This page documents the language specification for the gcp package. If you're looking for help working with the inputs, outputs, or functions of gcp resources in a Pulumi program, please see the resource documentation for examples and API reference.

containeranalysis¶

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-gcp repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-google repo.

class pulumi_gcp.containeranalysis.Note(resource_name, opts=None, attestation_authority=None, expiration_time=None, long_description=None, name=None, project=None, related_note_names=None, related_urls=None, short_description=None, __props__=None, __name__=None, __opts__=None)¶

A Container Analysis note is a high-level piece of metadata that describes a type of analysis that can be done for a resource.

To get more information about Note, see:

API documentation
How-to Guides
- Official Documentation
- Creating Attestations (Occurrences)

import pulumi
import pulumi_gcp as gcp

note = gcp.containeranalysis.Note("note", attestation_authority={
    "hint": {
        "humanReadableName": "Attestor Note",
    },
})

import pulumi
import pulumi_gcp as gcp

note = gcp.containeranalysis.Note("note",
    attestation_authority={
        "hint": {
            "humanReadableName": "Attestor Note",
        },
    },
    expiration_time="2120-10-02T15:01:23.045123456Z",
    long_description="a longer description of test note",
    related_urls=[
        {
            "label": "foo",
            "url": "some.url",
        },
        {
            "url": "google.com",
        },
    ],
    short_description="test note")

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
attestation_authority (pulumi.Input[dict]) – Note kind that represents a logical attestation “role” or “authority”. For example, an organization might have one AttestationAuthority for “QA” and one for “build”. This Note is intended to act strictly as a grouping mechanism for the attached Occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an Occurrence to a given Note. It also provides a single point of lookup to find all attached Attestation Occurrences, even if they don’t all live in the same project. Structure is documented below.
expiration_time (pulumi.Input[str]) – Time of expiration for this note. Leave empty if note does not expire.
long_description (pulumi.Input[str]) – A detailed description of the note
name (pulumi.Input[str]) – The name of the note.
project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
related_note_names (pulumi.Input[list]) – Names of other notes related to this note.
related_urls (pulumi.Input[list]) – URLs associated with this note and related metadata. Structure is documented below.
short_description (pulumi.Input[str]) – A one sentence description of the note.

The attestation_authority object supports the following:

hint (pulumi.Input[dict]) - This submessage provides human-readable hints about the purpose of the AttestationAuthority. Because the name of a Note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from “readable” names more suitable for debug output. Note that these hints should NOT be used to look up AttestationAuthorities in security sensitive contexts, such as when looking up Attestations to verify. Structure is documented below.
- humanReadableName (pulumi.Input[str]) - The human readable name of this Attestation Authority, for example “qa”.

The related_urls object supports the following:

label (pulumi.Input[str]) - Label to describe usage of the URL
url (pulumi.Input[str]) - Specific URL associated with the resource.

attestation_authority: pulumi.Output[dict] = None¶

Note kind that represents a logical attestation “role” or “authority”. For example, an organization might have one AttestationAuthority for “QA” and one for “build”. This Note is intended to act strictly as a grouping mechanism for the attached Occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an Occurrence to a given Note. It also provides a single point of lookup to find all attached Attestation Occurrences, even if they don’t all live in the same project. Structure is documented below.

hint (dict) - This submessage provides human-readable hints about the purpose of the AttestationAuthority. Because the name of a Note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from “readable” names more suitable for debug output. Note that these hints should NOT be used to look up AttestationAuthorities in security sensitive contexts, such as when looking up Attestations to verify. Structure is documented below.
- humanReadableName (str) - The human readable name of this Attestation Authority, for example “qa”.

create_time: pulumi.Output[str] = None¶: The time this note was created.

expiration_time: pulumi.Output[str] = None¶: Time of expiration for this note. Leave empty if note does not expire.

kind: pulumi.Output[str] = None¶: The type of analysis this note describes

long_description: pulumi.Output[str] = None¶: A detailed description of the note

name: pulumi.Output[str] = None¶: The name of the note.

project: pulumi.Output[str] = None¶: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

related_note_names: pulumi.Output[list] = None¶: Names of other notes related to this note.

related_urls: pulumi.Output[list] = None¶

URLs associated with this note and related metadata. Structure is documented below.

label (str) - Label to describe usage of the URL
url (str) - Specific URL associated with the resource.

short_description: pulumi.Output[str] = None¶: A one sentence description of the note.

update_time: pulumi.Output[str] = None¶: The time this note was last updated.

static get(resource_name, id, opts=None, attestation_authority=None, create_time=None, expiration_time=None, kind=None, long_description=None, name=None, project=None, related_note_names=None, related_urls=None, short_description=None, update_time=None)¶

