1. Packages
  2. Google Cloud Native
  3. API Docs
  4. binaryauthorization
  5. binaryauthorization/v1
  6. Attestor

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.binaryauthorization/v1.Attestor

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the attestor already exists.

    Create Attestor Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Attestor(name: string, args: AttestorArgs, opts?: CustomResourceOptions);
    @overload
    def Attestor(resource_name: str,
                 args: AttestorArgs,
                 opts: Optional[ResourceOptions] = None)
    
    @overload
    def Attestor(resource_name: str,
                 opts: Optional[ResourceOptions] = None,
                 attestor_id: Optional[str] = None,
                 description: Optional[str] = None,
                 etag: Optional[str] = None,
                 name: Optional[str] = None,
                 project: Optional[str] = None,
                 user_owned_grafeas_note: Optional[UserOwnedGrafeasNoteArgs] = None)
    func NewAttestor(ctx *Context, name string, args AttestorArgs, opts ...ResourceOption) (*Attestor, error)
    public Attestor(string name, AttestorArgs args, CustomResourceOptions? opts = null)
    public Attestor(String name, AttestorArgs args)
    public Attestor(String name, AttestorArgs args, CustomResourceOptions options)
    
    type: google-native:binaryauthorization/v1:Attestor
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args AttestorArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args AttestorArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args AttestorArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args AttestorArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args AttestorArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var attestorResource = new GoogleNative.BinaryAuthorization.V1.Attestor("attestorResource", new()
    {
        AttestorId = "string",
        Description = "string",
        Etag = "string",
        Name = "string",
        Project = "string",
        UserOwnedGrafeasNote = new GoogleNative.BinaryAuthorization.V1.Inputs.UserOwnedGrafeasNoteArgs
        {
            NoteReference = "string",
            PublicKeys = new[]
            {
                new GoogleNative.BinaryAuthorization.V1.Inputs.AttestorPublicKeyArgs
                {
                    AsciiArmoredPgpPublicKey = "string",
                    Comment = "string",
                    Id = "string",
                    PkixPublicKey = new GoogleNative.BinaryAuthorization.V1.Inputs.PkixPublicKeyArgs
                    {
                        KeyId = "string",
                        PublicKeyPem = "string",
                        SignatureAlgorithm = GoogleNative.BinaryAuthorization.V1.PkixPublicKeySignatureAlgorithm.SignatureAlgorithmUnspecified,
                    },
                },
            },
        },
    });
    
    example, err := binaryauthorization.NewAttestor(ctx, "attestorResource", &binaryauthorization.AttestorArgs{
    	AttestorId:  pulumi.String("string"),
    	Description: pulumi.String("string"),
    	Etag:        pulumi.String("string"),
    	Name:        pulumi.String("string"),
    	Project:     pulumi.String("string"),
    	UserOwnedGrafeasNote: &binaryauthorization.UserOwnedGrafeasNoteArgs{
    		NoteReference: pulumi.String("string"),
    		PublicKeys: binaryauthorization.AttestorPublicKeyArray{
    			&binaryauthorization.AttestorPublicKeyArgs{
    				AsciiArmoredPgpPublicKey: pulumi.String("string"),
    				Comment:                  pulumi.String("string"),
    				Id:                       pulumi.String("string"),
    				PkixPublicKey: &binaryauthorization.PkixPublicKeyArgs{
    					KeyId:              pulumi.String("string"),
    					PublicKeyPem:       pulumi.String("string"),
    					SignatureAlgorithm: binaryauthorization.PkixPublicKeySignatureAlgorithmSignatureAlgorithmUnspecified,
    				},
    			},
    		},
    	},
    })
    
    var attestorResource = new Attestor("attestorResource", AttestorArgs.builder()
        .attestorId("string")
        .description("string")
        .etag("string")
        .name("string")
        .project("string")
        .userOwnedGrafeasNote(UserOwnedGrafeasNoteArgs.builder()
            .noteReference("string")
            .publicKeys(AttestorPublicKeyArgs.builder()
                .asciiArmoredPgpPublicKey("string")
                .comment("string")
                .id("string")
                .pkixPublicKey(PkixPublicKeyArgs.builder()
                    .keyId("string")
                    .publicKeyPem("string")
                    .signatureAlgorithm("SIGNATURE_ALGORITHM_UNSPECIFIED")
                    .build())
                .build())
            .build())
        .build());
    
