1. Packages
  2. Google Cloud (GCP) Classic
  3. API Docs
  4. containeranalysis
  5. Occurence
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

gcp.containeranalysis.Occurence

Explore with Pulumi AI

gcp logo
Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi

    An occurrence is an instance of a Note, or type of analysis that can be done for a resource.

    To get more information about Occurrence, see:

    Example Usage

    Container Analysis Occurrence Kms

    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    Coming soon!
    
    package generated_program;
    
    import com.pulumi.Context;
    import com.pulumi.Pulumi;
    import com.pulumi.core.Output;
    import com.pulumi.gcp.containeranalysis.Note;
    import com.pulumi.gcp.containeranalysis.NoteArgs;
    import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityArgs;
    import com.pulumi.gcp.containeranalysis.inputs.NoteAttestationAuthorityHintArgs;
    import com.pulumi.gcp.kms.KmsFunctions;
    import com.pulumi.gcp.kms.inputs.GetKMSKeyRingArgs;
    import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyArgs;
    import com.pulumi.gcp.kms.inputs.GetKMSCryptoKeyVersionArgs;
    import com.pulumi.gcp.binaryauthorization.Attestor;
    import com.pulumi.gcp.binaryauthorization.AttestorArgs;
    import com.pulumi.gcp.binaryauthorization.inputs.AttestorAttestationAuthorityNoteArgs;
    import com.pulumi.gcp.containeranalysis.Occurence;
    import com.pulumi.gcp.containeranalysis.OccurenceArgs;
    import com.pulumi.gcp.containeranalysis.inputs.OccurenceAttestationArgs;
    import java.util.List;
    import java.util.ArrayList;
    import java.util.Map;
    import java.io.File;
    import java.nio.file.Files;
    import java.nio.file.Paths;
    
    public class App {
        public static void main(String[] args) {
            Pulumi.run(App::stack);
        }
    
        public static void stack(Context ctx) {
            var note = new Note("note", NoteArgs.builder()
                .name("attestation-note")
                .attestationAuthority(NoteAttestationAuthorityArgs.builder()
                    .hint(NoteAttestationAuthorityHintArgs.builder()
                        .humanReadableName("Attestor Note")
                        .build())
                    .build())
                .build());
    
            final var keyring = KmsFunctions.getKMSKeyRing(GetKMSKeyRingArgs.builder()
                .name("my-key-ring")
                .location("global")
                .build());
    
            final var crypto-key = KmsFunctions.getKMSCryptoKey(GetKMSCryptoKeyArgs.builder()
                .name("my-key")
                .keyRing(keyring.applyValue(getKMSKeyRingResult -> getKMSKeyRingResult.id()))
                .build());
    
            final var version = KmsFunctions.getKMSCryptoKeyVersion(GetKMSCryptoKeyVersionArgs.builder()
                .cryptoKey(crypto_key.id())
                .build());
    
            var attestor = new Attestor("attestor", AttestorArgs.builder()
                .name("attestor")
                .attestationAuthorityNote(AttestorAttestationAuthorityNoteArgs.builder()
                    .noteReference(note.name())
                    .publicKeys(AttestorAttestationAuthorityNotePublicKeyArgs.builder()
                        .id(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.id()))
                        .pkixPublicKey(AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs.builder()
                            .publicKeyPem(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.publicKeys()[0].pem()))
                            .signatureAlgorithm(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.publicKeys()[0].algorithm()))
                            .build())
                        .build())
                    .build())
                .build());
    
            var occurrence = new Occurence("occurrence", OccurenceArgs.builder()
                .resourceUri("gcr.io/my-project/my-image")
                .noteName(note.id())
                .attestation(OccurenceAttestationArgs.builder()
                    .serializedPayload(StdFunctions.filebase64(Filebase64Args.builder()
                        .input("path/to/my/payload.json")
                        .build()).result())
                    .signatures(OccurenceAttestationSignatureArgs.builder()
                        .publicKeyId(version.applyValue(getKMSCryptoKeyVersionResult -> getKMSCryptoKeyVersionResult.id()))
                        .serializedPayload(StdFunctions.filebase64(Filebase64Args.builder()
                            .input("path/to/my/payload.json.sig")
                            .build()).result())
                        .build())
                    .build())
                .build());
    
