Docs Home
cosign 0.0.27 published on Thursday, May 1, 2025 by chainguard-dev
cosign.Attest
Explore with Pulumi AI
cosign 0.0.27 published on Thursday, May 1, 2025 by chainguard-dev
This attests the provided image digest with cosign.
Create Attest Resource
Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.
Constructor syntax
new Attest(name: string, args: AttestArgs, opts?: CustomResourceOptions);@overload
def Attest(resource_name: str,
args: AttestArgs,
opts: Optional[ResourceOptions] = None)
@overload
def Attest(resource_name: str,
opts: Optional[ResourceOptions] = None,
image: Optional[str] = None,
conflict: Optional[str] = None,
fulcio_url: Optional[str] = None,
predicate: Optional[str] = None,
predicate_files: Optional[Sequence[AttestPredicateFileArgs]] = None,
predicate_type: Optional[str] = None,
predicates: Optional[Sequence[AttestPredicateArgs]] = None,
rekor_url: Optional[str] = None)func NewAttest(ctx *Context, name string, args AttestArgs, opts ...ResourceOption) (*Attest, error)public Attest(string name, AttestArgs args, CustomResourceOptions? opts = null)
public Attest(String name, AttestArgs args)
public Attest(String name, AttestArgs args, CustomResourceOptions options)
type: cosign:Attest
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
Parameters
- name string
- The unique name of the resource.
- args AttestArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- resource_name str
- The unique name of the resource.
- args AttestArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.
- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AttestArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.
- name string
- The unique name of the resource.
- args AttestArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.
- name String
- The unique name of the resource.
- args AttestArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.
Constructor example
The following reference example uses placeholder values for all input properties.
var attestResource = new Cosign.Attest("attestResource", new()
{
Image = "string",
Conflict = "string",
FulcioUrl = "string",
Predicates = new[]
{
new Cosign.Inputs.AttestPredicateArgs
{
Type = "string",
Files = new[]
{
new Cosign.Inputs.AttestPredicateFileArgs
{
Path = "string",
Sha256 = "string",
},
},
Json = "string",
},
},
RekorUrl = "string",
});
example, err := cosign.NewAttest(ctx, "attestResource", &cosign.AttestArgs{
Image: pulumi.String("string"),
Conflict: pulumi.String("string"),
FulcioUrl: pulumi.String("string"),
Predicates: cosign.AttestPredicateArray{
&cosign.AttestPredicateArgs{
Type: pulumi.String("string"),
Files: cosign.AttestPredicateFileArray{
&cosign.AttestPredicateFileArgs{
Path: pulumi.String("string"),
Sha256: pulumi.String("string"),
},
},
Json: pulumi.String("string"),
},
},
RekorUrl: pulumi.String("string"),
})
var attestResource = new Attest("attestResource", AttestArgs.builder()
.image("string")
.conflict("string")
.fulcioUrl("string")
.predicates(AttestPredicateArgs.builder()
.type("string")
.files(AttestPredicateFileArgs.builder()
.path("string")
.sha256("string")
.build())
.json("string")
.build())
.rekorUrl("string")
.build());
attest_resource = cosign.Attest("attestResource",
image="string",
conflict="string",
fulcio_url="string",
predicates=[{
"type": "string",
"files": [{
"path": "string",
"sha256": "string",
}],
"json": "string",
}],
rekor_url="string")
const attestResource = new cosign.Attest("attestResource", {
image: "string",
conflict: "string",
fulcioUrl: "string",
predicates: [{
type: "string",
files: [{
path: "string",
sha256: "string",
}],
json: "string",
}],
rekorUrl: "string",
});
type: cosign:Attest
properties:
conflict: string
fulcioUrl: string
image: string
predicates:
- files:
- path: string
sha256: string
json: string
type: string
rekorUrl: string
Attest Resource Properties
To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.
Inputs
In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.