    attestor_resource = google_native.binaryauthorization.v1.Attestor("attestorResource",
        attestor_id="string",
        description="string",
        etag="string",
        name="string",
        project="string",
        user_owned_grafeas_note=google_native.binaryauthorization.v1.UserOwnedGrafeasNoteArgs(
            note_reference="string",
            public_keys=[google_native.binaryauthorization.v1.AttestorPublicKeyArgs(
                ascii_armored_pgp_public_key="string",
                comment="string",
                id="string",
                pkix_public_key=google_native.binaryauthorization.v1.PkixPublicKeyArgs(
                    key_id="string",
                    public_key_pem="string",
                    signature_algorithm=google_native.binaryauthorization.v1.PkixPublicKeySignatureAlgorithm.SIGNATURE_ALGORITHM_UNSPECIFIED,
                ),
            )],
        ))
    
    const attestorResource = new google_native.binaryauthorization.v1.Attestor("attestorResource", {
        attestorId: "string",
        description: "string",
        etag: "string",
        name: "string",
        project: "string",
        userOwnedGrafeasNote: {
            noteReference: "string",
            publicKeys: [{
                asciiArmoredPgpPublicKey: "string",
                comment: "string",
                id: "string",
                pkixPublicKey: {
                    keyId: "string",
                    publicKeyPem: "string",
                    signatureAlgorithm: google_native.binaryauthorization.v1.PkixPublicKeySignatureAlgorithm.SignatureAlgorithmUnspecified,
                },
            }],
        },
    });
    
    type: google-native:binaryauthorization/v1:Attestor
    properties:
        attestorId: string
        description: string
        etag: string
        name: string
        project: string
        userOwnedGrafeasNote:
            noteReference: string
            publicKeys:
                - asciiArmoredPgpPublicKey: string
                  comment: string
                  id: string
                  pkixPublicKey:
                    keyId: string
                    publicKeyPem: string
                    signatureAlgorithm: SIGNATURE_ALGORITHM_UNSPECIFIED
    

    Attestor Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    The Attestor resource accepts the following input properties:

    AttestorId string
    Required. The attestors ID.
    Description string
    Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
    Etag string
    Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
    Name string
    The resource name, in the format: projects/*/attestors/*. This field may not be updated.
    Project string
    UserOwnedGrafeasNote Pulumi.GoogleNative.BinaryAuthorization.V1.Inputs.UserOwnedGrafeasNote
    This specifies how an attestation will be read, and how it will be used during policy enforcement.
    AttestorId string
    Required. The attestors ID.
    Description string
    Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
    Etag string
    Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
    Name string
    The resource name, in the format: projects/*/attestors/*. This field may not be updated.
    Project string
    UserOwnedGrafeasNote UserOwnedGrafeasNoteArgs
    This specifies how an attestation will be read, and how it will be used during policy enforcement.
    attestorId String
    Required. The attestors ID.
    description String
    Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
    etag String
    Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
    name String
    The resource name, in the format: projects/*/attestors/*. This field may not be updated.
    project String
    userOwnedGrafeasNote UserOwnedGrafeasNote
    This specifies how an attestation will be read, and how it will be used during policy enforcement.
    attestorId string
    Required. The attestors ID.
    description string
    Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
    etag string
    Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
    name string
    The resource name, in the format: projects/*/attestors/*. This field may not be updated.
    project string
    userOwnedGrafeasNote UserOwnedGrafeasNote
    This specifies how an attestation will be read, and how it will be used during policy enforcement.
    attestor_id str
    Required. The attestors ID.
    description str
    Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
    etag str
    Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
    name str
    The resource name, in the format: projects/*/attestors/*. This field may not be updated.
    project str
    user_owned_grafeas_note UserOwnedGrafeasNoteArgs
    This specifies how an attestation will be read, and how it will be used during policy enforcement.
    attestorId String
    Required. The attestors ID.
    description String
    Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
    etag String
    Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
    name String
    The resource name, in the format: projects/*/attestors/*. This field may not be updated.
    project String
    userOwnedGrafeasNote Property Map
    This specifies how an attestation will be read, and how it will be used during policy enforcement.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Attestor resource produces the following output properties:

