1. Docs
  2. Reference
  3. API
  4. pulumi_gcp
  5. binaryauthorization

binaryauthorization

This provider is a derived work of the Terraform Provider distributed under MPL 2.0. If you encounter a bug or missing feature, first check the pulumi/pulumi-gcp repo; however, if that doesn’t turn up anything, please consult the source terraform-providers/terraform-provider-google repo.

class pulumi_gcp.binaryauthorization.Attestor(resource_name, opts=None, attestation_authority_note=None, description=None, name=None, project=None, __props__=None, __name__=None, __opts__=None)

Create a Attestor resource with the given unique name, props, and options.

Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

The attestation_authority_note object supports the following:

  • delegationServiceAccountEmail (pulumi.Input[str])

  • noteReference (pulumi.Input[str])

  • publicKeys (pulumi.Input[list])

    • asciiArmoredPgpPublicKey (pulumi.Input[str])

    • comment (pulumi.Input[str])

    • id (pulumi.Input[str])

    • pkixPublicKey (pulumi.Input[dict])

      • publicKeyPem (pulumi.Input[str])

      • signatureAlgorithm (pulumi.Input[str])

static get(resource_name, id, opts=None, attestation_authority_note=None, description=None, name=None, project=None)

Get an existing Attestor resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

The attestation_authority_note object supports the following:

  • delegationServiceAccountEmail (pulumi.Input[str])

  • noteReference (pulumi.Input[str])

  • publicKeys (pulumi.Input[list])

    • asciiArmoredPgpPublicKey (pulumi.Input[str])

    • comment (pulumi.Input[str])

    • id (pulumi.Input[str])

    • pkixPublicKey (pulumi.Input[dict])

      • publicKeyPem (pulumi.Input[str])

      • signatureAlgorithm (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.binaryauthorization.AttestorIamBinding(resource_name, opts=None, attestor=None, condition=None, members=None, project=None, role=None, __props__=None, __name__=None, __opts__=None)

Create a AttestorIamBinding resource with the given unique name, props, and options.

Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • attestor (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

  • role (pulumi.Input[str]) – The role that should be applied. Only one binaryauthorization.AttestorIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

attestor = None

Used to find the parent resource to bind the IAM policy to

etag = None

(Computed) The etag of the IAM policy.

project = None

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

role = None

The role that should be applied. Only one binaryauthorization.AttestorIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

static get(resource_name, id, opts=None, attestor=None, condition=None, etag=None, members=None, project=None, role=None)

Get an existing AttestorIamBinding resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • attestor (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • etag (pulumi.Input[str]) – (Computed) The etag of the IAM policy.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

  • role (pulumi.Input[str]) – The role that should be applied. Only one binaryauthorization.AttestorIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.binaryauthorization.AttestorIamMember(resource_name, opts=None, attestor=None, condition=None, member=None, project=None, role=None, __props__=None, __name__=None, __opts__=None)

Create a AttestorIamMember resource with the given unique name, props, and options.

Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • attestor (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

  • role (pulumi.Input[str]) – The role that should be applied. Only one binaryauthorization.AttestorIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

attestor = None

Used to find the parent resource to bind the IAM policy to

etag = None

(Computed) The etag of the IAM policy.

project = None

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

role = None

The role that should be applied. Only one binaryauthorization.AttestorIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

static get(resource_name, id, opts=None, attestor=None, condition=None, etag=None, member=None, project=None, role=None)

Get an existing AttestorIamMember resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • attestor (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • etag (pulumi.Input[str]) – (Computed) The etag of the IAM policy.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

  • role (pulumi.Input[str]) – The role that should be applied. Only one binaryauthorization.AttestorIamBinding can be used per role. Note that custom roles must be of the format [projects|organizations]/{parent-name}/roles/{role-name}.

The condition object supports the following:

  • description (pulumi.Input[str])

  • expression (pulumi.Input[str])

  • title (pulumi.Input[str])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.binaryauthorization.AttestorIamPolicy(resource_name, opts=None, attestor=None, policy_data=None, project=None, __props__=None, __name__=None, __opts__=None)

Create a AttestorIamPolicy resource with the given unique name, props, and options.

Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • attestor (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • policy_data (pulumi.Input[str]) – The policy data generated by a organizations.getIAMPolicy data source.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

attestor = None

Used to find the parent resource to bind the IAM policy to

etag = None

(Computed) The etag of the IAM policy.

policy_data = None

The policy data generated by a organizations.getIAMPolicy data source.

project = None

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

static get(resource_name, id, opts=None, attestor=None, etag=None, policy_data=None, project=None)

Get an existing AttestorIamPolicy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

  • attestor (pulumi.Input[str]) – Used to find the parent resource to bind the IAM policy to

  • etag (pulumi.Input[str]) – (Computed) The etag of the IAM policy.

  • policy_data (pulumi.Input[str]) – The policy data generated by a organizations.getIAMPolicy data source.

  • project (pulumi.Input[str]) – The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

class pulumi_gcp.binaryauthorization.Policy(resource_name, opts=None, admission_whitelist_patterns=None, cluster_admission_rules=None, default_admission_rule=None, description=None, global_policy_evaluation_mode=None, project=None, __props__=None, __name__=None, __opts__=None)

Create a Policy resource with the given unique name, props, and options.

Parameters

  • resource_name (str) – The name of the resource.

  • opts (pulumi.ResourceOptions) – Options for the resource.

The admission_whitelist_patterns object supports the following:

  • namePattern (pulumi.Input[str])

The cluster_admission_rules object supports the following:

  • cluster (pulumi.Input[str])

  • enforcementMode (pulumi.Input[str])

  • evaluationMode (pulumi.Input[str])

  • requireAttestationsBies (pulumi.Input[list])

The default_admission_rule object supports the following:

  • enforcementMode (pulumi.Input[str])

  • evaluationMode (pulumi.Input[str])

  • requireAttestationsBies (pulumi.Input[list])

static get(resource_name, id, opts=None, admission_whitelist_patterns=None, cluster_admission_rules=None, default_admission_rule=None, description=None, global_policy_evaluation_mode=None, project=None)

Get an existing Policy resource’s state with the given name, id, and optional extra properties used to qualify the lookup.

Parameters

  • resource_name (str) – The unique name of the resulting resource.

  • id (str) – The unique provider ID of the resource to lookup.

  • opts (pulumi.ResourceOptions) – Options for the resource.

The admission_whitelist_patterns object supports the following:

  • namePattern (pulumi.Input[str])

The cluster_admission_rules object supports the following:

  • cluster (pulumi.Input[str])

  • enforcementMode (pulumi.Input[str])

  • evaluationMode (pulumi.Input[str])

  • requireAttestationsBies (pulumi.Input[list])

The default_admission_rule object supports the following:

  • enforcementMode (pulumi.Input[str])

  • evaluationMode (pulumi.Input[str])

  • requireAttestationsBies (pulumi.Input[list])

translate_output_property(prop)

Provides subclasses of Resource an opportunity to translate names of output properties into a format of their choosing before writing those properties to the resource object.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str

translate_input_property(prop)

Provides subclasses of Resource an opportunity to translate names of input properties into a format of their choosing before sending those properties to the Pulumi engine.

Parameters

prop (str) – A property name.

Returns

A potentially transformed property name.

Return type

str