# Attestor

Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the attestor already exists.

## Create a Attestor Resource

`new Attestor(name: string, args: AttestorArgs, opts?: CustomResourceOptions);`

```
@overload
def Attestor(resource_name: str,
opts: Optional[ResourceOptions] = None,
attestor_id: Optional[str] = None,
description: Optional[str] = None,
etag: Optional[str] = None,
name: Optional[str] = None,
project: Optional[str] = None,
user_owned_grafeas_note: Optional[UserOwnedGrafeasNoteArgs] = None)
@overload
def Attestor(resource_name: str,
args: AttestorArgs,
opts: Optional[ResourceOptions] = None)
```

`func NewAttestor(ctx *Context, name string, args AttestorArgs, opts ...ResourceOption) (*Attestor, error)`

`public Attestor(string name, AttestorArgs args, CustomResourceOptions? opts = null)`

```
public Attestor(String name, AttestorArgs args)
public Attestor(String name, AttestorArgs args, CustomResourceOptions options)
```

```
type: google-native:binaryauthorization/v1:Attestor
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.
```

- name string
- The unique name of the resource.
- args AttestorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.

- resource_name str
- The unique name of the resource.
- args AttestorArgs
- The arguments to resource properties.
- opts ResourceOptions
- Bag of options to control resource's behavior.

- ctx Context
- Context object for the current deployment.
- name string
- The unique name of the resource.
- args AttestorArgs
- The arguments to resource properties.
- opts ResourceOption
- Bag of options to control resource's behavior.

- name string
- The unique name of the resource.
- args AttestorArgs
- The arguments to resource properties.
- opts CustomResourceOptions
- Bag of options to control resource's behavior.

- name String
- The unique name of the resource.
- args AttestorArgs
- The arguments to resource properties.
- options CustomResourceOptions
- Bag of options to control resource's behavior.

## Attestor Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

### Inputs

The Attestor resource accepts the following input properties:

- Attestor
Id string Required. The attestors ID.

- Description string
Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

- Etag string
Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.

- Name string
The resource name, in the format:

`projects/*/attestors/*`

. This field may not be updated.- Project string
- User
Owned Pulumi.Grafeas Note Google Native. Binary Authorization. V1. Inputs. User Owned Grafeas Note Args This specifies how an attestation will be read, and how it will be used during policy enforcement.

- Attestor
Id string Required. The attestors ID.

- Description string
Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

- Etag string
Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.

- Name string
The resource name, in the format:

`projects/*/attestors/*`

. This field may not be updated.- Project string
- User
Owned UserGrafeas Note Owned Grafeas Note Args This specifies how an attestation will be read, and how it will be used during policy enforcement.

- attestor
Id String Required. The attestors ID.

- description String
Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

- etag String
Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.

- name String
The resource name, in the format:

`projects/*/attestors/*`

. This field may not be updated.- project String
- user
Owned UserGrafeas Note Owned Grafeas Note Args This specifies how an attestation will be read, and how it will be used during policy enforcement.

- attestor
Id string Required. The attestors ID.

- description string
- etag string
- name string
The resource name, in the format:

`projects/*/attestors/*`

. This field may not be updated.- project string
- user
Owned UserGrafeas Note Owned Grafeas Note Args This specifies how an attestation will be read, and how it will be used during policy enforcement.

- attestor_
id str Required. The attestors ID.

- description str
- etag str
- name str
The resource name, in the format:

`projects/*/attestors/*`

. This field may not be updated.- project str
- user_
owned_ Usergrafeas_ note Owned Grafeas Note Args This specifies how an attestation will be read, and how it will be used during policy enforcement.

- attestor
Id String Required. The attestors ID.

- description String
- etag String
- name String
The resource name, in the format:

`projects/*/attestors/*`

. This field may not be updated.- project String
- user
Owned Property MapGrafeas Note This specifies how an attestation will be read, and how it will be used during policy enforcement.

### Outputs

All input properties are implicitly available as output properties. Additionally, the Attestor resource produces the following output properties:

- Id string
The provider-assigned unique ID for this managed resource.

- Update
Time string Time when the attestor was last updated.

- Id string
The provider-assigned unique ID for this managed resource.

- Update
Time string Time when the attestor was last updated.