        }
    }
    
    resources:
      attestor:
        type: gcp:binaryauthorization:Attestor
        properties:
          name: attestor
          attestationAuthorityNote:
            noteReference: ${note.name}
            publicKeys:
              - id: ${version.id}
                pkixPublicKey:
                  publicKeyPem: ${version.publicKeys[0].pem}
                  signatureAlgorithm: ${version.publicKeys[0].algorithm}
      note:
        type: gcp:containeranalysis:Note
        properties:
          name: attestation-note
          attestationAuthority:
            hint:
              humanReadableName: Attestor Note
      occurrence:
        type: gcp:containeranalysis:Occurence
        properties:
          resourceUri: gcr.io/my-project/my-image
          noteName: ${note.id}
          attestation:
            serializedPayload:
              fn::invoke:
                Function: std:filebase64
                Arguments:
                  input: path/to/my/payload.json
                Return: result
            signatures:
              - publicKeyId: ${version.id}
                serializedPayload:
                  fn::invoke:
                    Function: std:filebase64
                    Arguments:
                      input: path/to/my/payload.json.sig
                    Return: result
    variables:
      keyring:
        fn::invoke:
          Function: gcp:kms:getKMSKeyRing
          Arguments:
            name: my-key-ring
            location: global
      crypto-key:
        fn::invoke:
          Function: gcp:kms:getKMSCryptoKey
          Arguments:
            name: my-key
            keyRing: ${keyring.id}
      version:
        fn::invoke:
          Function: gcp:kms:getKMSCryptoKeyVersion
          Arguments:
            cryptoKey: ${["crypto-key"].id}
    

    Create Occurence Resource

    Resources are created with functions called constructors. To learn more about declaring and configuring resources, see Resources.

    Constructor syntax

    new Occurence(name: string, args: OccurenceArgs, opts?: CustomResourceOptions);
    @overload
    def Occurence(resource_name: str,
                  args: OccurenceArgs,
                  opts: Optional[ResourceOptions] = None)
    
    @overload
    def Occurence(resource_name: str,
                  opts: Optional[ResourceOptions] = None,
                  attestation: Optional[OccurenceAttestationArgs] = None,
                  note_name: Optional[str] = None,
                  resource_uri: Optional[str] = None,
                  project: Optional[str] = None,
                  remediation: Optional[str] = None)
    func NewOccurence(ctx *Context, name string, args OccurenceArgs, opts ...ResourceOption) (*Occurence, error)
    public Occurence(string name, OccurenceArgs args, CustomResourceOptions? opts = null)
    public Occurence(String name, OccurenceArgs args)
    public Occurence(String name, OccurenceArgs args, CustomResourceOptions options)
    
    type: gcp:containeranalysis:Occurence
    properties: # The arguments to resource properties.
    options: # Bag of options to control resource's behavior.
    
    

    Parameters

    name string
    The unique name of the resource.
    args OccurenceArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    resource_name str
    The unique name of the resource.
    args OccurenceArgs
    The arguments to resource properties.
    opts ResourceOptions
    Bag of options to control resource's behavior.
    ctx Context
    Context object for the current deployment.
    name string
    The unique name of the resource.
    args OccurenceArgs
    The arguments to resource properties.
    opts ResourceOption
    Bag of options to control resource's behavior.
    name string
    The unique name of the resource.
    args OccurenceArgs
    The arguments to resource properties.
    opts CustomResourceOptions
    Bag of options to control resource's behavior.
    name String
    The unique name of the resource.
    args OccurenceArgs
    The arguments to resource properties.
    options CustomResourceOptions
    Bag of options to control resource's behavior.

