pulumi-gcp-kotlin/com.pulumi.gcp.containeranalysis.kotlin/Occurence

Occurence

class Occurence : KotlinCustomResource

An occurrence is an instance of a Note, or type of analysis that can be done for a resource. To get more information about Occurrence, see:

Example Usage

Container Analysis Occurrence Kms

package generated_program;
import com.pulumi.Context;
import com.pulumi.Pulumi;
import com.pulumi.core.Output;
import com.pulumi.gcp.containeranalysis.Note;
import com.pulumi.gcp.containeranalysis.NoteArgs;
import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;
import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;
import com.pulumi.gcp.kms.KmsFunctions;
import com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;
import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;
import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;
import com.pulumi.gcp.binaryauthorization.Attestor;
import com.pulumi.gcp.binaryauthorization.AttestorArgs;
import com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;
import com.pulumi.gcp.containeranalysis.Occurence;
import com.pulumi.gcp.containeranalysis.OccurenceArgs;
import com.pulumi.gcp.containeranalysis.inputs.OccurenceAttestationArgs;
import java.util.List;
import java.util.ArrayList;
import java.util.Map;
import java.io.File;
import java.nio.file.Files;
import java.nio.file.Paths;
public class App {
    public static void main(String[] args) {
        Pulumi.run(App::stack);
    }
    public static void stack(Context ctx) {
        var note = new Note("note", NoteArgs.builder()
            .name("attestation-note")
            .attestationAuthority(NoteAttestationAuthorityArgs.builder()
                .hint(NoteAttestationAuthorityHintArgs.builder()
                    .humanReadableName("Attestor Note")
                    .build())
                .build())
            .build());
        final var keyring = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()
            .name("my-key-ring")
            .location("global")
            .build());
        final var crypto-key = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()
            .name("my-key")
            .keyRing(keyring.applyValue(getKMSKeyRingResult -> getKMSKeyRingResult.id()))
            .build());
        final var version = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()
            .cryptoKey(crypto_key.id())
            .build());
        var attestor = new Attestor("attestor", AttestorArgs.builder()
            .name("attestor")
            .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()
                .noteReference(note.name())
                .publicKeys(AttestorAttestationAuthorityNotePublicKeyArgs.builder()
                    .id(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.id()))
                    .pkixPublicKey(AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs.builder()
                        .publicKeyPem(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.publicKeys()[0].pem()))
                        .signatureAlgorithm(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.publicKeys()[0].algorithm()))
                        .build())
                    .build())
                .build())
            .build());
        var occurrence = new Occurence("occurrence", OccurenceArgs.builder()
            .resourceUri("gcr.io/my-project/my-image")
            .noteName(note.id())
            .attestation(OccurenceAttestationArgs.builder()
                .serializedPayload(StdFunctions.filebase64(Filebase64Args.builder()
                    .input("path/to/my/payload.json")
                    .build()).result())
                .signatures(OccurenceAttestationSignatureArgs.builder()
                    .publicKeyId(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.id()))
                    .serializedPayload(StdFunctions.filebase64(Filebase64Args.builder()
                        .input("path/to/my/payload.json.sig")
                        .build()).result())
                    .build())
                .build())
            .build());
    }
}
Content copied to clipboard
resources:
  attestor:
    type: gcp:binaryauthorization:Attestor
    properties:
      name: attestor
      attestationAuthorityNote:
        noteReference: ${note.name}
        publicKeys:
          - id: ${version.id}
            pkixPublicKey:
              publicKeyPem: ${version.publicKeys[0].pem}
              signatureAlgorithm: ${version.publicKeys[0].algorithm}
  note:
    type: gcp:containeranalysis:Note
    properties:
      name: attestation-note
      attestationAuthority:
        hint:
          humanReadableName: Attestor Note
  occurrence:
    type: gcp:containeranalysis:Occurence
    properties:
      resourceUri: gcr.io/my-project/my-image
      noteName: ${note.id}
      attestation:
        serializedPayload:
          fn::invoke:
            Function: std:filebase64
            Arguments:
              input: path/to/my/payload.json
            Return: result
        signatures:
          - publicKeyId: ${version.id}
            serializedPayload:
              fn::invoke:
                Function: std:filebase64
                Arguments:
                  input: path/to/my/payload.json.sig
                Return: result
variables:
  keyring:
    fn::invoke:
      Function: gcp:kms:getKMSKeyRing
      Arguments:
        name: my-key-ring
        location: global
  crypto-key:
    fn::invoke:
      Function: gcp:kms:getKMSCryptoKey
      Arguments:
        name: my-key
        keyRing: ${keyring.id}
  version:
    fn::invoke:
      Function: gcp:kms:getKMSCryptoKeyVersion
      Arguments:
        cryptoKey: ${["crypto-key"].id}
Content copied to clipboard

Import

Occurrence can be imported using any of these accepted formats:

  • projects/{{project}}/occurrences/{{name}}

  • {{project}}/{{name}}

  • {{name}} When using the pulumi import command, Occurrence can be imported using one of the formats above. For example:

$ pulumi import gcp:containeranalysis/occurence:Occurence default projects/{{project}}/occurrences/{{name}}
Content copied to clipboard
$ pulumi import gcp:containeranalysis/occurence:Occurence default {{project}}/{{name}}
Content copied to clipboard
$ pulumi import gcp:containeranalysis/occurence:Occurence default {{name}}
Content copied to clipboard

Properties

Link copied to clipboard
val attestation: Output<OccurenceAttestation>

Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

Link copied to clipboard
val createTime: Output<String>

The time when the repository was created.

Link copied to clipboard
val id: Output<String>
Link copied to clipboard
val kind: Output<String>

The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

Link copied to clipboard
val name: Output<String>

The name of the occurrence.

Link copied to clipboard
val noteName: Output<String>

The analysis note associated with this occurrence, in the form of projects/PROJECT/notes/NOTE_ID. This field can be used as a filter in list requests.

Link copied to clipboard
val project: Output<String>
Link copied to clipboard
val pulumiChildResources: Set<KotlinResource>
Link copied to clipboard
Link copied to clipboard
Link copied to clipboard
val remediation: Output<String>?

A description of actions that can be taken to remedy the note.

Link copied to clipboard
val resourceUri: Output<String>

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

Link copied to clipboard
val updateTime: Output<String>

The time when the repository was last updated.

Link copied to clipboard
val urn: Output<String>