- id String
The provider-assigned unique ID for this managed resource.

- update
Time String Time when the attestor was last updated.

- id string
The provider-assigned unique ID for this managed resource.

- update
Time string Time when the attestor was last updated.

- id str
The provider-assigned unique ID for this managed resource.

- update_
time str Time when the attestor was last updated.

- id String
The provider-assigned unique ID for this managed resource.

- update
Time String Time when the attestor was last updated.

## Supporting Types

#### AttestorPublicKey

- Ascii
Armored stringPgp Public Key ASCII-armored representation of a PGP public key, as the entire output by the command

`gpg --export --armor foo@example.com`

(either LF or CRLF line endings). When using this field,`id`

should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If`id`

is provided by the caller, it will be overwritten by the API-calculated ID.- Comment string
Optional. A descriptive comment. This field may be updated.

- Id string
The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on

`public_key`

cases below for details.- Pkix
Public Pulumi.Key Google Native. Binary Authorization. V1. Inputs. Pkix Public Key A raw PKIX SubjectPublicKeyInfo format public key. NOTE:

`id`

may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If`id`

is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

- Ascii
Armored stringPgp Public Key ASCII-armored representation of a PGP public key, as the entire output by the command

`gpg --export --armor foo@example.com`

(either LF or CRLF line endings). When using this field,`id`

should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If`id`

is provided by the caller, it will be overwritten by the API-calculated ID.- Comment string
Optional. A descriptive comment. This field may be updated.

- Id string
The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on

`public_key`

cases below for details.- Pkix
Public PkixKey Public Key A raw PKIX SubjectPublicKeyInfo format public key. NOTE:

`id`

may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If`id`

is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

- ascii
Armored StringPgp Public Key ASCII-armored representation of a PGP public key, as the entire output by the command

`gpg --export --armor foo@example.com`

(either LF or CRLF line endings). When using this field,`id`

should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If`id`

is provided by the caller, it will be overwritten by the API-calculated ID.- comment String
Optional. A descriptive comment. This field may be updated.

- id String
The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on

`public_key`

cases below for details.- pkix
Public PkixKey Public Key A raw PKIX SubjectPublicKeyInfo format public key. NOTE:

`id`

may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If`id`

is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

- ascii
Armored stringPgp Public Key `gpg --export --armor foo@example.com`

(either LF or CRLF line endings). When using this field,`id`

should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If`id`

is provided by the caller, it will be overwritten by the API-calculated ID.- comment string
Optional. A descriptive comment. This field may be updated.

- id string
`public_key`

cases below for details.- pkix
Public PkixKey Public Key `id`

may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If`id`

is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

- ascii_
armored_ strpgp_ public_ key `gpg --export --armor foo@example.com`

(either LF or CRLF line endings). When using this field,`id`

should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If`id`

is provided by the caller, it will be overwritten by the API-calculated ID.- comment str
Optional. A descriptive comment. This field may be updated.

- id str
`public_key`

cases below for details.- pkix_
public_ Pkixkey Public Key `id`

may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If`id`

is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

- ascii
Armored StringPgp Public Key `gpg --export --armor foo@example.com`

(either LF or CRLF line endings). When using this field,`id`

should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If`id`

is provided by the caller, it will be overwritten by the API-calculated ID.- comment String
Optional. A descriptive comment. This field may be updated.

- id String
`public_key`

cases below for details.- pkix
Public Property MapKey `id`

may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If`id`

is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

#### AttestorPublicKeyResponse

- Ascii
Armored stringPgp Public Key `gpg --export --armor foo@example.com`

(either LF or CRLF line endings). When using this field,`id`

should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If`id`

is provided by the caller, it will be overwritten by the API-calculated ID.- Comment string
Optional. A descriptive comment. This field may be updated.

- Pkix
Public Pulumi.Key Google Native. Binary Authorization. V1. Inputs. Pkix Public Key Response `id`

may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If`id`

is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

- Ascii
Armored stringPgp Public Key `gpg --export --armor foo@example.com`

(either LF or CRLF line endings). When using this field,`id`

should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If`id`

is provided by the caller, it will be overwritten by the API-calculated ID.- Comment string
Optional. A descriptive comment. This field may be updated.