    Constructor example

    The following reference example uses placeholder values for all input properties.

    var occurenceResource = new Gcp.ContainerAnalysis.Occurence("occurenceResource", new()
    {
        Attestation = new Gcp.ContainerAnalysis.Inputs.OccurenceAttestationArgs
        {
            SerializedPayload = "string",
            Signatures = new[]
            {
                new Gcp.ContainerAnalysis.Inputs.OccurenceAttestationSignatureArgs
                {
                    PublicKeyId = "string",
                    Signature = "string",
                },
            },
        },
        NoteName = "string",
        ResourceUri = "string",
        Project = "string",
        Remediation = "string",
    });
    
    example, err := containeranalysis.NewOccurence(ctx, "occurenceResource", &containeranalysis.OccurenceArgs{
    	Attestation: &containeranalysis.OccurenceAttestationArgs{
    		SerializedPayload: pulumi.String("string"),
    		Signatures: containeranalysis.OccurenceAttestationSignatureArray{
    			&containeranalysis.OccurenceAttestationSignatureArgs{
    				PublicKeyId: pulumi.String("string"),
    				Signature:   pulumi.String("string"),
    			},
    		},
    	},
    	NoteName:    pulumi.String("string"),
    	ResourceUri: pulumi.String("string"),
    	Project:     pulumi.String("string"),
    	Remediation: pulumi.String("string"),
    })
    
    var occurenceResource = new Occurence("occurenceResource", OccurenceArgs.builder()
        .attestation(OccurenceAttestationArgs.builder()
            .serializedPayload("string")
            .signatures(OccurenceAttestationSignatureArgs.builder()
                .publicKeyId("string")
                .signature("string")
                .build())
            .build())
        .noteName("string")
        .resourceUri("string")
        .project("string")
        .remediation("string")
        .build());
    
    occurence_resource = gcp.containeranalysis.Occurence("occurenceResource",
        attestation={
            "serialized_payload": "string",
            "signatures": [{
                "public_key_id": "string",
                "signature": "string",
            }],
        },
        note_name="string",
        resource_uri="string",
        project="string",
        remediation="string")
    
    const occurenceResource = new gcp.containeranalysis.Occurence("occurenceResource", {
        attestation: {
            serializedPayload: "string",
            signatures: [{
                publicKeyId: "string",
                signature: "string",
            }],
        },
        noteName: "string",
        resourceUri: "string",
        project: "string",
        remediation: "string",
    });
    
    type: gcp:containeranalysis:Occurence
    properties:
        attestation:
            serializedPayload: string
            signatures:
                - publicKeyId: string
                  signature: string
        noteName: string
        project: string
        remediation: string
        resourceUri: string
    

    Occurence Resource Properties

    To learn more about resource properties and how to use them, see Inputs and Outputs in the Architecture and Concepts docs.

    Inputs

    In Python, inputs that are objects can be passed either as argument classes or as dictionary literals.

    The Occurence resource accepts the following input properties:

    Attestation OccurenceAttestation
    Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
    NoteName string
    The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
    ResourceUri string
    Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.
    Project string
    Remediation string
    A description of actions that can be taken to remedy the note.
    Attestation OccurenceAttestationArgs
    Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
    NoteName string
    The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
    ResourceUri string
    Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.
    Project string
    Remediation string
    A description of actions that can be taken to remedy the note.
    attestation OccurenceAttestation
    Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
    noteName String
    The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
    resourceUri String
    Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.
    project String
    remediation String
    A description of actions that can be taken to remedy the note.
    attestation OccurenceAttestation
    Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
    noteName string
    The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
    resourceUri string
    Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.
    project string
    remediation string
    A description of actions that can be taken to remedy the note.
    attestation OccurenceAttestationArgs
    Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
    note_name str
    The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
    resource_uri str
    Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.
    project str
    remediation str
    A description of actions that can be taken to remedy the note.
    attestation Property Map
    Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
    noteName String
    The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
    resourceUri String
    Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.
    project String
    remediation String
    A description of actions that can be taken to remedy the note.