    Id string
    The provider-assigned unique ID for this managed resource.
    UpdateTime string
    Time when the attestor was last updated.
    Id string
    The provider-assigned unique ID for this managed resource.
    UpdateTime string
    Time when the attestor was last updated.
    id String
    The provider-assigned unique ID for this managed resource.
    updateTime String
    Time when the attestor was last updated.
    id string
    The provider-assigned unique ID for this managed resource.
    updateTime string
    Time when the attestor was last updated.
    id str
    The provider-assigned unique ID for this managed resource.
    update_time str
    Time when the attestor was last updated.
    id String
    The provider-assigned unique ID for this managed resource.
    updateTime String
    Time when the attestor was last updated.

    Supporting Types

    AttestorPublicKey, AttestorPublicKeyArgs

    AsciiArmoredPgpPublicKey string
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    Comment string
    Optional. A descriptive comment. This field may be updated.
    Id string
    The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on public_key cases below for details.
    PkixPublicKey Pulumi.GoogleNative.BinaryAuthorization.V1.Inputs.PkixPublicKey
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    AsciiArmoredPgpPublicKey string
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    Comment string
    Optional. A descriptive comment. This field may be updated.
    Id string
    The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on public_key cases below for details.
    PkixPublicKey PkixPublicKey
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    asciiArmoredPgpPublicKey String
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    comment String
    Optional. A descriptive comment. This field may be updated.
    id String
    The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on public_key cases below for details.
    pkixPublicKey PkixPublicKey
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    asciiArmoredPgpPublicKey string
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    comment string
    Optional. A descriptive comment. This field may be updated.
    id string
    The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on public_key cases below for details.
    pkixPublicKey PkixPublicKey
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    ascii_armored_pgp_public_key str
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    comment str
    Optional. A descriptive comment. This field may be updated.
    id str
    The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on public_key cases below for details.
    pkix_public_key PkixPublicKey
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    asciiArmoredPgpPublicKey String
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    comment String
    Optional. A descriptive comment. This field may be updated.
    id String
    The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on public_key cases below for details.
    pkixPublicKey Property Map
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

    AttestorPublicKeyResponse, AttestorPublicKeyResponseArgs

    AsciiArmoredPgpPublicKey string
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    Comment string
    Optional. A descriptive comment. This field may be updated.
    PkixPublicKey Pulumi.GoogleNative.BinaryAuthorization.V1.Inputs.PkixPublicKeyResponse
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    AsciiArmoredPgpPublicKey string
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    Comment string
    Optional. A descriptive comment. This field may be updated.
    PkixPublicKey PkixPublicKeyResponse
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    asciiArmoredPgpPublicKey String
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    comment String
    Optional. A descriptive comment. This field may be updated.
    pkixPublicKey PkixPublicKeyResponse
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    asciiArmoredPgpPublicKey string
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    comment string
    Optional. A descriptive comment. This field may be updated.
    pkixPublicKey PkixPublicKeyResponse
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    ascii_armored_pgp_public_key str
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    comment str
    Optional. A descriptive comment. This field may be updated.
    pkix_public_key PkixPublicKeyResponse
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    asciiArmoredPgpPublicKey String
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    comment String
    Optional. A descriptive comment. This field may be updated.
    pkixPublicKey Property Map
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