The Attest resource accepts the following input properties:
- Image string
- The digest of the container image to attest.
- Conflict string
- How to handle conflicting predicate values
- Fulcio
Url string - Address of sigstore PKI server (default https://fulcio.sigstore.dev).
- Predicate string
- The JSON body of the in-toto predicate's claim.
- Predicate
Files List<AttestPredicate File> - The path and sha256 hex of the predicate to attest.
- Predicate
Type string - The in-toto predicate type of the claim being attested.
- Predicates
List<Attest
Predicate> - The path and sha256 hex of the predicate to attest.
- Rekor
Url string - Address of rekor transparency log server (default https://rekor.sigstore.dev).
- Image string
- The digest of the container image to attest.
- Conflict string
- How to handle conflicting predicate values
- Fulcio
Url string - Address of sigstore PKI server (default https://fulcio.sigstore.dev).
- Predicate string
- The JSON body of the in-toto predicate's claim.
- Predicate
Files []AttestPredicate File Args - The path and sha256 hex of the predicate to attest.
- Predicate
Type string - The in-toto predicate type of the claim being attested.
- Predicates
[]Attest
Predicate Args - The path and sha256 hex of the predicate to attest.
- Rekor
Url string - Address of rekor transparency log server (default https://rekor.sigstore.dev).
- image String
- The digest of the container image to attest.
- conflict String
- How to handle conflicting predicate values
- fulcio
Url String - Address of sigstore PKI server (default https://fulcio.sigstore.dev).
- predicate String
- The JSON body of the in-toto predicate's claim.
- predicate
Files List<AttestPredicate File> - The path and sha256 hex of the predicate to attest.
- predicate
Type String - The in-toto predicate type of the claim being attested.
- predicates
List<Attest
Predicate> - The path and sha256 hex of the predicate to attest.
- rekor
Url String - Address of rekor transparency log server (default https://rekor.sigstore.dev).
- image string
- The digest of the container image to attest.
- conflict string
- How to handle conflicting predicate values
- fulcio
Url string - Address of sigstore PKI server (default https://fulcio.sigstore.dev).
- predicate string
- The JSON body of the in-toto predicate's claim.
- predicate
Files AttestPredicate File[] - The path and sha256 hex of the predicate to attest.
- predicate
Type string - The in-toto predicate type of the claim being attested.
- predicates
Attest
Predicate[] - The path and sha256 hex of the predicate to attest.
- rekor
Url string - Address of rekor transparency log server (default https://rekor.sigstore.dev).
- image str
- The digest of the container image to attest.
- conflict str
- How to handle conflicting predicate values
- fulcio_
url str - Address of sigstore PKI server (default https://fulcio.sigstore.dev).
- predicate str
- The JSON body of the in-toto predicate's claim.
- predicate_
files Sequence[AttestPredicate File Args] - The path and sha256 hex of the predicate to attest.
- predicate_
type str - The in-toto predicate type of the claim being attested.
- predicates
Sequence[Attest
Predicate Args] - The path and sha256 hex of the predicate to attest.
- rekor_
url str - Address of rekor transparency log server (default https://rekor.sigstore.dev).
- image String
- The digest of the container image to attest.
- conflict String
- How to handle conflicting predicate values
- fulcio
Url String - Address of sigstore PKI server (default https://fulcio.sigstore.dev).
- predicate String
- The JSON body of the in-toto predicate's claim.
- predicate
Files List<Property Map> - The path and sha256 hex of the predicate to attest.
- predicate
Type String - The in-toto predicate type of the claim being attested.
- predicates List<Property Map>
- The path and sha256 hex of the predicate to attest.
- rekor
Url String - Address of rekor transparency log server (default https://rekor.sigstore.dev).
Outputs
All input properties are implicitly available as output properties. Additionally, the Attest resource produces the following output properties:
- Attested
Ref string - This always matches the input digest, but is a convenience for composition.
