Google Cloud Binary Authorization · Capability

Google Cloud Binary Authorization API

The Binary Authorization API provides deploy-time security controls for container images on Google Cloud. It enables management of policies, attestors, and attestations to ensure only trusted container images are deployed to GKE, Cloud Run, and Anthos environments.

Run with Naftiko GoogleCloudBinaryAuthorizationAPI

What You Can Do

GET
Getpolicy — Google Cloud Binary Authorization Get project policy
/projects/{projectId}/policy
PUT
Updatepolicy — Google Cloud Binary Authorization Update project policy
/projects/{projectId}/policy
GET
Listattestors — Google Cloud Binary Authorization List attestors
/projects/{projectId}/attestors
POST
Createattestor — Google Cloud Binary Authorization Create an attestor
/projects/{projectId}/attestors
GET
Getattestor — Google Cloud Binary Authorization Get an attestor
/projects/{projectId}/attestors/{attestorId}
PUT
Updateattestor — Google Cloud Binary Authorization Update an attestor
/projects/{projectId}/attestors/{attestorId}
DELETE
Deleteattestor — Google Cloud Binary Authorization Delete an attestor
/projects/{projectId}/attestors/{attestorId}
POST
Validateattestationoccurrence — Google Cloud Binary Authorization Validate attestation occurrence
/projects/{projectId}/attestors/{attestorId}:validateAttestationOccurrence