    PkixPublicKey, PkixPublicKeyArgs

    KeyId string
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    PublicKeyPem string
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    SignatureAlgorithm Pulumi.GoogleNative.BinaryAuthorization.V1.PkixPublicKeySignatureAlgorithm
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    KeyId string
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    PublicKeyPem string
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    SignatureAlgorithm PkixPublicKeySignatureAlgorithm
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    keyId String
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    publicKeyPem String
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    signatureAlgorithm PkixPublicKeySignatureAlgorithm
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    keyId string
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    publicKeyPem string
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    signatureAlgorithm PkixPublicKeySignatureAlgorithm
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    key_id str
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    public_key_pem str
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    signature_algorithm PkixPublicKeySignatureAlgorithm
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    keyId String
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    publicKeyPem String
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    signatureAlgorithm "SIGNATURE_ALGORITHM_UNSPECIFIED" | "RSA_PSS_2048_SHA256" | "RSA_SIGN_PSS_2048_SHA256" | "RSA_PSS_3072_SHA256" | "RSA_SIGN_PSS_3072_SHA256" | "RSA_PSS_4096_SHA256" | "RSA_SIGN_PSS_4096_SHA256" | "RSA_PSS_4096_SHA512" | "RSA_SIGN_PSS_4096_SHA512" | "RSA_SIGN_PKCS1_2048_SHA256" | "RSA_SIGN_PKCS1_3072_SHA256" | "RSA_SIGN_PKCS1_4096_SHA256" | "RSA_SIGN_PKCS1_4096_SHA512" | "ECDSA_P256_SHA256" | "EC_SIGN_P256_SHA256" | "ECDSA_P384_SHA384" | "EC_SIGN_P384_SHA384" | "ECDSA_P521_SHA512" | "EC_SIGN_P521_SHA512"
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

    PkixPublicKeyResponse, PkixPublicKeyResponseArgs

    KeyId string
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    PublicKeyPem string
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    SignatureAlgorithm string
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    KeyId string
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    PublicKeyPem string
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    SignatureAlgorithm string
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    keyId String
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    publicKeyPem String
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    signatureAlgorithm String
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    keyId string
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    publicKeyPem string
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    signatureAlgorithm string
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    key_id str
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    public_key_pem str
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    signature_algorithm str
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    keyId String
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    publicKeyPem String
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    signatureAlgorithm String
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

