Attestor
data class AttestorArgs(val attestationAuthorityNote: Output<AttestorAttestationAuthorityNoteArgs>? = null, val description: Output<String>? = null, val name: Output<String>? = null, val project: Output<String>? = null) : ConvertibleToJava<AttestorArgs>
An attestor that attests to container image artifacts. To get more information about Attestor, see:
How-to Guides
Example Usage
Binary Authorization Attestor Basic
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const note = new gcp.containeranalysis.Note("note", {
name: "test-attestor-note",
attestationAuthority: {
hint: {
humanReadableName: "Attestor Note",
},
},
});
const attestor = new gcp.binaryauthorization.Attestor("attestor", {
name: "test-attestor",
attestationAuthorityNote: {
noteReference: note.name,
publicKeys: [{
asciiArmoredPgpPublicKey: `mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl
bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0
oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6
V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD
Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX
83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y
IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L
uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6
0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC
51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U
WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h
MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l
+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1
qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg
=6Bvm
`,
}],
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
note = gcp.containeranalysis.Note("note",
name="test-attestor-note",
attestation_authority={
"hint": {
"human_readable_name": "Attestor Note",
},
})
attestor = gcp.binaryauthorization.Attestor("attestor",
name="test-attestor",
attestation_authority_note={
"note_reference": note.name,
"public_keys": [{
"ascii_armored_pgp_public_key": """mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl
bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0
oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6
V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD
Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX
83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y
IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L
uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6
0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC
51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U
WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h
MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l
+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1
qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg
=6Bvm
""",
}],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var note = new Gcp.ContainerAnalysis.Note("note", new()
{
Name = "test-attestor-note",
AttestationAuthority = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityArgs
{
Hint = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityHintArgs
{
HumanReadableName = "Attestor Note",
},
},
});
var attestor = new Gcp.BinaryAuthorization.Attestor("attestor", new()
{
Name = "test-attestor",
AttestationAuthorityNote = new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNoteArgs
{
NoteReference = note.Name,
PublicKeys = new[]
{
new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNotePublicKeyArgs
{
AsciiArmoredPgpPublicKey = @"mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl
bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0
oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6
V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD
Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX
83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y
IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L
uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6
0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC
51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U
WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h
MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l
+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1
qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg
=6Bvm
",
},
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
note, err := containeranalysis.NewNote(ctx, "note", &containeranalysis.NoteArgs{
Name: pulumi.String("test-attestor-note"),
AttestationAuthority: &containeranalysis.NoteAttestationAuthorityArgs{
Hint: &containeranalysis.NoteAttestationAuthorityHintArgs{
HumanReadableName: pulumi.String("Attestor Note"),
},
},
})
if err != nil {
