Enforce the admission rule by blocking the pod creation. - `DRYRUN_AUDIT_LOG_ONLY` - Dryrun mode: Audit logging only. This will allow the pod creation as if the admission request had specified break-glass. - `evaluation_mode`**Type**: `STRING`**Provider name**: `evaluationMode`**Description**: Required. How this admission rule will be evaluated.**Possible values**: - `EVALUATION_MODE_UNSPECIFIED` - Do not use. - `ALWAYS_ALLOW` - This rule allows all pod creations. - `REQUIRE_ATTESTATION` - This rule allows a pod creation if all the attestors listed in `require_attestations_by` have valid attestations for all of the images in the pod spec. - `ALWAYS_DENY` - This rule denies all pod creations. - `require_attestations_by`**Type**: `UNORDERED_LIST_STRING`**Provider name**: `requireAttestationsBy`**Description**: Optional. The resource names of the attestors that must attest to a container image, in the format `projects/*/attestors/*`. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource. Note: this field must be non-empty when the `evaluation_mode` field specifies `REQUIRE_ATTESTATION`, otherwise it must be empty. ## `description`{% #description %} **Type**: `STRING`**Provider name**: `description`**Description**: Optional. A descriptive comment. ## `etag`{% #etag %} **Type**: `STRING`**Provider name**: `etag`**Description**: Optional. A checksum, returned by the server, that can be sent on update requests to ensure the policy has an up-to-date value before attempting to update it. See [https://google.aip.dev/154](https://google.aip.dev/154). ## `global_policy_evaluation_mode`{% #global_policy_evaluation_mode %} **Type**: `STRING`**Provider name**: `globalPolicyEvaluationMode`**Description**: Optional. Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. This setting has no effect when specified inside a global admission policy.**Possible values**: - `GLOBAL_POLICY_EVALUATION_MODE_UNSPECIFIED` - Not specified: `DISABLE` is assumed. - `ENABLE` - Enables system policy evaluation. - `DISABLE` - Disables system policy evaluation. ## `labels`{% #labels %} **Type**: `UNORDERED_LIST_STRING` ## `name`{% #name %} **Type**: `STRING`**Provider name**: `name`**Description**: Output only. The resource name, in the format `projects/*/policy`. There is at most one policy per project. ## `organization_id`{% #organization_id %} **Type**: `STRING` ## `parent`{% #parent %} **Type**: `STRING` ## `project_id`{% #project_id %} **Type**: `STRING` ## `project_number`{% #project_number %} **Type**: `STRING` ## `region_id`{% #region_id %} **Type**: `STRING` ## `resource_name`{% #resource_name %} **Type**: `STRING` ## `tags`{% #tags %} **Type**: `UNORDERED_LIST_STRING` ## `update_time`{% #update_time %} **Type**: `TIMESTAMP`**Provider name**: `updateTime`**Description**: Output only. Time when the policy was last updated. ## `zone_id`{% #zone_id %} **Type**: `STRING`