binaryauthorization

package
v7.20.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Apr 24, 2024 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Attestor 

type Attestor struct {
	pulumi.CustomResourceState

	// A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.
	// Structure is documented below.
	AttestationAuthorityNote AttestorAttestationAuthorityNoteOutput `pulumi:"attestationAuthorityNote"`
	// A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// The resource name.
	Name    pulumi.StringOutput `pulumi:"name"`
	Project pulumi.StringOutput `pulumi:"project"`
}

An attestor that attests to container image artifacts.

To get more information about Attestor, see:

* [API documentation](https://cloud.google.com/binary-authorization/docs/reference/rest/) * How-to Guides

## Example Usage

### Binary Authorization Attestor Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		note, err := containeranalysis.NewNote(ctx, "note", &containeranalysis.NoteArgs{
			Name: pulumi.String("test-attestor-note"),
			AttestationAuthority: &containeranalysis.NoteAttestationAuthorityArgs{
				Hint: &containeranalysis.NoteAttestationAuthorityHintArgs{
					HumanReadableName: pulumi.String("Attestor Note"),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = binaryauthorization.NewAttestor(ctx, "attestor", &binaryauthorization.AttestorArgs{
			Name: pulumi.String("test-attestor"),
			AttestationAuthorityNote: &binaryauthorization.AttestorAttestationAuthorityNoteArgs{
				NoteReference: note.Name,
				PublicKeys: binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArray{
					&binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArgs{
						AsciiArmoredPgpPublicKey: pulumi.String(`mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl

bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0 oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6 V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX 83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6 0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC 51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l +OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1 qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg =6Bvm `), 

					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Binary Authorization Attestor Kms

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/kms"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		keyring, err := kms.NewKeyRing(ctx, "keyring", &kms.KeyRingArgs{
			Name:     pulumi.String("test-attestor-key-ring"),
			Location: pulumi.String("global"),
		})
		if err != nil {
			return err
		}
		_, err = kms.NewCryptoKey(ctx, "crypto-key", &kms.CryptoKeyArgs{
			Name:    pulumi.String("test-attestor-key"),
			KeyRing: keyring.ID(),
			Purpose: pulumi.String("ASYMMETRIC_SIGN"),
			VersionTemplate: &kms.CryptoKeyVersionTemplateArgs{
				Algorithm: pulumi.String("RSA_SIGN_PKCS1_4096_SHA512"),
			},
		})
		if err != nil {
			return err
		}
		version := kms.GetKMSCryptoKeyVersionOutput(ctx, kms.GetKMSCryptoKeyVersionOutputArgs{
			CryptoKey: crypto_key.ID(),
		}, nil)
		note, err := containeranalysis.NewNote(ctx, "note", &containeranalysis.NoteArgs{
			Name: pulumi.String("test-attestor-note"),
			AttestationAuthority: &containeranalysis.NoteAttestationAuthorityArgs{
				Hint: &containeranalysis.NoteAttestationAuthorityHintArgs{
					HumanReadableName: pulumi.String("Attestor Note"),
				},
			},
		})
		if err != nil {
			return err
		}
		_, err = binaryauthorization.NewAttestor(ctx, "attestor", &binaryauthorization.AttestorArgs{
			Name: pulumi.String("test-attestor"),
			AttestationAuthorityNote: &binaryauthorization.AttestorAttestationAuthorityNoteArgs{
				NoteReference: note.Name,
				PublicKeys: binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArray{
					&binaryauthorization.AttestorAttestationAuthorityNotePublicKeyArgs{
						Id: version.ApplyT(func(version kms.GetKMSCryptoKeyVersionResult) (*string, error) {
							return &version.Id, nil
						}).(pulumi.StringPtrOutput),
						PkixPublicKey: &binaryauthorization.AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs{
							PublicKeyPem: version.ApplyT(func(version kms.GetKMSCryptoKeyVersionResult) (*string, error) {
								return &version.PublicKeys[0].Pem, nil
							}).(pulumi.StringPtrOutput),
							SignatureAlgorithm: version.ApplyT(func(version kms.GetKMSCryptoKeyVersionResult) (*string, error) {
								return &version.PublicKeys[0].Algorithm, nil
							}).(pulumi.StringPtrOutput),
						},
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Attestor can be imported using any of these accepted formats:

