Namespace Pulumi.Gcp.BinaryAuthorization

Classes

Attestor

An attestor that attests to container image artifacts.

To get more information about Attestor, see:

AttestorArgs

AttestorIamBinding

Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:

  • gcp.binaryauthorization.AttestorIamPolicy: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.
  • gcp.binaryauthorization.AttestorIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.
  • gcp.binaryauthorization.AttestorIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.

Note: gcp.binaryauthorization.AttestorIamPolicy cannot be used in conjunction with gcp.binaryauthorization.AttestorIamBinding and gcp.binaryauthorization.AttestorIamMember or they will fight over what your policy should be.

Note: gcp.binaryauthorization.AttestorIamBinding resources can be used in conjunction with gcp.binaryauthorization.AttestorIamMember resources only if they do not grant privilege to the same role.

google_binary_authorization_attestor_iam_policy

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
    {
        Binding = 
        {

            {
                { "role", "roles/viewer" },
                { "members", 
                {
                    "user:jane@example.com",
                } },
            },
        },
    }));
    var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy("policy", new Gcp.BinaryAuthorization.AttestorIamPolicyArgs
    {
        Project = google_binary_authorization_attestor.Attestor.Project,
        Attestor = google_binary_authorization_attestor.Attestor.Name,
        PolicyData = admin.Apply(admin => admin.PolicyData),
    });
}

}

google_binary_authorization_attestor_iam_binding

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var binding = new Gcp.BinaryAuthorization.AttestorIamBinding("binding", new Gcp.BinaryAuthorization.AttestorIamBindingArgs
    {
        Project = google_binary_authorization_attestor.Attestor.Project,
        Attestor = google_binary_authorization_attestor.Attestor.Name,
        Role = "roles/viewer",
        Members = 
        {
            "user:jane@example.com",
        },
    });
}

}

google_binary_authorization_attestor_iam_member

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var member = new Gcp.BinaryAuthorization.AttestorIamMember("member", new Gcp.BinaryAuthorization.AttestorIamMemberArgs
    {
        Project = google_binary_authorization_attestor.Attestor.Project,
        Attestor = google_binary_authorization_attestor.Attestor.Name,
        Role = "roles/viewer",
        Member = "user:jane@example.com",
    });
}

}

AttestorIamBindingArgs

AttestorIamBindingState

AttestorIamMember

Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:

  • gcp.binaryauthorization.AttestorIamPolicy: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.
  • gcp.binaryauthorization.AttestorIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.
  • gcp.binaryauthorization.AttestorIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.

Note: gcp.binaryauthorization.AttestorIamPolicy cannot be used in conjunction with gcp.binaryauthorization.AttestorIamBinding and gcp.binaryauthorization.AttestorIamMember or they will fight over what your policy should be.

Note: gcp.binaryauthorization.AttestorIamBinding resources can be used in conjunction with gcp.binaryauthorization.AttestorIamMember resources only if they do not grant privilege to the same role.

google_binary_authorization_attestor_iam_policy

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
    {
        Binding = 
        {

            {
                { "role", "roles/viewer" },
                { "members", 
                {
                    "user:jane@example.com",
                } },
            },
        },
    }));
    var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy("policy", new Gcp.BinaryAuthorization.AttestorIamPolicyArgs
    {
        Project = google_binary_authorization_attestor.Attestor.Project,
        Attestor = google_binary_authorization_attestor.Attestor.Name,
        PolicyData = admin.Apply(admin => admin.PolicyData),
    });
}

}

google_binary_authorization_attestor_iam_binding

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var binding = new Gcp.BinaryAuthorization.AttestorIamBinding("binding", new Gcp.BinaryAuthorization.AttestorIamBindingArgs
    {
        Project = google_binary_authorization_attestor.Attestor.Project,
        Attestor = google_binary_authorization_attestor.Attestor.Name,
        Role = "roles/viewer",
        Members = 
        {
            "user:jane@example.com",
        },
    });
}

}

google_binary_authorization_attestor_iam_member

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var member = new Gcp.BinaryAuthorization.AttestorIamMember("member", new Gcp.BinaryAuthorization.AttestorIamMemberArgs
    {
        Project = google_binary_authorization_attestor.Attestor.Project,
        Attestor = google_binary_authorization_attestor.Attestor.Name,
        Role = "roles/viewer",
        Member = "user:jane@example.com",
    });
}

}

AttestorIamMemberArgs

AttestorIamMemberState

AttestorIamPolicy

Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:

  • gcp.binaryauthorization.AttestorIamPolicy: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached.
  • gcp.binaryauthorization.AttestorIamBinding: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved.
  • gcp.binaryauthorization.AttestorIamMember: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.

Note: gcp.binaryauthorization.AttestorIamPolicy cannot be used in conjunction with gcp.binaryauthorization.AttestorIamBinding and gcp.binaryauthorization.AttestorIamMember or they will fight over what your policy should be.

Note: gcp.binaryauthorization.AttestorIamBinding resources can be used in conjunction with gcp.binaryauthorization.AttestorIamMember resources only if they do not grant privilege to the same role.

google_binary_authorization_attestor_iam_policy

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var admin = Output.Create(Gcp.Organizations.GetIAMPolicy.InvokeAsync(new Gcp.Organizations.GetIAMPolicyArgs
    {
        Binding = 
        {

            {
                { "role", "roles/viewer" },
                { "members", 
                {
                    "user:jane@example.com",
                } },
            },
        },
    }));
    var policy = new Gcp.BinaryAuthorization.AttestorIamPolicy("policy", new Gcp.BinaryAuthorization.AttestorIamPolicyArgs
    {
        Project = google_binary_authorization_attestor.Attestor.Project,
        Attestor = google_binary_authorization_attestor.Attestor.Name,
        PolicyData = admin.Apply(admin => admin.PolicyData),
    });
}

}

google_binary_authorization_attestor_iam_binding

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var binding = new Gcp.BinaryAuthorization.AttestorIamBinding("binding", new Gcp.BinaryAuthorization.AttestorIamBindingArgs
    {
        Project = google_binary_authorization_attestor.Attestor.Project,
        Attestor = google_binary_authorization_attestor.Attestor.Name,
        Role = "roles/viewer",
        Members = 
        {
            "user:jane@example.com",
        },
    });
}

}

google_binary_authorization_attestor_iam_member

using Pulumi;
using Gcp = Pulumi.Gcp;

class MyStack : Stack
{
public MyStack()
{
    var member = new Gcp.BinaryAuthorization.AttestorIamMember("member", new Gcp.BinaryAuthorization.AttestorIamMemberArgs
    {
        Project = google_binary_authorization_attestor.Attestor.Project,
        Attestor = google_binary_authorization_attestor.Attestor.Name,
        Role = "roles/viewer",
        Member = "user:jane@example.com",
    });
}

}

AttestorIamPolicyArgs

AttestorIamPolicyState

AttestorState

Policy

A policy for container image binary authorization.

To get more information about Policy, see:

PolicyArgs

PolicyState