    PkixPublicKeySignatureAlgorithm, PkixPublicKeySignatureAlgorithmArgs

    SignatureAlgorithmUnspecified
    SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified.
    RsaPss2048Sha256
    RSA_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
    RsaSignPss2048Sha256
    RSA_SIGN_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
    RsaPss3072Sha256
    RSA_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
    RsaSignPss3072Sha256
    RSA_SIGN_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
    RsaPss4096Sha256
    RSA_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
    RsaSignPss4096Sha256
    RSA_SIGN_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
    RsaPss4096Sha512
    RSA_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
    RsaSignPss4096Sha512
    RSA_SIGN_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
    RsaSignPkcs12048Sha256
    RSA_SIGN_PKCS1_2048_SHA256RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
    RsaSignPkcs13072Sha256
    RSA_SIGN_PKCS1_3072_SHA256RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
    RsaSignPkcs14096Sha256
    RSA_SIGN_PKCS1_4096_SHA256RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
    RsaSignPkcs14096Sha512
    RSA_SIGN_PKCS1_4096_SHA512RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
    EcdsaP256Sha256
    ECDSA_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
    EcSignP256Sha256
    EC_SIGN_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
    EcdsaP384Sha384
    ECDSA_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
    EcSignP384Sha384
    EC_SIGN_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
    EcdsaP521Sha512
    ECDSA_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
    EcSignP521Sha512
    EC_SIGN_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
    PkixPublicKeySignatureAlgorithmSignatureAlgorithmUnspecified
    SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified.
    PkixPublicKeySignatureAlgorithmRsaPss2048Sha256
    RSA_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
    PkixPublicKeySignatureAlgorithmRsaSignPss2048Sha256
    RSA_SIGN_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
    PkixPublicKeySignatureAlgorithmRsaPss3072Sha256
    RSA_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
    PkixPublicKeySignatureAlgorithmRsaSignPss3072Sha256
    RSA_SIGN_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
    PkixPublicKeySignatureAlgorithmRsaPss4096Sha256
    RSA_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
    PkixPublicKeySignatureAlgorithmRsaSignPss4096Sha256
    RSA_SIGN_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
    PkixPublicKeySignatureAlgorithmRsaPss4096Sha512
    RSA_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
    PkixPublicKeySignatureAlgorithmRsaSignPss4096Sha512
    RSA_SIGN_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
    PkixPublicKeySignatureAlgorithmRsaSignPkcs12048Sha256
    RSA_SIGN_PKCS1_2048_SHA256RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
    PkixPublicKeySignatureAlgorithmRsaSignPkcs13072Sha256
    RSA_SIGN_PKCS1_3072_SHA256RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
    PkixPublicKeySignatureAlgorithmRsaSignPkcs14096Sha256
    RSA_SIGN_PKCS1_4096_SHA256RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
    PkixPublicKeySignatureAlgorithmRsaSignPkcs14096Sha512
    RSA_SIGN_PKCS1_4096_SHA512RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
    PkixPublicKeySignatureAlgorithmEcdsaP256Sha256
    ECDSA_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
    PkixPublicKeySignatureAlgorithmEcSignP256Sha256
    EC_SIGN_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
    PkixPublicKeySignatureAlgorithmEcdsaP384Sha384
    ECDSA_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
    PkixPublicKeySignatureAlgorithmEcSignP384Sha384
    EC_SIGN_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
    PkixPublicKeySignatureAlgorithmEcdsaP521Sha512
    ECDSA_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
    PkixPublicKeySignatureAlgorithmEcSignP521Sha512
    EC_SIGN_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
    SignatureAlgorithmUnspecified
    SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified.
    RsaPss2048Sha256
    RSA_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
    RsaSignPss2048Sha256
    RSA_SIGN_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
    RsaPss3072Sha256
    RSA_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
    RsaSignPss3072Sha256
    RSA_SIGN_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
    RsaPss4096Sha256
    RSA_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
    RsaSignPss4096Sha256
    RSA_SIGN_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
    RsaPss4096Sha512
    RSA_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
    RsaSignPss4096Sha512
    RSA_SIGN_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
    RsaSignPkcs12048Sha256
    RSA_SIGN_PKCS1_2048_SHA256RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
    RsaSignPkcs13072Sha256
    RSA_SIGN_PKCS1_3072_SHA256RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
    RsaSignPkcs14096Sha256
    RSA_SIGN_PKCS1_4096_SHA256RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
    RsaSignPkcs14096Sha512
    RSA_SIGN_PKCS1_4096_SHA512RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
    EcdsaP256Sha256
    ECDSA_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
    EcSignP256Sha256
    EC_SIGN_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
    EcdsaP384Sha384
    ECDSA_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
    EcSignP384Sha384
    EC_SIGN_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
    EcdsaP521Sha512
    ECDSA_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
    EcSignP521Sha512
    EC_SIGN_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
    SignatureAlgorithmUnspecified
    SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified.
    RsaPss2048Sha256
    RSA_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
    RsaSignPss2048Sha256
    RSA_SIGN_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
    RsaPss3072Sha256
    RSA_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
    RsaSignPss3072Sha256
    RSA_SIGN_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
    RsaPss4096Sha256
    RSA_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
    RsaSignPss4096Sha256
    RSA_SIGN_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
    RsaPss4096Sha512
    RSA_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
    RsaSignPss4096Sha512
    RSA_SIGN_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
    RsaSignPkcs12048Sha256
    RSA_SIGN_PKCS1_2048_SHA256RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
    RsaSignPkcs13072Sha256
    RSA_SIGN_PKCS1_3072_SHA256RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
    RsaSignPkcs14096Sha256
    RSA_SIGN_PKCS1_4096_SHA256RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
    RsaSignPkcs14096Sha512
    RSA_SIGN_PKCS1_4096_SHA512RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
    EcdsaP256Sha256
    ECDSA_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
    EcSignP256Sha256
    EC_SIGN_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
    EcdsaP384Sha384
    ECDSA_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
    EcSignP384Sha384
    EC_SIGN_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
    EcdsaP521Sha512
    ECDSA_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
    EcSignP521Sha512
    EC_SIGN_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
    SIGNATURE_ALGORITHM_UNSPECIFIED
    SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified.
    RSA_PSS2048_SHA256
    RSA_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
    RSA_SIGN_PSS2048_SHA256
    RSA_SIGN_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
    RSA_PSS3072_SHA256
    RSA_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
    RSA_SIGN_PSS3072_SHA256
    RSA_SIGN_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
    RSA_PSS4096_SHA256
    RSA_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
    RSA_SIGN_PSS4096_SHA256
    RSA_SIGN_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
    RSA_PSS4096_SHA512
    RSA_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
    RSA_SIGN_PSS4096_SHA512
    RSA_SIGN_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
    RSA_SIGN_PKCS12048_SHA256
    RSA_SIGN_PKCS1_2048_SHA256RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
    RSA_SIGN_PKCS13072_SHA256
    RSA_SIGN_PKCS1_3072_SHA256RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
    RSA_SIGN_PKCS14096_SHA256
    RSA_SIGN_PKCS1_4096_SHA256RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
    RSA_SIGN_PKCS14096_SHA512
    RSA_SIGN_PKCS1_4096_SHA512RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
    ECDSA_P256_SHA256
    ECDSA_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
    EC_SIGN_P256_SHA256
    EC_SIGN_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
    ECDSA_P384_SHA384
    ECDSA_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
    EC_SIGN_P384_SHA384
    EC_SIGN_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
    ECDSA_P521_SHA512
    ECDSA_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
    EC_SIGN_P521_SHA512
    EC_SIGN_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
    "SIGNATURE_ALGORITHM_UNSPECIFIED"
    SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified.
    "RSA_PSS_2048_SHA256"
    RSA_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
    "RSA_SIGN_PSS_2048_SHA256"
    RSA_SIGN_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
    "RSA_PSS_3072_SHA256"
    RSA_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
    "RSA_SIGN_PSS_3072_SHA256"
    RSA_SIGN_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
    "RSA_PSS_4096_SHA256"
    RSA_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
    "RSA_SIGN_PSS_4096_SHA256"
    RSA_SIGN_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
    "RSA_PSS_4096_SHA512"
    RSA_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
    "RSA_SIGN_PSS_4096_SHA512"
    RSA_SIGN_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
    "RSA_SIGN_PKCS1_2048_SHA256"
    RSA_SIGN_PKCS1_2048_SHA256RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
    "RSA_SIGN_PKCS1_3072_SHA256"
    RSA_SIGN_PKCS1_3072_SHA256RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
    "RSA_SIGN_PKCS1_4096_SHA256"
    RSA_SIGN_PKCS1_4096_SHA256RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
    "RSA_SIGN_PKCS1_4096_SHA512"
    RSA_SIGN_PKCS1_4096_SHA512RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
    "ECDSA_P256_SHA256"
    ECDSA_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
    "EC_SIGN_P256_SHA256"
    EC_SIGN_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
    "ECDSA_P384_SHA384"
    ECDSA_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
    "EC_SIGN_P384_SHA384"
    EC_SIGN_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
    "ECDSA_P521_SHA512"
    ECDSA_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
    "EC_SIGN_P521_SHA512"
    EC_SIGN_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.

