pulumi-gcp-kotlin/com.pulumi.gcp.containeranalysis.kotlin/OccurenceArgs

OccurenceArgs

data class OccurenceArgs(val attestation: Output<OccurenceAttestationArgs>? = null, val noteName: Output<String>? = null, val project: Output<String>? = null, val remediation: Output<String>? = null, val resourceUri: Output<String>? = null) : ConvertibleToJava<OccurenceArgs>

An occurrence is an instance of a Note, or type of analysis that can be done for a resource. To get more information about Occurrence, see:

Example Usage

Container Analysis Occurrence Kms

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.containeranalysis.Note;
import com.pulumi.gcp.containeranalysis.NoteArgs;
import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;
import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;
import com.pulumi.gcp.kms.KmsFunctions;
import com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;
import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;
import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;
import com.pulumi.gcp.binaryauthorization.Attestor;
import com.pulumi.gcp.binaryauthorization.AttestorArgs;
import com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;
import com.pulumi.gcp.containeranalysis.Occurence;
import com.pulumi.gcp.containeranalysis.OccurenceArgs;
import com.pulumi.gcp.containeranalysis.inputs.OccurenceAttestationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var note = new Note("note", NoteArgs.builder()
            .attestationAuthority(NoteAttestationAuthorityArgs.builder()
                .hint(NoteAttestationAuthorityHintArgs.builder()
                    .humanReadableName("Attestor Note")
                    .build())
                .build())
            .build());
        final var keyring = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()
            .name("my-key-ring")
            .location("global")
            .build());
        final var crypto-key = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()
            .name("my-key")
            .keyRing(keyring.applyValue(getKMSKeyRingResult -> getKMSKeyRingResult.id()))
            .build());
        final var version = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()
            .cryptoKey(crypto_key.id())
            .build());
        var attestor = new Attestor("attestor", AttestorArgs.builder()
            .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()
                .noteReference(note.name())
                .publicKeys(AttestorAttestationAuthorityNotePublicKeyArgs.builder()
                    .id(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.id()))
                    .pkixPublicKey(AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs.builder()
                        .publicKeyPem(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.publicKeys()[0].pem()))
                        .signatureAlgorithm(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.publicKeys()[0].algorithm()))
                        .build())
                    .build())
                .build())
            .build());
        var occurrence = new Occurence("occurrence", OccurenceArgs.builder()
            .resourceUri("gcr.io/my-project/my-image")
            .noteName(note.id())
            .attestation(OccurenceAttestationArgs.builder()
                .serializedPayload(Base64.getEncoder().encodeToString(Files.readAllBytes(Paths.get("path/to/my/payload.json"))))
                .signatures(OccurenceAttestationSignatureArgs.builder()
                    .publicKeyId(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.id()))
                    .serializedPayload(Base64.getEncoder().encodeToString(Files.readAllBytes(Paths.get("path/to/my/payload.json.sig"))))
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard

Import

Occurrence can be imported using any of these accepted formats

$ pulumi import gcp:containeranalysis/occurence:Occurence default projects/{{project}}/occurrences/{{name}}
Content copied to clipboard
$ pulumi import gcp:containeranalysis/occurence:Occurence default {{project}}/{{name}}
Content copied to clipboard
$ pulumi import gcp:containeranalysis/occurence:Occurence default {{name}}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(attestation: Output<OccurenceAttestationArgs>? = null, noteName: Output<String>? = null, project: Output<String>? = null, remediation: Output<String>? = null, resourceUri: Output<String>? = null)

Properties

Link copied to clipboard
val attestation: Output<OccurenceAttestationArgs>? = null

Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

Link copied to clipboard
val noteName: Output<String>? = null

The analysis note associated with this occurrence, in the form of projects/PROJECT/notes/NOTE_ID. This field can be used as a filter in list requests.

Link copied to clipboard
val project: Output<String>? = null

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Link copied to clipboard
val remediation: Output<String>? = null

A description of actions that can be taken to remedy the note.

Link copied to clipboard
val resourceUri: Output<String>? = null

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

Functions

Link copied to clipboard
open override fun toJava(): OccurenceArgs