1. Packages
  2. Google Cloud Native
  3. API Docs
  4. binaryauthorization
  5. binaryauthorization/v1
  6. getAttestor

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

google-native.binaryauthorization/v1.getAttestor

Explore with Pulumi AI

google-native logo

Google Cloud Native is in preview. Google Cloud Classic is fully supported.

Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi

    Gets an attestor. Returns NOT_FOUND if the attestor does not exist.

    Using getAttestor

    Two invocation forms are available. The direct form accepts plain arguments and either blocks until the result value is available, or returns a Promise-wrapped result. The output form accepts Input-wrapped arguments and returns an Output-wrapped result.

    function getAttestor(args: GetAttestorArgs, opts?: InvokeOptions): Promise<GetAttestorResult>
    function getAttestorOutput(args: GetAttestorOutputArgs, opts?: InvokeOptions): Output<GetAttestorResult>
    def get_attestor(attestor_id: Optional[str] = None,
                     project: Optional[str] = None,
                     opts: Optional[InvokeOptions] = None) -> GetAttestorResult
    def get_attestor_output(attestor_id: Optional[pulumi.Input[str]] = None,
                     project: Optional[pulumi.Input[str]] = None,
                     opts: Optional[InvokeOptions] = None) -> Output[GetAttestorResult]
    func LookupAttestor(ctx *Context, args *LookupAttestorArgs, opts ...InvokeOption) (*LookupAttestorResult, error)
    func LookupAttestorOutput(ctx *Context, args *LookupAttestorOutputArgs, opts ...InvokeOption) LookupAttestorResultOutput

    > Note: This function is named LookupAttestor in the Go SDK.

    public static class GetAttestor 
    {
        public static Task<GetAttestorResult> InvokeAsync(GetAttestorArgs args, InvokeOptions? opts = null)
        public static Output<GetAttestorResult> Invoke(GetAttestorInvokeArgs args, InvokeOptions? opts = null)
    }
    public static CompletableFuture<GetAttestorResult> getAttestor(GetAttestorArgs args, InvokeOptions options)
    // Output-based functions aren't available in Java yet
    
    fn::invoke:
      function: google-native:binaryauthorization/v1:getAttestor
      arguments:
        # arguments dictionary

    The following arguments are supported:

    AttestorId string
    Project string
    AttestorId string
    Project string
    attestorId String
    project String
    attestorId string
    project string
    attestorId String
    project String

    getAttestor Result

    The following output properties are available:

    Description string
    Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
    Etag string
    Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
    Name string
    The resource name, in the format: projects/*/attestors/*. This field may not be updated.
    UpdateTime string
    Time when the attestor was last updated.
    UserOwnedGrafeasNote Pulumi.GoogleNative.BinaryAuthorization.V1.Outputs.UserOwnedGrafeasNoteResponse
    This specifies how an attestation will be read, and how it will be used during policy enforcement.
    Description string
    Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
    Etag string
    Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
    Name string
    The resource name, in the format: projects/*/attestors/*. This field may not be updated.
    UpdateTime string
    Time when the attestor was last updated.
    UserOwnedGrafeasNote UserOwnedGrafeasNoteResponse
    This specifies how an attestation will be read, and how it will be used during policy enforcement.
    description String
    Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
    etag String
    Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
    name String
    The resource name, in the format: projects/*/attestors/*. This field may not be updated.
    updateTime String
    Time when the attestor was last updated.
    userOwnedGrafeasNote UserOwnedGrafeasNoteResponse
    This specifies how an attestation will be read, and how it will be used during policy enforcement.
    description string
    Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
    etag string
    Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
    name string
    The resource name, in the format: projects/*/attestors/*. This field may not be updated.
    updateTime string
    Time when the attestor was last updated.
    userOwnedGrafeasNote UserOwnedGrafeasNoteResponse
    This specifies how an attestation will be read, and how it will be used during policy enforcement.
    description str
    Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
    etag str
    Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
    name str
    The resource name, in the format: projects/*/attestors/*. This field may not be updated.
    update_time str
    Time when the attestor was last updated.
    user_owned_grafeas_note UserOwnedGrafeasNoteResponse
    This specifies how an attestation will be read, and how it will be used during policy enforcement.
    description String
    Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
    etag String
    Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
    name String
    The resource name, in the format: projects/*/attestors/*. This field may not be updated.
    updateTime String
    Time when the attestor was last updated.
    userOwnedGrafeasNote Property Map
    This specifies how an attestation will be read, and how it will be used during policy enforcement.

    Supporting Types

    AttestorPublicKeyResponse

    AsciiArmoredPgpPublicKey string
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    Comment string
    Optional. A descriptive comment. This field may be updated.
    PkixPublicKey Pulumi.GoogleNative.BinaryAuthorization.V1.Inputs.PkixPublicKeyResponse
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    AsciiArmoredPgpPublicKey string
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    Comment string
    Optional. A descriptive comment. This field may be updated.
    PkixPublicKey PkixPublicKeyResponse
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    asciiArmoredPgpPublicKey String
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    comment String
    Optional. A descriptive comment. This field may be updated.
    pkixPublicKey PkixPublicKeyResponse
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    asciiArmoredPgpPublicKey string
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    comment string
    Optional. A descriptive comment. This field may be updated.
    pkixPublicKey PkixPublicKeyResponse
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    ascii_armored_pgp_public_key str
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    comment str
    Optional. A descriptive comment. This field may be updated.
    pkix_public_key PkixPublicKeyResponse
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
    asciiArmoredPgpPublicKey String
    ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    comment String
    Optional. A descriptive comment. This field may be updated.
    pkixPublicKey Property Map
    A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

    PkixPublicKeyResponse

    KeyId string
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    PublicKeyPem string
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    SignatureAlgorithm string
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    KeyId string
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    PublicKeyPem string
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    SignatureAlgorithm string
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    keyId String
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    publicKeyPem String
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    signatureAlgorithm String
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    keyId string
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    publicKeyPem string
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    signatureAlgorithm string
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    key_id str
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    public_key_pem str
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    signature_algorithm str
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
    keyId String
    Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
    publicKeyPem String
    A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
    signatureAlgorithm String
    The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).

    UserOwnedGrafeasNoteResponse

    DelegationServiceAccountEmail string
    This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
    NoteReference string
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    PublicKeys List<Pulumi.GoogleNative.BinaryAuthorization.V1.Inputs.AttestorPublicKeyResponse>
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    DelegationServiceAccountEmail string
    This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
    NoteReference string
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    PublicKeys []AttestorPublicKeyResponse
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    delegationServiceAccountEmail String
    This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
    noteReference String
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    publicKeys List<AttestorPublicKeyResponse>
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    delegationServiceAccountEmail string
    This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
    noteReference string
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    publicKeys AttestorPublicKeyResponse[]
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    delegation_service_account_email str
    This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
    note_reference str
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    public_keys Sequence[AttestorPublicKeyResponse]
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    delegationServiceAccountEmail String
    This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
    noteReference String
    The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/*/notes/*. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
    publicKeys List<Property Map>
    Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

    Package Details

    Repository
    Google Cloud Native pulumi/pulumi-google-native
    License
    Apache-2.0
    google-native logo

    Google Cloud Native is in preview. Google Cloud Classic is fully supported.

    Google Cloud Native v0.32.0 published on Wednesday, Nov 29, 2023 by Pulumi