return err
}
_, err = binaryauthorization.NewAttestor(ctx, "attestor", &binaryauthorization.AttestorArgs{
Name: pulumi.String("test-attestor"),
AttestationAuthorityNote: &binaryauthorization.AttestorAttestationAuthorityNoteArgs{
NoteReference: note.Name,
PublicKeys: binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArray{
&binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArgs{
AsciiArmoredPgpPublicKey: pulumi.String(`mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl
bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0
oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6
V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD
Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX
83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y
IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L
uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6
0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC
51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U
WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h
MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l
+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1
qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg
=6Bvm
`),
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.containeranalysis.Note;
import com.pulumi.gcp.containeranalysis.NoteArgs;
import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;
import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;
import com.pulumi.gcp.binaryauthorization.Attestor;
import com.pulumi.gcp.binaryauthorization.AttestorArgs;
import com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var note = new Note("note", NoteArgs.builder()
.name("test-attestor-note")
.attestationAuthority(NoteAttestationAuthorityArgs.builder()
.hint(NoteAttestationAuthorityHintArgs.builder()
.humanReadableName("Attestor Note")
.build())
.build())
.build());
var attestor = new Attestor("attestor", AttestorArgs.builder()
.name("test-attestor")
.attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()
.noteReference(note.name())
.publicKeys(AttestorAttestationAuthorityNotePublicKeyArgs.builder()
.asciiArmoredPgpPublicKey("""
mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl
bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0
oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6
V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD
Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX
83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y
IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L
uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6
0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC
51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U
WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h
MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l
+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1
qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg
=6Bvm
""")
.build())
.build())
.build());
}
}Content copied to clipboard
resources:
attestor:
type: gcp:binaryauthorization:Attestor
properties:
name: test-attestor
attestationAuthorityNote:
noteReference: ${note.name}
publicKeys:
- asciiArmoredPgpPublicKey: |
mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl
bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0
oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6
V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD
Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX
83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y
IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L
uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6
0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC
51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U
WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h
MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l
+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1
qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg
=6Bvm
note:
type: gcp:containeranalysis:Note
properties:
name: test-attestor-note
attestationAuthority:
hint:
humanReadableName: Attestor NoteContent copied to clipboard
Binary Authorization Attestor Kms
import * as pulumi from "@pulumi/pulumi";
import * as gcp from "@pulumi/gcp";
const keyring = new gcp.kms.KeyRing("keyring", {
name: "test-attestor-key-ring",
location: "global",
});
const crypto_key = new gcp.kms.CryptoKey("crypto-key", {
name: "test-attestor-key",
keyRing: keyring.id,
purpose: "ASYMMETRIC_SIGN",
versionTemplate: {
algorithm: "RSA_SIGN_PKCS1_4096_SHA512",
},
});
const version = gcp.kms.getKMSCryptoKeyVersionOutput({
cryptoKey: crypto_key.id,
});