    Outputs

    All input properties are implicitly available as output properties. Additionally, the Occurence resource produces the following output properties:

    CreateTime string
    The time when the repository was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    Kind string
    The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
    Name string
    The name of the occurrence.
    UpdateTime string
    The time when the repository was last updated.
    CreateTime string
    The time when the repository was created.
    Id string
    The provider-assigned unique ID for this managed resource.
    Kind string
    The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
    Name string
    The name of the occurrence.
    UpdateTime string
    The time when the repository was last updated.
    createTime String
    The time when the repository was created.
    id String
    The provider-assigned unique ID for this managed resource.
    kind String
    The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
    name String
    The name of the occurrence.
    updateTime String
    The time when the repository was last updated.
    createTime string
    The time when the repository was created.
    id string
    The provider-assigned unique ID for this managed resource.
    kind string
    The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
    name string
    The name of the occurrence.
    updateTime string
    The time when the repository was last updated.
    create_time str
    The time when the repository was created.
    id str
    The provider-assigned unique ID for this managed resource.
    kind str
    The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
    name str
    The name of the occurrence.
    update_time str
    The time when the repository was last updated.
    createTime String
    The time when the repository was created.
    id String
    The provider-assigned unique ID for this managed resource.
    kind String
    The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
    name String
    The name of the occurrence.
    updateTime String
    The time when the repository was last updated.

    Look up Existing Occurence Resource

    Get an existing Occurence resource’s state with the given name, ID, and optional extra properties used to qualify the lookup.

    public static get(name: string, id: Input<ID>, state?: OccurenceState, opts?: CustomResourceOptions): Occurence
    @staticmethod
    def get(resource_name: str,
            id: str,
            opts: Optional[ResourceOptions] = None,
            attestation: Optional[OccurenceAttestationArgs] = None,
            create_time: Optional[str] = None,
            kind: Optional[str] = None,
            name: Optional[str] = None,
            note_name: Optional[str] = None,
            project: Optional[str] = None,
            remediation: Optional[str] = None,
            resource_uri: Optional[str] = None,
            update_time: Optional[str] = None) -> Occurence
    func GetOccurence(ctx *Context, name string, id IDInput, state *OccurenceState, opts ...ResourceOption) (*Occurence, error)
    public static Occurence Get(string name, Input<string> id, OccurenceState? state, CustomResourceOptions? opts = null)
    public static Occurence get(String name, Output<String> id, OccurenceState state, CustomResourceOptions options)
    Resource lookup is not supported in YAML
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    resource_name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    name
    The unique name of the resulting resource.
    id
    The unique provider ID of the resource to lookup.
    state
    Any extra arguments used during the lookup.
    opts
    A bag of options that control this resource's behavior.
    The following state arguments are supported:
    Attestation OccurenceAttestation
    Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
    CreateTime string
    The time when the repository was created.
    Kind string
    The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
    Name string
    The name of the occurrence.
    NoteName string
    The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
    Project string
    Remediation string
    A description of actions that can be taken to remedy the note.
    ResourceUri string
    Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.
    UpdateTime string
    The time when the repository was last updated.
    Attestation OccurenceAttestationArgs
    Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
    CreateTime string
    The time when the repository was created.
    Kind string
    The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
    Name string
    The name of the occurrence.
    NoteName string
    The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
    Project string
    Remediation string
    A description of actions that can be taken to remedy the note.
    ResourceUri string
    Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.
    UpdateTime string
    The time when the repository was last updated.
    attestation OccurenceAttestation
    Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
    createTime String
    The time when the repository was created.
    kind String
    The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
    name String
    The name of the occurrence.
    noteName String
    The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
    project String
    remediation String
    A description of actions that can be taken to remedy the note.
    resourceUri String
    Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.
    updateTime String
    The time when the repository was last updated.
    attestation OccurenceAttestation
    Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
    createTime string
    The time when the repository was created.
    kind string
    The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
    name string
    The name of the occurrence.
    noteName string
    The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
    project string
    remediation string
    A description of actions that can be taken to remedy the note.
    resourceUri string
    Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.
    updateTime string
    The time when the repository was last updated.
    attestation OccurenceAttestationArgs
    Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
    create_time str
    The time when the repository was created.
    kind str
    The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
    name str
    The name of the occurrence.
    note_name str
    The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
    project str
    remediation str
    A description of actions that can be taken to remedy the note.
    resource_uri str
    Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.
    update_time str
    The time when the repository was last updated.
    attestation Property Map
    Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.
    createTime String
    The time when the repository was created.
    kind String
    The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.
    name String
    The name of the occurrence.
    noteName String
    The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.
    project String
    remediation String
    A description of actions that can be taken to remedy the note.
    resourceUri String
    Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.
    updateTime String
    The time when the repository was last updated.