- Pkix
Public PkixKey Public Key Response `id`

may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If`id`

is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

- ascii
Armored StringPgp Public Key `gpg --export --armor foo@example.com`

(either LF or CRLF line endings). When using this field,`id`

should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If`id`

is provided by the caller, it will be overwritten by the API-calculated ID.- comment String
Optional. A descriptive comment. This field may be updated.

- pkix
Public PkixKey Public Key Response `id`

may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If`id`

is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

- ascii
Armored stringPgp Public Key `gpg --export --armor foo@example.com`

(either LF or CRLF line endings). When using this field,`id`

should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If`id`

is provided by the caller, it will be overwritten by the API-calculated ID.- comment string
Optional. A descriptive comment. This field may be updated.

- pkix
Public PkixKey Public Key Response `id`

may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If`id`

is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

- ascii_
armored_ strpgp_ public_ key `gpg --export --armor foo@example.com`

(either LF or CRLF line endings). When using this field,`id`

should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If`id`

is provided by the caller, it will be overwritten by the API-calculated ID.- comment str
Optional. A descriptive comment. This field may be updated.

- pkix_
public_ Pkixkey Public Key Response `id`

may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If`id`

is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

- ascii
Armored StringPgp Public Key `gpg --export --armor foo@example.com`

(either LF or CRLF line endings). When using this field,`id`

should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If`id`

is provided by the caller, it will be overwritten by the API-calculated ID.- comment String
Optional. A descriptive comment. This field may be updated.

- pkix
Public Property MapKey `id`

may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If`id`

is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

#### PkixPublicKey

- Public
Key stringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

- Signature
Algorithm Pulumi.Google Native. Binary Authorization. V1. Pkix Public Key Signature Algorithm The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in

`public_key_pem`

(i.e. this algorithm must match that of the public key).

- Public
Key stringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

- Signature
Algorithm PkixPublic Key Signature Algorithm The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in

`public_key_pem`

(i.e. this algorithm must match that of the public key).

- public
Key StringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

- signature
Algorithm PkixPublic Key Signature Algorithm The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in

`public_key_pem`

(i.e. this algorithm must match that of the public key).

- public
Key stringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

- signature
Algorithm PkixPublic Key Signature Algorithm `public_key_pem`

(i.e. this algorithm must match that of the public key).

- public_
key_ strpem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

- signature_
algorithm PkixPublic Key Signature Algorithm `public_key_pem`

(i.e. this algorithm must match that of the public key).

- public
Key StringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

- signature
Algorithm "SIGNATURE_ALGORITHM_UNSPECIFIED" | "RSA_PSS_2048_SHA256" | "RSA_SIGN_PSS_2048_SHA256" | "RSA_PSS_3072_SHA256" | "RSA_SIGN_PSS_3072_SHA256" | "RSA_PSS_4096_SHA256" | "RSA_SIGN_PSS_4096_SHA256" | "RSA_PSS_4096_SHA512" | "RSA_SIGN_PSS_4096_SHA512" | "RSA_SIGN_PKCS1_2048_SHA256" | "RSA_SIGN_PKCS1_3072_SHA256" | "RSA_SIGN_PKCS1_4096_SHA256" | "RSA_SIGN_PKCS1_4096_SHA512" | "ECDSA_P256_SHA256" | "EC_SIGN_P256_SHA256" | "ECDSA_P384_SHA384" | "EC_SIGN_P384_SHA384" | "ECDSA_P521_SHA512" | "EC_SIGN_P521_SHA512" `public_key_pem`

(i.e. this algorithm must match that of the public key).

#### PkixPublicKeyResponse

- Public
Key stringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

- Signature
Algorithm string `public_key_pem`

(i.e. this algorithm must match that of the public key).

- Public
Key stringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

- Signature
Algorithm string `public_key_pem`

(i.e. this algorithm must match that of the public key).

- public
Key StringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

- signature
Algorithm String `public_key_pem`

(i.e. this algorithm must match that of the public key).

- public
Key stringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

- signature
Algorithm string `public_key_pem`

(i.e. this algorithm must match that of the public key).

- public_
key_ strpem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

- signature_
algorithm str `public_key_pem`

(i.e. this algorithm must match that of the public key).

