pulumi-gcp-kotlin/com.pulumi.gcp.containeranalysis.kotlin/OccurenceArgs

OccurenceArgs

data class OccurenceArgs(val attestation: Output<OccurenceAttestationArgs>? = null, val noteName: Output<String>? = null, val project: Output<String>? = null, val remediation: Output<String>? = null, val resourceUri: Output<String>? = null) : ConvertibleToJava<OccurenceArgs>

An occurrence is an instance of a Note, or type of analysis that can be done for a resource. To get more information about Occurrence, see:

Example Usage

Container Analysis Occurrence Kms

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.containeranalysis.Note;
import com.pulumi.gcp.containeranalysis.NoteArgs;
import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;
import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;
import com.pulumi.gcp.kms.KmsFunctions;
import com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;
import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;
import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;
import com.pulumi.gcp.binaryauthorization.Attestor;
import com.pulumi.gcp.binaryauthorization.AttestorArgs;
import com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;
import com.pulumi.gcp.containeranalysis.Occurence;
import com.pulumi.gcp.containeranalysis.OccurenceArgs;
import com.pulumi.gcp.containeranalysis.inputs.OccurenceAttestationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var note = new Note("note", NoteArgs.builder()
            .name("attestation-note")
            .attestationAuthority(NoteAttestationAuthorityArgs.builder()
                .hint(NoteAttestationAuthorityHintArgs.builder()
                    .humanReadableName("Attestor Note")
                    .build())
                .build())
            .build());
        final var keyring = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()
            .name("my-key-ring")
            .location("global")
            .build());
        final var crypto-key = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()
            .name("my-key")
            .keyRing(keyring.applyValue(getKMSKeyRingResult -> getKMSKeyRingResult.id()))
            .build());
        final var version = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()
            .cryptoKey(crypto_key.id())
            .build());
        var attestor = new Attestor("attestor", AttestorArgs.builder()
            .name("attestor")
            .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()
                .noteReference(note.name())
                .publicKeys(AttestorAttestationAuthorityNotePublicKeyArgs.builder()
                    .id(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.id()))
                    .pkixPublicKey(AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs.builder()
                        .publicKeyPem(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.publicKeys()[0].pem()))
                        .signatureAlgorithm(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.publicKeys()[0].algorithm()))
                        .build())
                    .build())
                .build())
            .build());
        var occurrence = new Occurence("occurrence", OccurenceArgs.builder()
            .resourceUri("gcr.io/my-project/my-image")
            .noteName(note.id())
            .attestation(OccurenceAttestationArgs.builder()
                .serializedPayload(StdFunctions.filebase64(Filebase64Args.builder()
                    .input("path/to/my/payload.json")
                    .build()).result())
                .signatures(OccurenceAttestationSignatureArgs.builder()
                    .publicKeyId(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.id()))
                    .serializedPayload(StdFunctions.filebase64(Filebase64Args.builder()
                        .input("path/to/my/payload.json.sig")
                        .build()).result())
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  attestor:
    type: gcp:binaryauthorization:Attestor
    properties:
      name: attestor
      attestationAuthorityNote:
        noteReference: ${note.name}
        publicKeys:
          - id: ${version.id}
            pkixPublicKey:
              publicKeyPem: ${version.publicKeys[0].pem}
              signatureAlgorithm: ${version.publicKeys[0].algorithm}
  note:
    type: gcp:containeranalysis:Note
    properties:
      name: attestation-note
      attestationAuthority:
        hint:
          humanReadableName: Attestor Note
  occurrence:
    type: gcp:containeranalysis:Occurence
    properties:
      resourceUri: gcr.io/my-project/my-image
      noteName: ${note.id}
      attestation:
        serializedPayload:
          fn::invoke:
            Function: std:filebase64
            Arguments:
              input: path/to/my/payload.json
            Return: result
        signatures:
          - publicKeyId: ${version.id}
            serializedPayload:
              fn::invoke:
                Function: std:filebase64
                Arguments:
                  input: path/to/my/payload.json.sig
                Return: result
variables:
  keyring:
    fn::invoke:
      Function: gcp:kms:getKMSKeyRing
      Arguments:
        name: my-key-ring
        location: global
  crypto-key:
    fn::invoke:
      Function: gcp:kms:getKMSCryptoKey
      Arguments:
        name: my-key
        keyRing: ${keyring.id}
  version:
    fn::invoke:
      Function: gcp:kms:getKMSCryptoKeyVersion
      Arguments:
        cryptoKey: ${["crypto-key"].id}
Content copied to clipboard

Import

Occurrence can be imported using any of these accepted formats:

  • projects/{{project}}/occurrences/{{name}}

  • {{project}}/{{name}}

  • {{name}} When using the pulumi import command, Occurrence can be imported using one of the formats above. For example:

$ pulumi import gcp:containeranalysis/occurence:Occurence default projects/{{project}}/occurrences/{{name}}
Content copied to clipboard
$ pulumi import gcp:containeranalysis/occurence:Occurence default {{project}}/{{name}}
Content copied to clipboard
$ pulumi import gcp:containeranalysis/occurence:Occurence default {{name}}
Content copied to clipboard

Constructors

Link copied to clipboard
constructor(attestation: Output<OccurenceAttestationArgs>? = null, noteName: Output<String>? = null, project: Output<String>? = null, remediation: Output<String>? = null, resourceUri: Output<String>? = null)

Properties

Link copied to clipboard
val attestation: Output<OccurenceAttestationArgs>? = null

Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

Link copied to clipboard
val noteName: Output<String>? = null

The analysis note associated with this occurrence, in the form of projects/PROJECT/notes/NOTE_ID. This field can be used as a filter in list requests.

Link copied to clipboard
val project: Output<String>? = null
Link copied to clipboard
val remediation: Output<String>? = null

A description of actions that can be taken to remedy the note.

Link copied to clipboard
val resourceUri: Output<String>? = null

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

Functions

Link copied to clipboard
open override fun toJava(): OccurenceArgs