    Supporting Types

    OccurenceAttestation, OccurenceAttestationArgs

    SerializedPayload string
    The serialized payload that is verified by one or more signatures. A base64-encoded string.
    Signatures List<OccurenceAttestationSignature>
    One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.
    SerializedPayload string
    The serialized payload that is verified by one or more signatures. A base64-encoded string.
    Signatures []OccurenceAttestationSignature
    One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.
    serializedPayload String
    The serialized payload that is verified by one or more signatures. A base64-encoded string.
    signatures List<OccurenceAttestationSignature>
    One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.
    serializedPayload string
    The serialized payload that is verified by one or more signatures. A base64-encoded string.
    signatures OccurenceAttestationSignature[]
    One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.
    serialized_payload str
    The serialized payload that is verified by one or more signatures. A base64-encoded string.
    signatures Sequence[OccurenceAttestationSignature]
    One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.
    serializedPayload String
    The serialized payload that is verified by one or more signatures. A base64-encoded string.
    signatures List<Property Map>
    One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.

    OccurenceAttestationSignature, OccurenceAttestationSignatureArgs

    PublicKeyId string
    The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values:

    • OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
    • openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA
    • RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
    • "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"

    Signature string
    The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
    PublicKeyId string
    The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values:

    • OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
    • openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA
    • RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
    • "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"

    Signature string
    The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
    publicKeyId String
    The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values:

    • OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
    • openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA
    • RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
    • "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"

    signature String
    The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
    publicKeyId string
    The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values:

    • OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
    • openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA
    • RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
    • "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"

    signature string
    The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
    public_key_id str
    The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values:

    • OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
    • openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA
    • RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
    • "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"

    signature str
    The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.
    publicKeyId String
    The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values:

    • OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
    • openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA
    • RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
    • "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"

    signature String
    The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.

    Import

    Occurrence can be imported using any of these accepted formats:

    • projects/{{project}}/occurrences/{{name}}

    • {{project}}/{{name}}

    • {{name}}

    When using the pulumi import command, Occurrence can be imported using one of the formats above. For example:

    $ pulumi import gcp:containeranalysis/occurence:Occurence default projects/{{project}}/occurrences/{{name}}
    
    $ pulumi import gcp:containeranalysis/occurence:Occurence default {{project}}/{{name}}
    
    $ pulumi import gcp:containeranalysis/occurence:Occurence default {{name}}
    

    To learn more about importing existing cloud resources, see Importing resources.

    Package Details

    Repository
    Google Cloud (GCP) Classic pulumi/pulumi-gcp
    License
    Apache-2.0
    Notes
    This Pulumi package is based on the google-beta Terraform Provider.
    gcp logo
    Google Cloud Classic v8.9.3 published on Monday, Nov 18, 2024 by Pulumi