Attestor

name string

The unique name of the resource.

args AttestorArgs

The arguments to resource properties.

opts CustomResourceOptions

Bag of options to control resource's behavior.

resource_name str

The unique name of the resource.

opts ResourceOptions

A bag of options that control this resource's behavior.

ctx Context

Context object for the current deployment.

name string

The unique name of the resource.

args AttestorArgs

The arguments to resource properties.

opts ResourceOption

Bag of options to control resource's behavior.

name string

The unique name of the resource.

args AttestorArgs

The arguments to resource properties.

opts CustomResourceOptions

Bag of options to control resource's behavior.

AttestationAuthorityNote AttestorAttestationAuthorityNoteArgs

A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. Structure is documented below.

Description string

A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

Name string

The resource name.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

AttestationAuthorityNote AttestorAttestationAuthorityNote

A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. Structure is documented below.

Description string

A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

Name string

The resource name.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

attestationAuthorityNote AttestorAttestationAuthorityNote

A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. Structure is documented below.

description string

A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

name string

The resource name.

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

attestation_authority_note Dict[AttestorAttestationAuthorityNote]

A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. Structure is documented below.

description str

A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

name str

The resource name.

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Id string

The provider-assigned unique ID for this managed resource.

Id string

The provider-assigned unique ID for this managed resource.

id string

The provider-assigned unique ID for this managed resource.

id str

The provider-assigned unique ID for this managed resource.

name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

resource_name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

name

The unique name of the resulting resource.

id

The unique provider ID of the resource to lookup.

state

Any extra arguments used during the lookup.

opts

A bag of options that control this resource's behavior.

AttestationAuthorityNote AttestorAttestationAuthorityNoteArgs

A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. Structure is documented below.

Description string

A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

Name string

The resource name.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

AttestationAuthorityNote AttestorAttestationAuthorityNote

A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. Structure is documented below.

Description string

A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

Name string

The resource name.

Project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

attestationAuthorityNote AttestorAttestationAuthorityNote

A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. Structure is documented below.

description string

A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

name string

The resource name.

project string

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

attestation_authority_note Dict[AttestorAttestationAuthorityNote]

A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. Structure is documented below.

description str

A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

name str

The resource name.

project str

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

NoteReference string

The resource name of a ATTESTATION_AUTHORITY Note, created by the user. If the Note is in a different project from the Attestor, it should be specified in the format projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Container Analysis ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note.

DelegationServiceAccountEmail string

- This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the noteReference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.

PublicKeys List<AttestorAttestationAuthorityNotePublicKeyArgs>

Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist. Structure is documented below.

NoteReference string

The resource name of a ATTESTATION_AUTHORITY Note, created by the user. If the Note is in a different project from the Attestor, it should be specified in the format projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Container Analysis ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note.

DelegationServiceAccountEmail string

- This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the noteReference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.

PublicKeys []AttestorAttestationAuthorityNotePublicKey

Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist. Structure is documented below.

noteReference string

The resource name of a ATTESTATION_AUTHORITY Note, created by the user. If the Note is in a different project from the Attestor, it should be specified in the format projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Container Analysis ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note.

delegationServiceAccountEmail string

- This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the noteReference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.

publicKeys AttestorAttestationAuthorityNotePublicKey[]

Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist. Structure is documented below.

noteReference str

The resource name of a ATTESTATION_AUTHORITY Note, created by the user. If the Note is in a different project from the Attestor, it should be specified in the format projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Container Analysis ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note.

delegationServiceAccountEmail str

- This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the noteReference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.

publicKeys List[AttestorAttestationAuthorityNotePublicKey]

Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist. Structure is documented below.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

AsciiArmoredPgpPublicKey string

ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.

Comment string

A descriptive comment. This field may be updated.

Id string

The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on publicKey cases below for details.

PkixPublicKey AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs

A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key. Structure is documented below.

AsciiArmoredPgpPublicKey string

ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.

Comment string

A descriptive comment. This field may be updated.

Id string

The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on publicKey cases below for details.

PkixPublicKey AttestorAttestationAuthorityNotePublicKeyPkixPublicKey

A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key. Structure is documented below.

asciiArmoredPgpPublicKey string

ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.

comment string

A descriptive comment. This field may be updated.

id string

The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on publicKey cases below for details.

pkixPublicKey AttestorAttestationAuthorityNotePublicKeyPkixPublicKey

A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key. Structure is documented below.

asciiArmoredPgpPublicKey str

ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.

comment str

A descriptive comment. This field may be updated.

id str

The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on publicKey cases below for details.

pkixPublicKey Dict[AttestorAttestationAuthorityNotePublicKeyPkixPublicKey]

A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key. Structure is documented below.

See the input and output API doc for this type.

See the input and output API doc for this type.

See the input and output API doc for this type.

PublicKeyPem string

A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

SignatureAlgorithm string

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in publicKeyPem (i.e. this algorithm must match that of the public key).

PublicKeyPem string

A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

SignatureAlgorithm string

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in publicKeyPem (i.e. this algorithm must match that of the public key).

publicKeyPem string

A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

signatureAlgorithm string

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in publicKeyPem (i.e. this algorithm must match that of the public key).

publicKeyPem str

A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

signatureAlgorithm str

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in publicKeyPem (i.e. this algorithm must match that of the public key).