- Id string
- The provider-assigned unique ID for this managed resource.
- Attested
Ref string - This always matches the input digest, but is a convenience for composition.
- Id string
- The provider-assigned unique ID for this managed resource.
- attested
Ref String - This always matches the input digest, but is a convenience for composition.
- id String
- The provider-assigned unique ID for this managed resource.
- attested
Ref string - This always matches the input digest, but is a convenience for composition.
- id string
- The provider-assigned unique ID for this managed resource.
- attested_
ref str - This always matches the input digest, but is a convenience for composition.
- id str
- The provider-assigned unique ID for this managed resource.
- attested
Ref String - This always matches the input digest, but is a convenience for composition.
- id String
- The provider-assigned unique ID for this managed resource.
Look up Existing Attest Resource
Get an existing Attest resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.
public static get(name: string, id: Input<ID>, state?: AttestState, opts?: CustomResourceOptions): Attest@staticmethod
def get(resource_name: str,
id: str,
opts: Optional[ResourceOptions] = None,
attested_ref: Optional[str] = None,
conflict: Optional[str] = None,
fulcio_url: Optional[str] = None,
image: Optional[str] = None,
predicate: Optional[str] = None,
predicate_files: Optional[Sequence[AttestPredicateFileArgs]] = None,
predicate_type: Optional[str] = None,
predicates: Optional[Sequence[AttestPredicateArgs]] = None,
rekor_url: Optional[str] = None) -> Attestfunc GetAttest(ctx *Context, name string, id IDInput, state *AttestState, opts ...ResourceOption) (*Attest, error)public static Attest Get(string name, Input<string> id, AttestState? state, CustomResourceOptions? opts = null)public static Attest get(String name, Output<String> id, AttestState state, CustomResourceOptions options)resources: _: type: cosign:Attest get: id: ${id}- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- resource_name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- name
- The unique name of the resulting resource.
- id
- The unique provider ID of the resource to lookup.
- state
- Any extra arguments used during the lookup.
- opts
- A bag of options that control this resource's behavior.
- Attested
Ref string - This always matches the input digest, but is a convenience for composition.
- Conflict string
- How to handle conflicting predicate values
- Fulcio
Url string - Address of sigstore PKI server (default https://fulcio.sigstore.dev).
- Image string
- The digest of the container image to attest.
- Predicate string
- The JSON body of the in-toto predicate's claim.
- Predicate
Files List<AttestPredicate File> - The path and sha256 hex of the predicate to attest.
- Predicate
Type string - The in-toto predicate type of the claim being attested.
- Predicates
List<Attest
Predicate> - The path and sha256 hex of the predicate to attest.
- Rekor
Url string - Address of rekor transparency log server (default https://rekor.sigstore.dev).
- Attested
Ref string - This always matches the input digest, but is a convenience for composition.
- Conflict string
- How to handle conflicting predicate values
- Fulcio
Url string - Address of sigstore PKI server (default https://fulcio.sigstore.dev).
- Image string
- The digest of the container image to attest.
- Predicate string
- The JSON body of the in-toto predicate's claim.
- Predicate
Files []AttestPredicate File Args - The path and sha256 hex of the predicate to attest.
- Predicate
Type string - The in-toto predicate type of the claim being attested.
- Predicates
[]Attest
Predicate Args - The path and sha256 hex of the predicate to attest.
- Rekor
Url string - Address of rekor transparency log server (default https://rekor.sigstore.dev).
- attested
Ref String - This always matches the input digest, but is a convenience for composition.
- conflict String
- How to handle conflicting predicate values
- fulcio
Url String - Address of sigstore PKI server (default https://fulcio.sigstore.dev).
- image String
- The digest of the container image to attest.
- predicate String
- The JSON body of the in-toto predicate's claim.
- predicate
Files List<AttestPredicate File> - The path and sha256 hex of the predicate to attest.