MCP Tools

getpolicy

Google Cloud Binary Authorization Get project policy

read-only idempotent
updatepolicy

Google Cloud Binary Authorization Update project policy

idempotent
listattestors

Google Cloud Binary Authorization List attestors

read-only idempotent
createattestor

Google Cloud Binary Authorization Create an attestor

getattestor

Google Cloud Binary Authorization Get an attestor

read-only idempotent
updateattestor

Google Cloud Binary Authorization Update an attestor

idempotent
deleteattestor

Google Cloud Binary Authorization Delete an attestor

idempotent
validateattestationoccurrence

Google Cloud Binary Authorization Validate attestation occurrence

Capability Spec

google-cloud-binary-authorization-capability.yaml Raw ↑ 
naftiko: 1.0.0-alpha2
info:
  label: Google Cloud Binary Authorization API
  description: The Binary Authorization API provides deploy-time security controls for container images on Google Cloud. It
    enables management of policies, attestors, and attestations to ensure only trusted container images are deployed to GKE,
    Cloud Run, and Anthos environments.
  tags:
  - Google
  - Cloud
  - Binary
  - Authorization
  - API
  created: '2026-05-06'
  modified: '2026-05-06'
capability:
  consumes:
  - type: http
    namespace: google-cloud-binary-authorization
    baseUri: https://binaryauthorization.googleapis.com/v1
    description: Google Cloud Binary Authorization API HTTP API.
    authentication:
      type: bearer
      token: '{{GOOGLE_CLOUD_BINARY_AUTHORIZATION_TOKEN}}'
    resources:
    - name: projects-projectid-policy
      path: /projects/{projectId}/policy
      operations:
      - name: getpolicy
        method: GET
        description: Google Cloud Binary Authorization Get project policy
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updatepolicy
        method: PUT
        description: Google Cloud Binary Authorization Update project policy
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: projects-projectid-attestors
      path: /projects/{projectId}/attestors
      operations:
      - name: listattestors
        method: GET
        description: Google Cloud Binary Authorization List attestors
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: createattestor
        method: POST
        description: Google Cloud Binary Authorization Create an attestor
        inputParameters:
        - name: attestorId
          in: query
          type: string
          required: true
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: projects-projectid-attestors-attestorid
      path: /projects/{projectId}/attestors/{attestorId}
      operations:
      - name: getattestor
        method: GET
        description: Google Cloud Binary Authorization Get an attestor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: updateattestor
        method: PUT
        description: Google Cloud Binary Authorization Update an attestor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
      - name: deleteattestor
        method: DELETE
        description: Google Cloud Binary Authorization Delete an attestor
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
    - name: projects-projectid-attestors-attestorid-validate
      path: /projects/{projectId}/attestors/{attestorId}:validateAttestationOccurrence
      operations:
      - name: validateattestationoccurrence
        method: POST
        description: Google Cloud Binary Authorization Validate attestation occurrence
        outputRawFormat: json
        outputParameters:
        - name: result
          type: object
          value: $.
  exposes:
  - type: rest
    port: 8080
    namespace: google-cloud-binary-authorization-rest
    description: REST adapter for Google Cloud Binary Authorization API.
    resources:
    - path: /projects/{projectId}/policy
      name: getpolicy
      operations:
      - method: GET
        name: getpolicy
        description: Google Cloud Binary Authorization Get project policy
        call: google-cloud-binary-authorization.getpolicy
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/policy
      name: updatepolicy
      operations:
      - method: PUT
        name: updatepolicy
        description: Google Cloud Binary Authorization Update project policy
        call: google-cloud-binary-authorization.updatepolicy
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/attestors
      name: listattestors
      operations:
      - method: GET
        name: listattestors
        description: Google Cloud Binary Authorization List attestors
        call: google-cloud-binary-authorization.listattestors
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/attestors
      name: createattestor
      operations:
      - method: POST
        name: createattestor
        description: Google Cloud Binary Authorization Create an attestor
        call: google-cloud-binary-authorization.createattestor
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/attestors/{attestorId}
      name: getattestor
      operations:
      - method: GET
        name: getattestor
        description: Google Cloud Binary Authorization Get an attestor
        call: google-cloud-binary-authorization.getattestor
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/attestors/{attestorId}
      name: updateattestor
      operations:
      - method: PUT
        name: updateattestor
        description: Google Cloud Binary Authorization Update an attestor
        call: google-cloud-binary-authorization.updateattestor
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/attestors/{attestorId}
      name: deleteattestor
      operations:
      - method: DELETE
        name: deleteattestor
        description: Google Cloud Binary Authorization Delete an attestor
        call: google-cloud-binary-authorization.deleteattestor
        outputParameters:
        - type: object
          mapping: $.
    - path: /projects/{projectId}/attestors/{attestorId}:validateAttestationOccurrence
      name: validateattestationoccurrence
      operations:
      - method: POST
        name: validateattestationoccurrence
        description: Google Cloud Binary Authorization Validate attestation occurrence
        call: google-cloud-binary-authorization.validateattestationoccurrence
        outputParameters:
        - type: object
          mapping: $.
  - type: mcp
    port: 9090
    namespace: google-cloud-binary-authorization-mcp
    transport: http
    description: MCP adapter for Google Cloud Binary Authorization API for AI agent use.
    tools:
    - name: getpolicy
      description: Google Cloud Binary Authorization Get project policy
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: google-cloud-binary-authorization.getpolicy
      outputParameters:
      - type: object
        mapping: $.
    - name: updatepolicy
      description: Google Cloud Binary Authorization Update project policy
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: google-cloud-binary-authorization.updatepolicy
      outputParameters:
      - type: object
        mapping: $.
    - name: listattestors
      description: Google Cloud Binary Authorization List attestors
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: google-cloud-binary-authorization.listattestors
      outputParameters:
      - type: object
        mapping: $.
    - name: createattestor
      description: Google Cloud Binary Authorization Create an attestor
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: google-cloud-binary-authorization.createattestor
      with:
        attestorId: tools.attestorId
      inputParameters:
      - name: attestorId
        type: string
        description: attestorId
        required: true
      outputParameters:
      - type: object
        mapping: $.
    - name: getattestor
      description: Google Cloud Binary Authorization Get an attestor
      hints:
        readOnly: true
        destructive: false
        idempotent: true
      call: google-cloud-binary-authorization.getattestor
      outputParameters:
      - type: object
        mapping: $.
    - name: updateattestor
      description: Google Cloud Binary Authorization Update an attestor
      hints:
        readOnly: false
        destructive: false
        idempotent: true
      call: google-cloud-binary-authorization.updateattestor
      outputParameters:
      - type: object
        mapping: $.
    - name: deleteattestor
      description: Google Cloud Binary Authorization Delete an attestor
      hints:
        readOnly: false
        destructive: true
        idempotent: true
      call: google-cloud-binary-authorization.deleteattestor
      outputParameters:
      - type: object
        mapping: $.
    - name: validateattestationoccurrence
      description: Google Cloud Binary Authorization Validate attestation occurrence
      hints:
        readOnly: false
        destructive: false
        idempotent: false
      call: google-cloud-binary-authorization.validateattestationoccurrence
      outputParameters:
      - type: object
        mapping: $.
binds:
- namespace: env
  keys:
    GOOGLE_CLOUD_BINARY_AUTHORIZATION_TOKEN: GOOGLE_CLOUD_BINARY_AUTHORIZATION_TOKEN