- public
Key StringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

- signature
Algorithm String `public_key_pem`

(i.e. this algorithm must match that of the public key).

#### PkixPublicKeySignatureAlgorithm

- Signature
Algorithm Unspecified - SIGNATURE_ALGORITHM_UNSPECIFIED
Not specified.

- Rsa
Pss2048Sha256 - RSA_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.

- Rsa
Sign Pss2048Sha256 - RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.

- Rsa
Pss3072Sha256 - RSA_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.

- Rsa
Sign Pss3072Sha256 - RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.

- Rsa
Pss4096Sha256 - RSA_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.

- Rsa
Sign Pss4096Sha256 - RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.

- Rsa
Pss4096Sha512 - RSA_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.

- Rsa
Sign Pss4096Sha512 - RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.

- Rsa
Sign Pkcs12048Sha256 - RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

- Rsa
Sign Pkcs13072Sha256 - RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

- Rsa
Sign Pkcs14096Sha256 - RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

- Rsa
Sign Pkcs14096Sha512 - RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

- Ecdsa
P256Sha256 - ECDSA_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.

- Ec
Sign P256Sha256 - EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.

- Ecdsa
P384Sha384 - ECDSA_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.

- Ec
Sign P384Sha384 - EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.

- Ecdsa
P521Sha512 - ECDSA_P521_SHA512
ECDSA on the NIST P-521 curve with a SHA512 digest.

- Ec
Sign P521Sha512 - EC_SIGN_P521_SHA512
ECDSA on the NIST P-521 curve with a SHA512 digest.

- Pkix
Public Key Signature Algorithm Signature Algorithm Unspecified - SIGNATURE_ALGORITHM_UNSPECIFIED
Not specified.

- Pkix
Public Key Signature Algorithm Rsa Pss2048Sha256 - RSA_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.

- Pkix
Public Key Signature Algorithm Rsa Sign Pss2048Sha256 - RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.

- Pkix
Public Key Signature Algorithm Rsa Pss3072Sha256 - RSA_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.

- Pkix
Public Key Signature Algorithm Rsa Sign Pss3072Sha256 - RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.

- Pkix
Public Key Signature Algorithm Rsa Pss4096Sha256 - RSA_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.

- Pkix
Public Key Signature Algorithm Rsa Sign Pss4096Sha256 - RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.

- Pkix
Public Key Signature Algorithm Rsa Pss4096Sha512 - RSA_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.

- Pkix
Public Key Signature Algorithm Rsa Sign Pss4096Sha512 - RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.

- Pkix
Public Key Signature Algorithm Rsa Sign Pkcs12048Sha256 - RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

- Pkix
Public Key Signature Algorithm Rsa Sign Pkcs13072Sha256 - RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

- Pkix
Public Key Signature Algorithm Rsa Sign Pkcs14096Sha256 - RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

- Pkix
Public Key Signature Algorithm Rsa Sign Pkcs14096Sha512 - RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

- Pkix
Public Key Signature Algorithm Ecdsa P256Sha256 - ECDSA_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.

- Pkix
Public Key Signature Algorithm Ec Sign P256Sha256 - EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.

- Pkix
Public Key Signature Algorithm Ecdsa P384Sha384 - ECDSA_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.

- Pkix
Public Key Signature Algorithm Ec Sign P384Sha384 - EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.

- Pkix
Public Key Signature Algorithm Ecdsa P521Sha512 - ECDSA_P521_SHA512
ECDSA on the NIST P-521 curve with a SHA512 digest.

- Pkix
Public Key Signature Algorithm Ec Sign P521Sha512 - EC_SIGN_P521_SHA512
ECDSA on the NIST P-521 curve with a SHA512 digest.

- Signature
Algorithm Unspecified - SIGNATURE_ALGORITHM_UNSPECIFIED
Not specified.

- Rsa
Pss2048Sha256 - RSA_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.

- Rsa
Sign Pss2048Sha256 - RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.

- Rsa
Pss3072Sha256 - RSA_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.

- Rsa
Sign Pss3072Sha256 - RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.

- Rsa
Pss4096Sha256 - RSA_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.

- Rsa
Sign Pss4096Sha256 - RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.

