pulumi-gcp-kotlin/com.pulumi.gcp.containeranalysis.kotlin/Occurence

Occurence

class Occurence : KotlinCustomResource

An occurrence is an instance of a Note, or type of analysis that can be done for a resource. To get more information about Occurrence, see:

Example Usage

Container Analysis Occurrence Kms

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.containeranalysis.Note;
import com.pulumi.gcp.containeranalysis.NoteArgs;
import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;
import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;
import com.pulumi.gcp.kms.KmsFunctions;
import com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;
import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;
import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;
import com.pulumi.gcp.binaryauthorization.Attestor;
import com.pulumi.gcp.binaryauthorization.AttestorArgs;
import com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;
import com.pulumi.gcp.containeranalysis.Occurence;
import com.pulumi.gcp.containeranalysis.OccurenceArgs;
import com.pulumi.gcp.containeranalysis.inputs.OccurenceAttestationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var note = new Note("note", NoteArgs.builder()
            .attestationAuthority(NoteAttestationAuthorityArgs.builder()
                .hint(NoteAttestationAuthorityHintArgs.builder()
                    .humanReadableName("Attestor Note")
                    .build())
                .build())
            .build());
        final var keyring = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()
            .name("my-key-ring")
            .location("global")
            .build());
        final var crypto-key = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()
            .name("my-key")
            .keyRing(keyring.applyValue(getKMSKeyRingResult -> getKMSKeyRingResult.id()))
            .build());
        final var version = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()
            .cryptoKey(crypto_key.id())
            .build());
        var attestor = new Attestor("attestor", AttestorArgs.builder()
            .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()
                .noteReference(note.name())
                .publicKeys(AttestorAttestationAuthorityNotePublicKeyArgs.builder()
                    .id(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.id()))
                    .pkixPublicKey(AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs.builder()
                        .publicKeyPem(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.publicKeys()[0].pem()))
                        .signatureAlgorithm(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.publicKeys()[0].algorithm()))
                        .build())
                    .build())
                .build())
            .build());
        var occurrence = new Occurence("occurrence", OccurenceArgs.builder()
            .resourceUri("gcr.io/my-project/my-image")
            .noteName(note.id())
            .attestation(OccurenceAttestationArgs.builder()
                .serializedPayload(Base64.getEncoder().encodeToString(Files.readAllBytes(Paths.get("path/to/my/payload.json"))))
                .signatures(OccurenceAttestationSignatureArgs.builder()
                    .publicKeyId(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.id()))
                    .serializedPayload(Base64.getEncoder().encodeToString(Files.readAllBytes(Paths.get("path/to/my/payload.json.sig"))))
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard

Import

Occurrence can be imported using any of these accepted formats

$ pulumi import gcp:containeranalysis/occurence:Occurence default projects/{{project}}/occurrences/{{name}}
Content copied to clipboard
$ pulumi import gcp:containeranalysis/occurence:Occurence default {{project}}/{{name}}
Content copied to clipboard
$ pulumi import gcp:containeranalysis/occurence:Occurence default {{name}}
Content copied to clipboard

Properties

Link copied to clipboard
val attestation: Output<OccurenceAttestation>

Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

Link copied to clipboard
val createTime: Output<String>

The time when the repository was created.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val kind: Output<String>

The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

Link copied to clipboard
val name: Output<String>

The name of the occurrence.

Link copied to clipboard
val noteName: Output<String>

The analysis note associated with this occurrence, in the form of projects/PROJECT/notes/NOTE_ID. This field can be used as a filter in list requests.

Link copied to clipboard
val project: Output<String>

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val remediation: Output<String>?

A description of actions that can be taken to remedy the note.

Link copied to clipboard
val resourceUri: Output<String>

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

Link copied to clipboard
val updateTime: Output<String>

The time when the repository was last updated.

Link copied to clipboard
val urn: Output<String>