- predicate
Type String - The in-toto predicate type of the claim being attested.
- predicates
List<Attest
Predicate> - The path and sha256 hex of the predicate to attest.
- rekor
Url String - Address of rekor transparency log server (default https://rekor.sigstore.dev).
- attested
Ref string - This always matches the input digest, but is a convenience for composition.
- conflict string
- How to handle conflicting predicate values
- fulcio
Url string - Address of sigstore PKI server (default https://fulcio.sigstore.dev).
- image string
- The digest of the container image to attest.
- predicate string
- The JSON body of the in-toto predicate's claim.
- predicate
Files AttestPredicate File[] - The path and sha256 hex of the predicate to attest.
- predicate
Type string - The in-toto predicate type of the claim being attested.
- predicates
Attest
Predicate[] - The path and sha256 hex of the predicate to attest.
- rekor
Url string - Address of rekor transparency log server (default https://rekor.sigstore.dev).
- attested_
ref str - This always matches the input digest, but is a convenience for composition.
- conflict str
- How to handle conflicting predicate values
- fulcio_
url str - Address of sigstore PKI server (default https://fulcio.sigstore.dev).
- image str
- The digest of the container image to attest.
- predicate str
- The JSON body of the in-toto predicate's claim.
- predicate_
files Sequence[AttestPredicate File Args] - The path and sha256 hex of the predicate to attest.
- predicate_
type str - The in-toto predicate type of the claim being attested.
- predicates
Sequence[Attest
Predicate Args] - The path and sha256 hex of the predicate to attest.
- rekor_
url str - Address of rekor transparency log server (default https://rekor.sigstore.dev).
- attested
Ref String - This always matches the input digest, but is a convenience for composition.
- conflict String
- How to handle conflicting predicate values
- fulcio
Url String - Address of sigstore PKI server (default https://fulcio.sigstore.dev).
- image String
- The digest of the container image to attest.
- predicate String
- The JSON body of the in-toto predicate's claim.
- predicate
Files List<Property Map> - The path and sha256 hex of the predicate to attest.
- predicate
Type String - The in-toto predicate type of the claim being attested.
- predicates List<Property Map>
- The path and sha256 hex of the predicate to attest.
- rekor
Url String - Address of rekor transparency log server (default https://rekor.sigstore.dev).
Supporting Types
AttestPredicate, AttestPredicateArgs
- Type string
- The in-toto predicate type of the claim being attested.
- Files
List<Attest
Predicate File> - The path and sha256 hex of the predicate to attest.
- Json string
- The JSON body of the in-toto predicate's claim.
- Type string
- The in-toto predicate type of the claim being attested.
- Files
[]Attest
Predicate File - The path and sha256 hex of the predicate to attest.
- Json string
- The JSON body of the in-toto predicate's claim.
- type String
- The in-toto predicate type of the claim being attested.
- files
List<Attest
Predicate File> - The path and sha256 hex of the predicate to attest.
- json String
- The JSON body of the in-toto predicate's claim.
- type string
- The in-toto predicate type of the claim being attested.
- files
Attest
Predicate File[] - The path and sha256 hex of the predicate to attest.
- json string
- The JSON body of the in-toto predicate's claim.
- type str
- The in-toto predicate type of the claim being attested.
- files
Sequence[Attest
Predicate File] - The path and sha256 hex of the predicate to attest.
- json str
- The JSON body of the in-toto predicate's claim.
- type String
- The in-toto predicate type of the claim being attested.
- files List<Property Map>
- The path and sha256 hex of the predicate to attest.
- json String
- The JSON body of the in-toto predicate's claim.
AttestPredicateFile, AttestPredicateFileArgs
Package Details
- Repository
- cosign chainguard-dev/terraform-provider-cosign
- License
- Notes
- This Pulumi package is based on the
cosignTerraform Provider.
cosign 0.0.27 published on Thursday, May 1, 2025 by chainguard-dev