- Rsa
Pss4096Sha512 - RSA_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.

- Rsa
Sign Pss4096Sha512 - RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.

- Rsa
Sign Pkcs12048Sha256 - RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

- Rsa
Sign Pkcs13072Sha256 - RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

- Rsa
Sign Pkcs14096Sha256 - RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

- Rsa
Sign Pkcs14096Sha512 - RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

- Ecdsa
P256Sha256 - ECDSA_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.

- Ec
Sign P256Sha256 - EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.

- Ecdsa
P384Sha384 - ECDSA_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.

- Ec
Sign P384Sha384 - EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.

- Ecdsa
P521Sha512 - ECDSA_P521_SHA512
ECDSA on the NIST P-521 curve with a SHA512 digest.

- Ec
Sign P521Sha512 - EC_SIGN_P521_SHA512
ECDSA on the NIST P-521 curve with a SHA512 digest.

- Signature
Algorithm Unspecified - SIGNATURE_ALGORITHM_UNSPECIFIED
Not specified.

- Rsa
Pss2048Sha256 - RSA_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.

- Rsa
Sign Pss2048Sha256 - RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.

- Rsa
Pss3072Sha256 - RSA_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.

- Rsa
Sign Pss3072Sha256 - RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.

- Rsa
Pss4096Sha256 - RSA_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.

- Rsa
Sign Pss4096Sha256 - RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.

- Rsa
Pss4096Sha512 - RSA_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.

- Rsa
Sign Pss4096Sha512 - RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.

- Rsa
Sign Pkcs12048Sha256 - RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

- Rsa
Sign Pkcs13072Sha256 - RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

- Rsa
Sign Pkcs14096Sha256 - RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

- Rsa
Sign Pkcs14096Sha512 - RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

- Ecdsa
P256Sha256 - ECDSA_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.

- Ec
Sign P256Sha256 - EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.

- Ecdsa
P384Sha384 - ECDSA_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.

- Ec
Sign P384Sha384 - EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.

- Ecdsa
P521Sha512 - ECDSA_P521_SHA512
ECDSA on the NIST P-521 curve with a SHA512 digest.

- Ec
Sign P521Sha512 - EC_SIGN_P521_SHA512
ECDSA on the NIST P-521 curve with a SHA512 digest.

- SIGNATURE_ALGORITHM_UNSPECIFIED
- SIGNATURE_ALGORITHM_UNSPECIFIED
Not specified.

- RSA_PSS2048_SHA256
- RSA_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.

- RSA_SIGN_PSS2048_SHA256
- RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.

- RSA_PSS3072_SHA256
- RSA_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.

- RSA_SIGN_PSS3072_SHA256
- RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.

- RSA_PSS4096_SHA256
- RSA_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.

- RSA_SIGN_PSS4096_SHA256
- RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.

- RSA_PSS4096_SHA512
- RSA_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.

- RSA_SIGN_PSS4096_SHA512
- RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.

- RSA_SIGN_PKCS12048_SHA256
- RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

- RSA_SIGN_PKCS13072_SHA256
- RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

- RSA_SIGN_PKCS14096_SHA256
- RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

- RSA_SIGN_PKCS14096_SHA512
- RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

- ECDSA_P256_SHA256
- ECDSA_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.

- EC_SIGN_P256_SHA256
- EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.

- ECDSA_P384_SHA384
- ECDSA_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.

- EC_SIGN_P384_SHA384
- EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.

- ECDSA_P521_SHA512
- ECDSA_P521_SHA512
ECDSA on the NIST P-521 curve with a SHA512 digest.

- EC_SIGN_P521_SHA512
- EC_SIGN_P521_SHA512
ECDSA on the NIST P-521 curve with a SHA512 digest.

- "SIGNATURE_ALGORITHM_UNSPECIFIED"
- SIGNATURE_ALGORITHM_UNSPECIFIED
Not specified.

- "RSA_PSS_2048_SHA256"
- RSA_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.

- "RSA_SIGN_PSS_2048_SHA256"
- RSA_SIGN_PSS_2048_SHA256
RSASSA-PSS 2048 bit key with a SHA256 digest.

- "RSA_PSS_3072_SHA256"
- RSA_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.

