Occurence
An occurrence is an instance of a Note, or type of analysis that can be done for a resource. To get more information about Occurrence, see:
How-to Guides
Example Usage
Container Analysis Occurrence Kms
resources:
attestor:
type: gcp:binaryauthorization:Attestor
properties:
name: attestor
attestationAuthorityNote:
noteReference: ${note.name}
publicKeys:
- id: ${version.id}
pkixPublicKey:
publicKeyPem: ${version.publicKeys[0].pem}
signatureAlgorithm: ${version.publicKeys[0].algorithm}
note:
type: gcp:containeranalysis:Note
properties:
name: attestation-note
attestationAuthority:
hint:
humanReadableName: Attestor Note
occurrence:
type: gcp:containeranalysis:Occurence
properties:
resourceUri: gcr.io/my-project/my-image
noteName: ${note.id}
attestation:
serializedPayload:
fn::invoke:
function: std:filebase64
arguments:
input: path/to/my/payload.json
return: result
signatures:
- publicKeyId: ${version.id}
serializedPayload:
fn::invoke:
function: std:filebase64
arguments:
input: path/to/my/payload.json.sig
return: result
variables:
keyring:
fn::invoke:
function: gcp:kms:getKMSKeyRing
arguments:
name: my-key-ring
location: global
crypto-key:
fn::invoke:
function: gcp:kms:getKMSCryptoKey
arguments:
name: my-key
keyRing: ${keyring.id}
version:
fn::invoke:
function: gcp:kms:getKMSCryptoKeyVersion
arguments:
cryptoKey: ${["crypto-key"].id}Import
Occurrence can be imported using any of these accepted formats:
projects/{{project}}/occurrences/{{name}}{{project}}/{{name}}{{name}}When using thepulumi importcommand, Occurrence can be imported using one of the formats above. For example:
$ pulumi import gcp:containeranalysis/occurence:Occurence default projects/{{project}}/occurrences/{{name}}$ pulumi import gcp:containeranalysis/occurence:Occurence default {{project}}/{{name}}$ pulumi import gcp:containeranalysis/occurence:Occurence default {{name}}Constructors
Properties
Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
A description of actions that can be taken to remedy the note.
Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.