Google Cloud Native v0.30.0, Apr 14 23
Google Cloud Native v0.30.0, Apr 14 23
google-native.binaryauthorization/v1.getAttestor
Explore with Pulumi AI
Gets an attestor. Returns NOT_FOUND if the attestor does not exist.
Using getAttestor
Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.
function getAttestor(args: GetAttestorArgs, opts?: InvokeOptions): Promise<GetAttestorResult>
function getAttestorOutput(args: GetAttestorOutputArgs, opts?: InvokeOptions): Output<GetAttestorResult>
def get_attestor(attestor_id: Optional[str] = None,
project: Optional[str] = None,
opts: Optional[InvokeOptions] = None) -> GetAttestorResult
def get_attestor_output(attestor_id: Optional[pulumi.Input[str]] = None,
project: Optional[pulumi.Input[str]] = None,
opts: Optional[InvokeOptions] = None) -> Output[GetAttestorResult]
func LookupAttestor(ctx *Context, args *LookupAttestorArgs, opts ...InvokeOption) (*LookupAttestorResult, error)
func LookupAttestorOutput(ctx *Context, args *LookupAttestorOutputArgs, opts ...InvokeOption) LookupAttestorResultOutput
> Note: This function is named LookupAttestor
in the Go SDK.
public static class GetAttestor
{
public static Task<GetAttestorResult> InvokeAsync(GetAttestorArgs args, InvokeOptions? opts = null)
public static Output<GetAttestorResult> Invoke(GetAttestorInvokeArgs args, InvokeOptions? opts = null)
}
public static CompletableFuture<GetAttestorResult> getAttestor(GetAttestorArgs args, InvokeOptions options)
// Output-based functions aren't available in Java yet
fn::invoke:
function: google-native:binaryauthorization/v1:getAttestor
arguments:
# arguments dictionary
The following arguments are supported:
- Attestor
Id string - Project string
- Attestor
Id string - Project string
- attestor
Id String - project String
- attestor
Id string - project string
- attestor_
id str - project str
- attestor
Id String - project String
getAttestor Result
The following output properties are available:
- Description string
Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
- Etag string
Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
- Name string
The resource name, in the format:
projects/*/attestors/*
. This field may not be updated.- Update
Time string Time when the attestor was last updated.
- User
Owned Pulumi.Grafeas Note Google Native. Binary Authorization. V1. Outputs. User Owned Grafeas Note Response This specifies how an attestation will be read, and how it will be used during policy enforcement.
- Description string
Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
- Etag string
Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
- Name string
The resource name, in the format:
projects/*/attestors/*
. This field may not be updated.- Update
Time string Time when the attestor was last updated.
- User
Owned UserGrafeas Note Owned Grafeas Note Response This specifies how an attestation will be read, and how it will be used during policy enforcement.
- description String
Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
- etag String
Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
- name String
The resource name, in the format:
projects/*/attestors/*
. This field may not be updated.- update
Time String Time when the attestor was last updated.
- user
Owned UserGrafeas Note Owned Grafeas Note Response This specifies how an attestation will be read, and how it will be used during policy enforcement.
- description string
Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
- etag string
Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
- name string
The resource name, in the format:
projects/*/attestors/*
. This field may not be updated.- update
Time string Time when the attestor was last updated.
- user
Owned UserGrafeas Note Owned Grafeas Note Response This specifies how an attestation will be read, and how it will be used during policy enforcement.
- description str
Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
- etag str
Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
- name str
The resource name, in the format:
projects/*/attestors/*
. This field may not be updated.- update_
time str Time when the attestor was last updated.
- user_
owned_ Usergrafeas_ note Owned Grafeas Note Response This specifies how an attestation will be read, and how it will be used during policy enforcement.
- description String
Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
- etag String
Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
- name String
The resource name, in the format:
projects/*/attestors/*
. This field may not be updated.- update
Time String Time when the attestor was last updated.
- user
Owned Property MapGrafeas Note This specifies how an attestation will be read, and how it will be used during policy enforcement.
Supporting Types
AttestorPublicKeyResponse
- Ascii
Armored stringPgp Public Key ASCII-armored representation of a PGP public key, as the entire output by the command
gpg --export --armor foo@example.com
(either LF or CRLF line endings). When using this field,id
should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. Ifid
is provided by the caller, it will be overwritten by the API-calculated ID.- Comment string
Optional. A descriptive comment. This field may be updated.
- Pkix
Public Pulumi.Key Google Native. Binary Authorization. V1. Inputs. Pkix Public Key Response A raw PKIX SubjectPublicKeyInfo format public key. NOTE:
id
may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. Ifid
is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
- Ascii
Armored stringPgp Public Key ASCII-armored representation of a PGP public key, as the entire output by the command
gpg --export --armor foo@example.com
(either LF or CRLF line endings). When using this field,id
should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. Ifid
is provided by the caller, it will be overwritten by the API-calculated ID.- Comment string
Optional. A descriptive comment. This field may be updated.
- Pkix
Public PkixKey Public Key Response A raw PKIX SubjectPublicKeyInfo format public key. NOTE:
id
may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. Ifid
is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
- ascii
Armored StringPgp Public Key ASCII-armored representation of a PGP public key, as the entire output by the command
gpg --export --armor foo@example.com
(either LF or CRLF line endings). When using this field,id
should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. Ifid
is provided by the caller, it will be overwritten by the API-calculated ID.- comment String
Optional. A descriptive comment. This field may be updated.
- pkix
Public PkixKey Public Key Response A raw PKIX SubjectPublicKeyInfo format public key. NOTE:
id
may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. Ifid
is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
- ascii
Armored stringPgp Public Key ASCII-armored representation of a PGP public key, as the entire output by the command
gpg --export --armor foo@example.com
(either LF or CRLF line endings). When using this field,id
should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. Ifid
is provided by the caller, it will be overwritten by the API-calculated ID.- comment string
Optional. A descriptive comment. This field may be updated.
- pkix
Public PkixKey Public Key Response A raw PKIX SubjectPublicKeyInfo format public key. NOTE:
id
may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. Ifid
is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
- ascii_
armored_ strpgp_ public_ key ASCII-armored representation of a PGP public key, as the entire output by the command
gpg --export --armor foo@example.com
(either LF or CRLF line endings). When using this field,id
should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. Ifid
is provided by the caller, it will be overwritten by the API-calculated ID.- comment str
Optional. A descriptive comment. This field may be updated.
- pkix_
public_ Pkixkey Public Key Response A raw PKIX SubjectPublicKeyInfo format public key. NOTE:
id
may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. Ifid
is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
- ascii
Armored StringPgp Public Key ASCII-armored representation of a PGP public key, as the entire output by the command
gpg --export --armor foo@example.com
(either LF or CRLF line endings). When using this field,id
should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. Ifid
is provided by the caller, it will be overwritten by the API-calculated ID.- comment String
Optional. A descriptive comment. This field may be updated.
- pkix
Public Property MapKey A raw PKIX SubjectPublicKeyInfo format public key. NOTE:
id
may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. Ifid
is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
PkixPublicKeyResponse
- Public
Key stringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
- Signature
Algorithm string The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in
public_key_pem
(i.e. this algorithm must match that of the public key).
- Public
Key stringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
- Signature
Algorithm string The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in
public_key_pem
(i.e. this algorithm must match that of the public key).
- public
Key StringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
- signature
Algorithm String The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in
public_key_pem
(i.e. this algorithm must match that of the public key).
- public
Key stringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
- signature
Algorithm string The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in
public_key_pem
(i.e. this algorithm must match that of the public key).
- public_
key_ strpem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
- signature_
algorithm str The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in
public_key_pem
(i.e. this algorithm must match that of the public key).
- public
Key StringPem A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
- signature
Algorithm String The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in
public_key_pem
(i.e. this algorithm must match that of the public key).
UserOwnedGrafeasNoteResponse
- Delegation
Service stringAccount Email This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (
containeranalysis.notes.occurrences.viewer
). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.- Note
Reference string The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format:
projects/*/notes/*
. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- Public
Keys List<Pulumi.Google Native. Binary Authorization. V1. Inputs. Attestor Public Key Response> Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
- Delegation
Service stringAccount Email This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (
containeranalysis.notes.occurrences.viewer
). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.- Note
Reference string The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format:
projects/*/notes/*
. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- Public
Keys []AttestorPublic Key Response Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
- delegation
Service StringAccount Email This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (
containeranalysis.notes.occurrences.viewer
). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.- note
Reference String The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format:
projects/*/notes/*
. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- public
Keys List<AttestorPublic Key Response> Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
- delegation
Service stringAccount Email This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (
containeranalysis.notes.occurrences.viewer
). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.- note
Reference string The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format:
projects/*/notes/*
. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- public
Keys AttestorPublic Key Response[] Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
- delegation_
service_ straccount_ email This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (
containeranalysis.notes.occurrences.viewer
). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.- note_
reference str The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format:
projects/*/notes/*
. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- public_
keys Sequence[AttestorPublic Key Response] Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
- delegation
Service StringAccount Email This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (
containeranalysis.notes.occurrences.viewer
). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.- note
Reference String The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format:
projects/*/notes/*
. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.- public
Keys List<Property Map> Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
Package Details
- Repository
- Google Cloud Native pulumi/pulumi-google-native
- License
- Apache-2.0