const note = new gcp.containeranalysis.Note("note", {
name: "test-attestor-note",
attestationAuthority: {
hint: {
humanReadableName: "Attestor Note",
},
},
});
const attestor = new gcp.binaryauthorization.Attestor("attestor", {
name: "test-attestor",
attestationAuthorityNote: {
noteReference: note.name,
publicKeys: [{
id: version.apply(version => version.id),
pkixPublicKey: {
publicKeyPem: version.apply(version => version.publicKeys?.[0]?.pem),
signatureAlgorithm: version.apply(version => version.publicKeys?.[0]?.algorithm),
},
}],
},
});Content copied to clipboard
import pulumi
import pulumi_gcp as gcp
keyring = gcp.kms.KeyRing("keyring",
name="test-attestor-key-ring",
location="global")
crypto_key = gcp.kms.CryptoKey("crypto-key",
name="test-attestor-key",
key_ring=keyring.id,
purpose="ASYMMETRIC_SIGN",
version_template={
"algorithm": "RSA_SIGN_PKCS1_4096_SHA512",
})
version = gcp.kms.get_kms_crypto_key_version_output(crypto_key=crypto_key.id)
note = gcp.containeranalysis.Note("note",
name="test-attestor-note",
attestation_authority={
"hint": {
"human_readable_name": "Attestor Note",
},
})
attestor = gcp.binaryauthorization.Attestor("attestor",
name="test-attestor",
attestation_authority_note={
"note_reference": note.name,
"public_keys": [{
"id": version.id,
"pkix_public_key": {
"public_key_pem": version.public_keys[0].pem,
"signature_algorithm": version.public_keys[0].algorithm,
},
}],
})Content copied to clipboard
using System.Collections.Generic;
using System.Linq;
using Pulumi;
using Gcp = Pulumi.Gcp;
return await Deployment.RunAsync(() =>
{
var keyring = new Gcp.Kms.KeyRing("keyring", new()
{
Name = "test-attestor-key-ring",
Location = "global",
});
var crypto_key = new Gcp.Kms.CryptoKey("crypto-key", new()
{
Name = "test-attestor-key",
KeyRing = keyring.Id,
Purpose = "ASYMMETRIC_SIGN",
VersionTemplate = new Gcp.Kms.Inputs.CryptoKeyVersionTemplateArgs
{
Algorithm = "RSA_SIGN_PKCS1_4096_SHA512",
},
});
var version = Gcp.Kms.GetKMSCryptoKeyVersion.Invoke(new()
{
CryptoKey = crypto_key.Id,
});
var note = new Gcp.ContainerAnalysis.Note("note", new()
{
Name = "test-attestor-note",
AttestationAuthority = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityArgs
{
Hint = new Gcp.ContainerAnalysis.Inputs.NoteAttestationAuthorityHintArgs
{
HumanReadableName = "Attestor Note",
},
},
});
var attestor = new Gcp.BinaryAuthorization.Attestor("attestor", new()
{
Name = "test-attestor",
AttestationAuthorityNote = new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNoteArgs
{
NoteReference = note.Name,
PublicKeys = new[]
{
new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNotePublicKeyArgs
{
Id = version.Apply(getKMSCryptoKeyVersionResult => getKMSCryptoKeyVersionResult.Id),
PkixPublicKey = new Gcp.BinaryAuthorization.Inputs.AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs
{
PublicKeyPem = version.Apply(getKMSCryptoKeyVersionResult => getKMSCryptoKeyVersionResult.PublicKeys[0]?.Pem),
SignatureAlgorithm = version.Apply(getKMSCryptoKeyVersionResult => getKMSCryptoKeyVersionResult.PublicKeys[0]?.Algorithm),
},
},
},
},
});
});Content copied to clipboard
package main
import (
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"
)
func main() {
pulumi.Run(func(ctx *pulumi.Context) error {
keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
Name: pulumi.String("test-attestor-key-ring"),
Location: pulumi.String("global"),
})
if err != nil {
return err
}
_, err = kms.NewCryptoKey(ctx, "crypto-key", &kms.CryptoKeyArgs{
Name: pulumi.String("test-attestor-key"),
KeyRing: keyring.ID(),
Purpose: pulumi.String("ASYMMETRIC_SIGN"),
VersionTemplate: &kms.CryptoKeyVersionTemplateArgs{
Algorithm: pulumi.String("RSA_SIGN_PKCS1_4096_SHA512"),
},
})
if err != nil {
return err
}
version := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{
CryptoKey: crypto_key.ID(),
}, nil)
note, err := containeranalysis.NewNote(ctx, "note", &containeranalysis.NoteArgs{
Name: pulumi.String("test-attestor-note"),
AttestationAuthority: &containeranalysis.NoteAttestationAuthorityArgs{
Hint: &containeranalysis.NoteAttestationAuthorityHintArgs{
HumanReadableName: pulumi.String("Attestor Note"),
},
},
})
if err != nil {
return err
}
_, err = binaryauthorization.NewAttestor(ctx, "attestor", &binaryauthorization.AttestorArgs{
Name: pulumi.String("test-attestor"),
AttestationAuthorityNote: &binaryauthorization.AttestorAttestationAuthorityNoteArgs{
NoteReference: note.Name,
PublicKeys: binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArray{
&binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArgs{
Id: version.ApplyT(func(version kms.GetKMSCryptoKeyVersionResult) (*string, error) {
return &version.Id, nil
}).(pulumi.StringPtrOutput),