- "RSA_SIGN_PSS_3072_SHA256"
- RSA_SIGN_PSS_3072_SHA256
RSASSA-PSS 3072 bit key with a SHA256 digest.

- "RSA_PSS_4096_SHA256"
- RSA_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.

- "RSA_SIGN_PSS_4096_SHA256"
- RSA_SIGN_PSS_4096_SHA256
RSASSA-PSS 4096 bit key with a SHA256 digest.

- "RSA_PSS_4096_SHA512"
- RSA_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.

- "RSA_SIGN_PSS_4096_SHA512"
- RSA_SIGN_PSS_4096_SHA512
RSASSA-PSS 4096 bit key with a SHA512 digest.

- "RSA_SIGN_PKCS1_2048_SHA256"
- RSA_SIGN_PKCS1_2048_SHA256
RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.

- "RSA_SIGN_PKCS1_3072_SHA256"
- RSA_SIGN_PKCS1_3072_SHA256
RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.

- "RSA_SIGN_PKCS1_4096_SHA256"
- RSA_SIGN_PKCS1_4096_SHA256
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.

- "RSA_SIGN_PKCS1_4096_SHA512"
- RSA_SIGN_PKCS1_4096_SHA512
RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.

- "ECDSA_P256_SHA256"
- ECDSA_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.

- "EC_SIGN_P256_SHA256"
- EC_SIGN_P256_SHA256
ECDSA on the NIST P-256 curve with a SHA256 digest.

- "ECDSA_P384_SHA384"
- ECDSA_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.

- "EC_SIGN_P384_SHA384"
- EC_SIGN_P384_SHA384
ECDSA on the NIST P-384 curve with a SHA384 digest.

- "ECDSA_P521_SHA512"
- ECDSA_P521_SHA512
ECDSA on the NIST P-521 curve with a SHA512 digest.

- "EC_SIGN_P521_SHA512"
- EC_SIGN_P521_SHA512
ECDSA on the NIST P-521 curve with a SHA512 digest.

#### UserOwnedGrafeasNote

- Note
Reference string The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format:

`projects/*/notes/*`

. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- Public
Keys List<Pulumi.Google Native. Binary Authorization. V1. Inputs. Attestor Public Key> Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

- Note
Reference string The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format:

`projects/*/notes/*`

. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- Public
Keys []AttestorPublic Key Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

- note
Reference String The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format:

`projects/*/notes/*`

. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- public
Keys List<AttestorPublic Key> Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

- note
Reference string `projects/*/notes/*`

. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- public
Keys AttestorPublic Key[]

- note_
reference str `projects/*/notes/*`

. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- public_
keys Sequence[AttestorPublic Key]

- note
Reference String `projects/*/notes/*`

. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- public
Keys List<Property Map>

#### UserOwnedGrafeasNoteResponse

- Delegation
Service stringAccount Email This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (

`containeranalysis.notes.occurrences.viewer`

). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.- Note
Reference string `projects/*/notes/*`

. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- Public
Keys List<Pulumi.Google Native. Binary Authorization. V1. Inputs. Attestor Public Key Response>

- Delegation
Service stringAccount Email This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (

`containeranalysis.notes.occurrences.viewer`

). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.- Note
Reference string `projects/*/notes/*`

. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- Public
Keys []AttestorPublic Key Response

- delegation
Service StringAccount Email This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (

`containeranalysis.notes.occurrences.viewer`

). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.- note
Reference String `projects/*/notes/*`

. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- public
Keys List<AttestorPublic Key Response>

- delegation
Service stringAccount Email `containeranalysis.notes.occurrences.viewer`

). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.- note
Reference string `projects/*/notes/*`

. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- public
Keys AttestorPublic Key Response[]

- delegation_
service_ straccount_ email `containeranalysis.notes.occurrences.viewer`

). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.- note_
reference str `projects/*/notes/*`

. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- public_
keys Sequence[AttestorPublic Key Response]

- delegation
Service StringAccount Email `containeranalysis.notes.occurrences.viewer`

). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.- note
Reference String `projects/*/notes/*`

. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- public
Keys List<Property Map>

## Package Details

- Repository
- https://github.com/pulumi/pulumi-google-native
- License
- Apache-2.0