    UserOwnedGrafeasNote, UserOwnedGrafeasNoteArgs

    NoteReference string
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    PublicKeys List<Pulumi.GoogleNative.BinaryAuthorization.V1.Inputs.AttestorPublicKey>
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    NoteReference string
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    PublicKeys []AttestorPublicKey
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    noteReference String
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    publicKeys List<AttestorPublicKey>
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    noteReference string
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    publicKeys AttestorPublicKey[]
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    note_reference str
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    public_keys Sequence[AttestorPublicKey]
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    noteReference String
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    publicKeys List<Property Map>
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

    UserOwnedGrafeasNoteResponse, UserOwnedGrafeasNoteResponseArgs

    DelegationServiceAccountEmail string
    This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
    NoteReference string
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    PublicKeys List<Pulumi.GoogleNative.BinaryAuthorization.V1.Inputs.AttestorPublicKeyResponse>
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    DelegationServiceAccountEmail string
    This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
    NoteReference string
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    PublicKeys []AttestorPublicKeyResponse
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    delegationServiceAccountEmail String
    This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
    noteReference String
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    publicKeys List<AttestorPublicKeyResponse>
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    delegationServiceAccountEmail string
    This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
    noteReference string
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    publicKeys AttestorPublicKeyResponse[]
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    delegation_service_account_email str
    This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
    note_reference str
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    public_keys Sequence[AttestorPublicKeyResponse]
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    delegationServiceAccountEmail String
    This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
    noteReference String
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    publicKeys List<Property Map>
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi