Google Cloud Native v0.32.0, Nov 29 23

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.binaryauthorization/v1beta1.Attestor

Explore with Pulumi AI

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

Create Attestor Resource

Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

Constructor syntax

new Attestor(name: string, args: AttestorArgs, opts?: CustomResourceOptions);

@overload
def Attestor(resource_name: str,
             args: AttestorArgs,
             opts: Optional[ResourceOptions] = None)

@overload
def Attestor(resource_name: str,
             opts: Optional[ResourceOptions] = None,
             attestor_id: Optional[str] = None,
             description: Optional[str] = None,
             etag: Optional[str] = None,
             name: Optional[str] = None,
             project: Optional[str] = None,
             user_owned_drydock_note: Optional[UserOwnedDrydockNoteArgs] = None)

func NewAttestor(ctx *Context, name string, args AttestorArgs, opts ...ResourceOption) (*Attestor, error)

public Attestor(string name, AttestorArgs args, CustomResourceOptions? opts = null)

public Attestor(String name, AttestorArgs args)
public Attestor(String name, AttestorArgs args, CustomResourceOptions options)

type: google-native:binaryauthorization/v1beta1:Attestor
properties: # The arguments to resource properties.
options: # Bag of options to control resource's behavior.

Parameters

name string: The unique name of the resource.
args AttestorArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

resource_name str: The unique name of the resource.
args AttestorArgs: The arguments to resource properties.
opts ResourceOptions: Bag of options to control resource's behavior.

ctx Context: Context object for the current deployment.
name string: The unique name of the resource.
args AttestorArgs: The arguments to resource properties.
opts ResourceOption: Bag of options to control resource's behavior.

name string: The unique name of the resource.
args AttestorArgs: The arguments to resource properties.
opts CustomResourceOptions: Bag of options to control resource's behavior.

name String: The unique name of the resource.
args AttestorArgs: The arguments to resource properties.
options CustomResourceOptions: Bag of options to control resource's behavior.

Example

The following reference example uses placeholder values for all input properties.

var google_nativeAttestorResource = new GoogleNative.BinaryAuthorization.V1Beta1.Attestor("google-nativeAttestorResource", new()
{
    AttestorId = "string",
    Description = "string",
    Etag = "string",
    Name = "string",
    Project = "string",
    UserOwnedDrydockNote = new GoogleNative.BinaryAuthorization.V1Beta1.Inputs.UserOwnedDrydockNoteArgs
    {
        NoteReference = "string",
        PublicKeys = new[]
        {
            new GoogleNative.BinaryAuthorization.V1Beta1.Inputs.AttestorPublicKeyArgs
            {
                AsciiArmoredPgpPublicKey = "string",
                Comment = "string",
                Id = "string",
                PkixPublicKey = new GoogleNative.BinaryAuthorization.V1Beta1.Inputs.PkixPublicKeyArgs
                {
                    PublicKeyPem = "string",
                    SignatureAlgorithm = GoogleNative.BinaryAuthorization.V1Beta1.PkixPublicKeySignatureAlgorithm.SignatureAlgorithmUnspecified,
                },
            },
        },
    },
});

example, err := binaryauthorizationv1beta1.NewAttestor(ctx, "google-nativeAttestorResource", &binaryauthorizationv1beta1.AttestorArgs{
AttestorId: pulumi.String("string"),
Description: pulumi.String("string"),
Etag: pulumi.String("string"),
Name: pulumi.String("string"),
Project: pulumi.String("string"),
UserOwnedDrydockNote: &binaryauthorization.UserOwnedDrydockNoteArgs{
NoteReference: pulumi.String("string"),
PublicKeys: binaryauthorization.AttestorPublicKeyArray{
&binaryauthorization.AttestorPublicKeyArgs{
AsciiArmoredPgpPublicKey: pulumi.String("string"),
Comment: pulumi.String("string"),
Id: pulumi.String("string"),
PkixPublicKey: &binaryauthorization.PkixPublicKeyArgs{
PublicKeyPem: pulumi.String("string"),
SignatureAlgorithm: binaryauthorizationv1beta1.PkixPublicKeySignatureAlgorithmSignatureAlgorithmUnspecified,
},
},
},
},
})

var google_nativeAttestorResource = new Attestor("google-nativeAttestorResource", AttestorArgs.builder()        
    .attestorId("string")
    .description("string")
    .etag("string")
    .name("string")
    .project("string")
    .userOwnedDrydockNote(UserOwnedDrydockNoteArgs.builder()
        .noteReference("string")
        .publicKeys(AttestorPublicKeyArgs.builder()
            .asciiArmoredPgpPublicKey("string")
            .comment("string")
            .id("string")
            .pkixPublicKey(PkixPublicKeyArgs.builder()
                .publicKeyPem("string")
                .signatureAlgorithm("SIGNATURE_ALGORITHM_UNSPECIFIED")
                .build())
            .build())
        .build())
    .build());

google_native_attestor_resource = google_native.binaryauthorization.v1beta1.Attestor("google-nativeAttestorResource",
    attestor_id="string",
    description="string",
    etag="string",
    name="string",
    project="string",
    user_owned_drydock_note=google_native.binaryauthorization.v1beta1.UserOwnedDrydockNoteArgs(
        note_reference="string",
        public_keys=[google_native.binaryauthorization.v1beta1.AttestorPublicKeyArgs(
            ascii_armored_pgp_public_key="string",
            comment="string",
            id="string",
            pkix_public_key=google_native.binaryauthorization.v1beta1.PkixPublicKeyArgs(
                public_key_pem="string",
                signature_algorithm=google_native.binaryauthorization.v1beta1.PkixPublicKeySignatureAlgorithm.SIGNATURE_ALGORITHM_UNSPECIFIED,
            ),
        )],
    ))

const google_nativeAttestorResource = new google_native.binaryauthorization.v1beta1.Attestor("google-nativeAttestorResource", {
    attestorId: "string",
    description: "string",
    etag: "string",
    name: "string",
    project: "string",
    userOwnedDrydockNote: {
        noteReference: "string",
        publicKeys: [{
            asciiArmoredPgpPublicKey: "string",
            comment: "string",
            id: "string",
            pkixPublicKey: {
                publicKeyPem: "string",
                signatureAlgorithm: google_native.binaryauthorization.v1beta1.PkixPublicKeySignatureAlgorithm.SignatureAlgorithmUnspecified,
            },
        }],
    },
});

type: google-native:binaryauthorization/v1beta1:Attestor
properties:
    attestorId: string
    description: string
    etag: string
    name: string
    project: string
    userOwnedDrydockNote:
        noteReference: string
        publicKeys:
            - asciiArmoredPgpPublicKey: string
              comment: string
              id: string
              pkixPublicKey:
                publicKeyPem: string
                signatureAlgorithm: SIGNATURE_ALGORITHM_UNSPECIFIED

Attestor Resource Properties

To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

Inputs

The Attestor resource accepts the following input properties:

AttestorId string: Required. The attestors ID.
Description string: Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
Etag string: Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
Name string: The resource name, in the format: projects/*/attestors/*. This field may not be updated.
Project string
UserOwnedDrydockNote Pulumi.GoogleNative.BinaryAuthorization.V1Beta1.Inputs.UserOwnedDrydockNote: A Drydock ATTESTATION_AUTHORITY Note, created by the user.

AttestorId string: Required. The attestors ID.
Description string: Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
Etag string: Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
Name string: The resource name, in the format: projects/*/attestors/*. This field may not be updated.
Project string
UserOwnedDrydockNote UserOwnedDrydockNoteArgs: A Drydock ATTESTATION_AUTHORITY Note, created by the user.

attestorId String: Required. The attestors ID.
description String: Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
etag String: Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
name String: The resource name, in the format: projects/*/attestors/*. This field may not be updated.
project String
userOwnedDrydockNote UserOwnedDrydockNote: A Drydock ATTESTATION_AUTHORITY Note, created by the user.

attestorId string: Required. The attestors ID.
description string: Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
etag string: Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
name string: The resource name, in the format: projects/*/attestors/*. This field may not be updated.
project string
userOwnedDrydockNote UserOwnedDrydockNote: A Drydock ATTESTATION_AUTHORITY Note, created by the user.

attestor_id str: Required. The attestors ID.
description str: Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
etag str: Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
name str: The resource name, in the format: projects/*/attestors/*. This field may not be updated.
project str
user_owned_drydock_note UserOwnedDrydockNoteArgs: A Drydock ATTESTATION_AUTHORITY Note, created by the user.

attestorId String: Required. The attestors ID.
description String: Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
etag String: Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
name String: The resource name, in the format: projects/*/attestors/*. This field may not be updated.
project String
userOwnedDrydockNote Property Map: A Drydock ATTESTATION_AUTHORITY Note, created by the user.

Outputs

All input properties are implicitly available as output properties. Additionally, the Attestor resource produces the following output properties:

Id string: The provider-assigned unique ID for this managed resource.
UpdateTime string: Time when the attestor was last updated.

Id string: The provider-assigned unique ID for this managed resource.
UpdateTime string: Time when the attestor was last updated.

id String: The provider-assigned unique ID for this managed resource.
updateTime String: Time when the attestor was last updated.

id string: The provider-assigned unique ID for this managed resource.
updateTime string: Time when the attestor was last updated.

id str: The provider-assigned unique ID for this managed resource.
update_time str: Time when the attestor was last updated.

id String: The provider-assigned unique ID for this managed resource.
updateTime String: Time when the attestor was last updated.

Supporting Types

AttestorPublicKey, AttestorPublicKeyArgs

AsciiArmoredPgpPublicKey string: ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
Comment string: Optional. A descriptive comment. This field may be updated.
Id string: The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on public_key cases below for details.
PkixPublicKey Pulumi.GoogleNative.BinaryAuthorization.V1Beta1.Inputs.PkixPublicKey: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

AsciiArmoredPgpPublicKey string: ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
Comment string: Optional. A descriptive comment. This field may be updated.
Id string: The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on public_key cases below for details.
PkixPublicKey PkixPublicKey: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

asciiArmoredPgpPublicKey String: ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
comment String: Optional. A descriptive comment. This field may be updated.
id String: The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on public_key cases below for details.
pkixPublicKey PkixPublicKey: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

asciiArmoredPgpPublicKey string: ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
comment string: Optional. A descriptive comment. This field may be updated.
id string: The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on public_key cases below for details.
pkixPublicKey PkixPublicKey: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

ascii_armored_pgp_public_key str: ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
comment str: Optional. A descriptive comment. This field may be updated.
id str: The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on public_key cases below for details.
pkix_public_key PkixPublicKey: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

asciiArmoredPgpPublicKey String: ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
comment String: Optional. A descriptive comment. This field may be updated.
id String: The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on public_key cases below for details.
pkixPublicKey Property Map: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

AttestorPublicKeyResponse, AttestorPublicKeyResponseArgs

AsciiArmoredPgpPublicKey string: ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
Comment string: Optional. A descriptive comment. This field may be updated.
PkixPublicKey Pulumi.GoogleNative.BinaryAuthorization.V1Beta1.Inputs.PkixPublicKeyResponse: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

AsciiArmoredPgpPublicKey string: ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
Comment string: Optional. A descriptive comment. This field may be updated.
PkixPublicKey PkixPublicKeyResponse: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

asciiArmoredPgpPublicKey String: ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
comment String: Optional. A descriptive comment. This field may be updated.
pkixPublicKey PkixPublicKeyResponse: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

asciiArmoredPgpPublicKey string: ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
comment string: Optional. A descriptive comment. This field may be updated.
pkixPublicKey PkixPublicKeyResponse: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

ascii_armored_pgp_public_key str: ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
comment str: Optional. A descriptive comment. This field may be updated.
pkix_public_key PkixPublicKeyResponse: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

asciiArmoredPgpPublicKey String: ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
comment String: Optional. A descriptive comment. This field may be updated.
pkixPublicKey Property Map: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

PkixPublicKey, PkixPublicKeyArgs

PublicKeyPem string: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
SignatureAlgorithm Pulumi.GoogleNative.BinaryAuthorization.V1Beta1.PkixPublicKeySignatureAlgorithm: The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

PublicKeyPem string: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
SignatureAlgorithm PkixPublicKeySignatureAlgorithm: The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

publicKeyPem String: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
signatureAlgorithm PkixPublicKeySignatureAlgorithm: The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

publicKeyPem string: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
signatureAlgorithm PkixPublicKeySignatureAlgorithm: The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

public_key_pem str: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
signature_algorithm PkixPublicKeySignatureAlgorithm: The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

publicKeyPem String: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
signatureAlgorithm "SIGNATURE_ALGORITHM_UNSPECIFIED" | "RSA_PSS_2048_SHA256" | "RSA_SIGN_PSS_2048_SHA256" | "RSA_PSS_3072_SHA256" | "RSA_SIGN_PSS_3072_SHA256" | "RSA_PSS_4096_SHA256" | "RSA_SIGN_PSS_4096_SHA256" | "RSA_PSS_4096_SHA512" | "RSA_SIGN_PSS_4096_SHA512" | "RSA_SIGN_PKCS1_2048_SHA256" | "RSA_SIGN_PKCS1_3072_SHA256" | "RSA_SIGN_PKCS1_4096_SHA256" | "RSA_SIGN_PKCS1_4096_SHA512" | "ECDSA_P256_SHA256" | "EC_SIGN_P256_SHA256" | "ECDSA_P384_SHA384" | "EC_SIGN_P384_SHA384" | "ECDSA_P521_SHA512" | "EC_SIGN_P521_SHA512": The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

PkixPublicKeyResponse, PkixPublicKeyResponseArgs

PublicKeyPem string: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
SignatureAlgorithm string: The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

PublicKeyPem string: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
SignatureAlgorithm string: The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

publicKeyPem String: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
signatureAlgorithm String: The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

publicKeyPem string: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
signatureAlgorithm string: The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

public_key_pem str: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
signature_algorithm str: The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

publicKeyPem String: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
signatureAlgorithm String: The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

PkixPublicKeySignatureAlgorithm, PkixPublicKeySignatureAlgorithmArgs

SignatureAlgorithmUnspecified: SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified.
RsaPss2048Sha256: RSA_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
RsaSignPss2048Sha256: RSA_SIGN_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
RsaPss3072Sha256: RSA_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
RsaSignPss3072Sha256: RSA_SIGN_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
RsaPss4096Sha256: RSA_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
RsaSignPss4096Sha256: RSA_SIGN_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
RsaPss4096Sha512: RSA_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
RsaSignPss4096Sha512: RSA_SIGN_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
RsaSignPkcs12048Sha256: RSA_SIGN_PKCS1_2048_SHA256RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
RsaSignPkcs13072Sha256: RSA_SIGN_PKCS1_3072_SHA256RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
RsaSignPkcs14096Sha256: RSA_SIGN_PKCS1_4096_SHA256RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
RsaSignPkcs14096Sha512: RSA_SIGN_PKCS1_4096_SHA512RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
EcdsaP256Sha256: ECDSA_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
EcSignP256Sha256: EC_SIGN_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
EcdsaP384Sha384: ECDSA_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
EcSignP384Sha384: EC_SIGN_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
EcdsaP521Sha512: ECDSA_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
EcSignP521Sha512: EC_SIGN_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.

PkixPublicKeySignatureAlgorithmSignatureAlgorithmUnspecified: SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified.
PkixPublicKeySignatureAlgorithmRsaPss2048Sha256: RSA_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
PkixPublicKeySignatureAlgorithmRsaSignPss2048Sha256: RSA_SIGN_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
PkixPublicKeySignatureAlgorithmRsaPss3072Sha256: RSA_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
PkixPublicKeySignatureAlgorithmRsaSignPss3072Sha256: RSA_SIGN_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
PkixPublicKeySignatureAlgorithmRsaPss4096Sha256: RSA_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
PkixPublicKeySignatureAlgorithmRsaSignPss4096Sha256: RSA_SIGN_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
PkixPublicKeySignatureAlgorithmRsaPss4096Sha512: RSA_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
PkixPublicKeySignatureAlgorithmRsaSignPss4096Sha512: RSA_SIGN_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
PkixPublicKeySignatureAlgorithmRsaSignPkcs12048Sha256: RSA_SIGN_PKCS1_2048_SHA256RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
PkixPublicKeySignatureAlgorithmRsaSignPkcs13072Sha256: RSA_SIGN_PKCS1_3072_SHA256RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
PkixPublicKeySignatureAlgorithmRsaSignPkcs14096Sha256: RSA_SIGN_PKCS1_4096_SHA256RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
PkixPublicKeySignatureAlgorithmRsaSignPkcs14096Sha512: RSA_SIGN_PKCS1_4096_SHA512RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
PkixPublicKeySignatureAlgorithmEcdsaP256Sha256: ECDSA_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
PkixPublicKeySignatureAlgorithmEcSignP256Sha256: EC_SIGN_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
PkixPublicKeySignatureAlgorithmEcdsaP384Sha384: ECDSA_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
PkixPublicKeySignatureAlgorithmEcSignP384Sha384: EC_SIGN_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
PkixPublicKeySignatureAlgorithmEcdsaP521Sha512: ECDSA_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
PkixPublicKeySignatureAlgorithmEcSignP521Sha512: EC_SIGN_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.

SignatureAlgorithmUnspecified: SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified.
RsaPss2048Sha256: RSA_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
RsaSignPss2048Sha256: RSA_SIGN_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
RsaPss3072Sha256: RSA_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
RsaSignPss3072Sha256: RSA_SIGN_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
RsaPss4096Sha256: RSA_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
RsaSignPss4096Sha256: RSA_SIGN_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
RsaPss4096Sha512: RSA_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
RsaSignPss4096Sha512: RSA_SIGN_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
RsaSignPkcs12048Sha256: RSA_SIGN_PKCS1_2048_SHA256RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
RsaSignPkcs13072Sha256: RSA_SIGN_PKCS1_3072_SHA256RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
RsaSignPkcs14096Sha256: RSA_SIGN_PKCS1_4096_SHA256RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
RsaSignPkcs14096Sha512: RSA_SIGN_PKCS1_4096_SHA512RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
EcdsaP256Sha256: ECDSA_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
EcSignP256Sha256: EC_SIGN_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
EcdsaP384Sha384: ECDSA_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
EcSignP384Sha384: EC_SIGN_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
EcdsaP521Sha512: ECDSA_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
EcSignP521Sha512: EC_SIGN_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.

SignatureAlgorithmUnspecified: SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified.
RsaPss2048Sha256: RSA_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
RsaSignPss2048Sha256: RSA_SIGN_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
RsaPss3072Sha256: RSA_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
RsaSignPss3072Sha256: RSA_SIGN_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
RsaPss4096Sha256: RSA_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
RsaSignPss4096Sha256: RSA_SIGN_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
RsaPss4096Sha512: RSA_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
RsaSignPss4096Sha512: RSA_SIGN_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
RsaSignPkcs12048Sha256: RSA_SIGN_PKCS1_2048_SHA256RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
RsaSignPkcs13072Sha256: RSA_SIGN_PKCS1_3072_SHA256RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
RsaSignPkcs14096Sha256: RSA_SIGN_PKCS1_4096_SHA256RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
RsaSignPkcs14096Sha512: RSA_SIGN_PKCS1_4096_SHA512RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
EcdsaP256Sha256: ECDSA_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
EcSignP256Sha256: EC_SIGN_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
EcdsaP384Sha384: ECDSA_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
EcSignP384Sha384: EC_SIGN_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
EcdsaP521Sha512: ECDSA_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
EcSignP521Sha512: EC_SIGN_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.

SIGNATURE_ALGORITHM_UNSPECIFIED: SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified.
RSA_PSS2048_SHA256: RSA_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
RSA_SIGN_PSS2048_SHA256: RSA_SIGN_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
RSA_PSS3072_SHA256: RSA_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
RSA_SIGN_PSS3072_SHA256: RSA_SIGN_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
RSA_PSS4096_SHA256: RSA_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
RSA_SIGN_PSS4096_SHA256: RSA_SIGN_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
RSA_PSS4096_SHA512: RSA_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
RSA_SIGN_PSS4096_SHA512: RSA_SIGN_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
RSA_SIGN_PKCS12048_SHA256: RSA_SIGN_PKCS1_2048_SHA256RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
RSA_SIGN_PKCS13072_SHA256: RSA_SIGN_PKCS1_3072_SHA256RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
RSA_SIGN_PKCS14096_SHA256: RSA_SIGN_PKCS1_4096_SHA256RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
RSA_SIGN_PKCS14096_SHA512: RSA_SIGN_PKCS1_4096_SHA512RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
ECDSA_P256_SHA256: ECDSA_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
EC_SIGN_P256_SHA256: EC_SIGN_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
ECDSA_P384_SHA384: ECDSA_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
EC_SIGN_P384_SHA384: EC_SIGN_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
ECDSA_P521_SHA512: ECDSA_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
EC_SIGN_P521_SHA512: EC_SIGN_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.