PkixPublicKey: &binaryauthorization.AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs{
PublicKeyPem: version.ApplyT(func(version kms.GetKMSCryptoKeyVersionResult) (*string, error) {
return &version.PublicKeys[0].Pem, nil
}).(pulumi.StringPtrOutput),
SignatureAlgorithm: version.ApplyT(func(version kms.GetKMSCryptoKeyVersionResult) (*string, error) {
return &version.PublicKeys[0].Algorithm, nil
}).(pulumi.StringPtrOutput),
},
},
},
},
})
if err != nil {
return err
}
return nil
})
}Content copied to clipboard
package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.kms.KeyRing;
import com.pulumi.gcp.kms.KeyRingArgs;
import com.pulumi.gcp.kms.CryptoKey;
import com.pulumi.gcp.kms.CryptoKeyArgs;
import com.pulumi.gcp.kms.inputs.CryptoKeyVersionTemplateArgs;
import com.pulumi.gcp.kms.KmsFunctions;
import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;
import com.pulumi.gcp.containeranalysis.Note;
import com.pulumi.gcp.containeranalysis.NoteArgs;
import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;
import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;
import com.pulumi.gcp.binaryauthorization.Attestor;
import com.pulumi.gcp.binaryauthorization.AttestorArgs;
import com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
public static void main(String[] args) {
Pulumi.run(App::stack);
}
public static void stack(Context ctx) {
var keyring = new KeyRing("keyring", KeyRingArgs.builder()
.name("test-attestor-key-ring")
.location("global")
.build());
var crypto_key = new CryptoKey("crypto-key", CryptoKeyArgs.builder()
.name("test-attestor-key")
.keyRing(keyring.id())
.purpose("ASYMMETRIC_SIGN")
.versionTemplate(CryptoKeyVersionTemplateArgs.builder()
.algorithm("RSA_SIGN_PKCS1_4096_SHA512")
.build())
.build());
final var version = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()
.cryptoKey(crypto_key.id())
.build());
var note = new Note("note", NoteArgs.builder()
.name("test-attestor-note")
.attestationAuthority(NoteAttestationAuthorityArgs.builder()
.hint(NoteAttestationAuthorityHintArgs.builder()
.humanReadableName("Attestor Note")
.build())
.build())
.build());
var attestor = new Attestor("attestor", AttestorArgs.builder()
.name("test-attestor")
.attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()
.noteReference(note.name())
.publicKeys(AttestorAttestationAuthorityNotePublicKeyArgs.builder()
.id(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult).applyValue(version -> version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.id())))
.pkixPublicKey(AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs.builder()
.publicKeyPem(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult).applyValue(version -> version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.publicKeys()[0].pem())))
.signatureAlgorithm(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult).applyValue(version -> version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.publicKeys()[0].algorithm())))
.build())
.build())
.build())
.build());
}
}Content copied to clipboard
resources:
attestor:
type: gcp:binaryauthorization:Attestor
properties:
name: test-attestor
attestationAuthorityNote:
noteReference: ${note.name}
publicKeys:
- id: ${version.id}
pkixPublicKey:
publicKeyPem: ${version.publicKeys[0].pem}
signatureAlgorithm: ${version.publicKeys[0].algorithm}
note:
type: gcp:containeranalysis:Note
properties:
name: test-attestor-note
attestationAuthority:
hint:
humanReadableName: Attestor Note
crypto-key:
type: gcp:kms:CryptoKey
properties:
name: test-attestor-key
keyRing: ${keyring.id}
purpose: ASYMMETRIC_SIGN
versionTemplate:
algorithm: RSA_SIGN_PKCS1_4096_SHA512
keyring:
type: gcp:kms:KeyRing
properties:
name: test-attestor-key-ring
location: global
variables:
version:
fn::invoke:
Function: gcp:kms:getKMSCryptoKeyVersion
Arguments:
cryptoKey: ${["crypto-key"].id}Content copied to clipboard
Import
Attestor can be imported using any of these accepted formats:
projects/{{project}}/attestors/{{name}}{{project}}/{{name}}{{name}}When using thepulumi importcommand, Attestor can be imported using one of the formats above. For example:
$ pulumi import gcp:binaryauthorization/attestor:Attestor default projects/{{project}}/attestors/{{name}}Content copied to clipboard
$ pulumi import gcp:binaryauthorization/attestor:Attestor default {{project}}/{{name}}Content copied to clipboard
$ pulumi import gcp:binaryauthorization/attestor:Attestor default {{name}}Content copied to clipboard
Constructors
Link copied to clipboard
constructor(attestationAuthorityNote: Output<AttestorAttestationAuthorityNoteArgs>? = null, description: Output<String>? = null, name: Output<String>? = null, project: Output<String>? = null)