Get an existing Note resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
attestation_authority (pulumi.Input[dict]) – Note kind that represents a logical attestation “role” or “authority”. For example, an organization might have one AttestationAuthority for “QA” and one for “build”. This Note is intended to act strictly as a grouping mechanism for the attached Occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an Occurrence to a given Note. It also provides a single point of lookup to find all attached Attestation Occurrences, even if they don’t all live in the same project. Structure is documented below.
create_time (pulumi.Input[str]) – The time this note was created.
expiration_time (pulumi.Input[str]) – Time of expiration for this note. Leave empty if note does not expire.
kind (pulumi.Input[str]) – The type of analysis this note describes
long_description (pulumi.Input[str]) – A detailed description of the note
name (pulumi.Input[str]) – The name of the note.
project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
related_note_names (pulumi.Input[list]) – Names of other notes related to this note.
related_urls (pulumi.Input[list]) – URLs associated with this note and related metadata. Structure is documented below.
short_description (pulumi.Input[str]) – A one sentence description of the note.
update_time (pulumi.Input[str]) – The time this note was last updated.

The attestation_authority object supports the following:

hint (pulumi.Input[dict]) - This submessage provides human-readable hints about the purpose of the AttestationAuthority. Because the name of a Note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from “readable” names more suitable for debug output. Note that these hints should NOT be used to look up AttestationAuthorities in security sensitive contexts, such as when looking up Attestations to verify. Structure is documented below.
- humanReadableName (pulumi.Input[str]) - The human readable name of this Attestation Authority, for example “qa”.

The related_urls object supports the following:

label (pulumi.Input[str]) - Label to describe usage of the URL
url (pulumi.Input[str]) - Specific URL associated with the resource.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

class pulumi_gcp.containeranalysis.Occurence(resource_name, opts=None, attestation=None, note_name=None, project=None, remediation=None, resource_uri=None, __props__=None, __name__=None, __opts__=None)¶

An occurrence is an instance of a Note, or type of analysis that can be done for a resource.

To get more information about Occurrence, see:

API documentation
How-to Guides
- Official Documentation

Parameters

resource_name (str) – The name of the resource.
opts (pulumi.ResourceOptions) – Options for the resource.
attestation (pulumi.Input[dict]) – Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
note_name (pulumi.Input[str]) – The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
remediation (pulumi.Input[str]) – A description of actions that can be taken to remedy the note.
resource_uri (pulumi.Input[str]) – Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

The attestation object supports the following:

serializedPayload (pulumi.Input[str]) - The serialized payload that is verified by one or more signatures. A base64-encoded string.
signatures (pulumi.Input[list]) - One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.
- publicKeyId (pulumi.Input[str]) - The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values:
  - OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
  - openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA
  - RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
  - “ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU”
- signature (pulumi.Input[str]) - The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.

attestation: pulumi.Output[dict] = None¶

Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

serializedPayload (str) - The serialized payload that is verified by one or more signatures. A base64-encoded string.
signatures (list) - One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.
- publicKeyId (str) - The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values:
  - OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
  - openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA
  - RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
  - “ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU”
- signature (str) - The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.

create_time: pulumi.Output[str] = None¶: The time when the repository was created.

kind: pulumi.Output[str] = None¶: The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

name: pulumi.Output[str] = None¶: The name of the occurrence.

note_name: pulumi.Output[str] = None¶: The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.

project: pulumi.Output[str] = None¶: The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

remediation: pulumi.Output[str] = None¶: A description of actions that can be taken to remedy the note.

resource_uri: pulumi.Output[str] = None¶: Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

update_time: pulumi.Output[str] = None¶: The time when the repository was last updated.

static get(resource_name, id, opts=None, attestation=None, create_time=None, kind=None, name=None, note_name=None, project=None, remediation=None, resource_uri=None, update_time=None)¶

Get an existing Occurence resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

resource_name (str) – The unique name of the resulting resource.
id (str) – The unique provider ID of the resource to lookup.
opts (pulumi.ResourceOptions) – Options for the resource.
attestation (pulumi.Input[dict]) – Occurrence that represents a single “attestation”. The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
create_time (pulumi.Input[str]) – The time when the repository was created.
kind (pulumi.Input[str]) – The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
name (pulumi.Input[str]) – The name of the occurrence.
note_name (pulumi.Input[str]) – The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the provider project is used.
remediation (pulumi.Input[str]) – A description of actions that can be taken to remedy the note.
resource_uri (pulumi.Input[str]) – Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.
update_time (pulumi.Input[str]) – The time when the repository was last updated.

The attestation object supports the following:

serializedPayload (pulumi.Input[str]) - The serialized payload that is verified by one or more signatures. A base64-encoded string.
signatures (pulumi.Input[list]) - One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.
- publicKeyId (pulumi.Input[str]) - The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values:
  - OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
  - openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA
  - RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
  - “ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU”
- signature (pulumi.Input[str]) - The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.

translate_output_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

translate_input_property(prop)¶

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters: prop (str) – A property name.
Returns: A potentially transformed property name.
Return type: str

The Pulumi Platform

Get Started

Migrate to Pulumi

Solutions for All Teams and Engineers

Any Code

Any Cloud

containeranalysis¶

On This Page