"SIGNATURE_ALGORITHM_UNSPECIFIED": SIGNATURE_ALGORITHM_UNSPECIFIEDNot specified.
"RSA_PSS_2048_SHA256": RSA_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
"RSA_SIGN_PSS_2048_SHA256": RSA_SIGN_PSS_2048_SHA256RSASSA-PSS 2048 bit key with a SHA256 digest.
"RSA_PSS_3072_SHA256": RSA_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
"RSA_SIGN_PSS_3072_SHA256": RSA_SIGN_PSS_3072_SHA256RSASSA-PSS 3072 bit key with a SHA256 digest.
"RSA_PSS_4096_SHA256": RSA_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
"RSA_SIGN_PSS_4096_SHA256": RSA_SIGN_PSS_4096_SHA256RSASSA-PSS 4096 bit key with a SHA256 digest.
"RSA_PSS_4096_SHA512": RSA_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
"RSA_SIGN_PSS_4096_SHA512": RSA_SIGN_PSS_4096_SHA512RSASSA-PSS 4096 bit key with a SHA512 digest.
"RSA_SIGN_PKCS1_2048_SHA256": RSA_SIGN_PKCS1_2048_SHA256RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
"RSA_SIGN_PKCS1_3072_SHA256": RSA_SIGN_PKCS1_3072_SHA256RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
"RSA_SIGN_PKCS1_4096_SHA256": RSA_SIGN_PKCS1_4096_SHA256RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
"RSA_SIGN_PKCS1_4096_SHA512": RSA_SIGN_PKCS1_4096_SHA512RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
"ECDSA_P256_SHA256": ECDSA_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
"EC_SIGN_P256_SHA256": EC_SIGN_P256_SHA256ECDSA on the NIST P-256 curve with a SHA256 digest.
"ECDSA_P384_SHA384": ECDSA_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
"EC_SIGN_P384_SHA384": EC_SIGN_P384_SHA384ECDSA on the NIST P-384 curve with a SHA384 digest.
"ECDSA_P521_SHA512": ECDSA_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.
"EC_SIGN_P521_SHA512": EC_SIGN_P521_SHA512ECDSA on the NIST P-521 curve with a SHA512 digest.

UserOwnedDrydockNote, UserOwnedDrydockNoteArgs

NoteReference string: The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
PublicKeys List<Pulumi.GoogleNative.BinaryAuthorization.V1Beta1.Inputs.AttestorPublicKey>: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

NoteReference string: The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
PublicKeys []AttestorPublicKey: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

noteReference String: The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
publicKeys List<AttestorPublicKey>: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

noteReference string: The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
publicKeys AttestorPublicKey[]: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

note_reference str: The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
public_keys Sequence[AttestorPublicKey]: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

noteReference String: The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
publicKeys List<Property Map>: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

UserOwnedDrydockNoteResponse, UserOwnedDrydockNoteResponseArgs

DelegationServiceAccountEmail string: This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
NoteReference string: The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
PublicKeys List<Pulumi.GoogleNative.BinaryAuthorization.V1Beta1.Inputs.AttestorPublicKeyResponse>: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

DelegationServiceAccountEmail string: This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
NoteReference string: The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
PublicKeys []AttestorPublicKeyResponse: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

delegationServiceAccountEmail String: This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
noteReference String: The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
publicKeys List<AttestorPublicKeyResponse>: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

delegationServiceAccountEmail string: This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
noteReference string: The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
publicKeys AttestorPublicKeyResponse[]: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

delegation_service_account_email str: This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
note_reference str: The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
public_keys Sequence[AttestorPublicKeyResponse]: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

delegationServiceAccountEmail String: This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
noteReference String: The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
publicKeys List<Property Map>: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

Package Details

Repository: Google Cloud Native pulumi/pulumi-google-native
License: Apache-2.0

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

pulumi/pulumi-google-native

google-native.binaryauthorization/v1beta1.Attestor

On this page

On this page

Create Attestor Resource

Constructor syntax

Parameters

Example

Attestor Resource Properties

Inputs

Outputs

Supporting Types

AttestorPublicKey, AttestorPublicKeyArgs

AttestorPublicKeyResponse, AttestorPublicKeyResponseArgs

PkixPublicKey, PkixPublicKeyArgs

PkixPublicKeyResponse, PkixPublicKeyResponseArgs

PkixPublicKeySignatureAlgorithm, PkixPublicKeySignatureAlgorithmArgs

UserOwnedDrydockNote, UserOwnedDrydockNoteArgs

UserOwnedDrydockNoteResponse, UserOwnedDrydockNoteResponseArgs

Package Details

On this page

On this page