* `projects/{{project}}/attestors/{{name}}`

* `{{project}}/{{name}}`

* `{{name}}`

When using the `pulumi import` command, Attestor can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:binaryauthorization/attestor:Attestor default projects/{{project}}/attestors/{{name}} ```

```sh $ pulumi import gcp:binaryauthorization/attestor:Attestor default {{project}}/{{name}} ```

```sh $ pulumi import gcp:binaryauthorization/attestor:Attestor default {{name}} ```

func GetAttestor 

func GetAttestor(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AttestorState, opts ...pulumi.ResourceOption) (*Attestor, error)

GetAttestor gets an existing Attestor resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAttestor 

func NewAttestor(ctx *pulumi.Context,
	name string, args *AttestorArgs, opts ...pulumi.ResourceOption) (*Attestor, error)

NewAttestor registers a new resource with the given unique name, arguments, and options.

func (*Attestor) ElementType 

func (*Attestor) ElementType() reflect.Type

func (*Attestor) ToAttestorOutput 

func (i *Attestor) ToAttestorOutput() AttestorOutput

func (*Attestor) ToAttestorOutputWithContext 

func (i *Attestor) ToAttestorOutputWithContext(ctx context.Context) AttestorOutput

type AttestorArgs 

type AttestorArgs struct {
	// A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.
	// Structure is documented below.
	AttestationAuthorityNote AttestorAttestationAuthorityNoteInput
	// A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
	Description pulumi.StringPtrInput
	// The resource name.
	Name    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a Attestor resource.

func (AttestorArgs) ElementType 

func (AttestorArgs) ElementType() reflect.Type

type AttestorArray 

type AttestorArray []AttestorInput

func (AttestorArray) ElementType 

func (AttestorArray) ElementType() reflect.Type

func (AttestorArray) ToAttestorArrayOutput 

func (i AttestorArray) ToAttestorArrayOutput() AttestorArrayOutput

func (AttestorArray) ToAttestorArrayOutputWithContext 

func (i AttestorArray) ToAttestorArrayOutputWithContext(ctx context.Context) AttestorArrayOutput

type AttestorArrayInput 

type AttestorArrayInput interface {
	pulumi.Input

	ToAttestorArrayOutput() AttestorArrayOutput
	ToAttestorArrayOutputWithContext(context.Context) AttestorArrayOutput
}

AttestorArrayInput is an input type that accepts AttestorArray and AttestorArrayOutput values. You can construct a concrete instance of `AttestorArrayInput` via: 

AttestorArray{ AttestorArgs{...} }

type AttestorArrayOutput 

type AttestorArrayOutput struct{ *pulumi.OutputState }

func (AttestorArrayOutput) ElementType 

func (AttestorArrayOutput) ElementType() reflect.Type

func (AttestorArrayOutput) Index 

func (o AttestorArrayOutput) Index(i pulumi.IntInput) AttestorOutput

func (AttestorArrayOutput) ToAttestorArrayOutput 

func (o AttestorArrayOutput) ToAttestorArrayOutput() AttestorArrayOutput

func (AttestorArrayOutput) ToAttestorArrayOutputWithContext 

func (o AttestorArrayOutput) ToAttestorArrayOutputWithContext(ctx context.Context) AttestorArrayOutput

type AttestorAttestationAuthorityNote 

type AttestorAttestationAuthorityNote struct {
	// (Output)
	// This field will contain the service account email address that
	// this Attestor will use as the principal when querying Container
	// Analysis. Attestor administrators must grant this service account
	// the IAM role needed to read attestations from the noteReference in
	// Container Analysis (containeranalysis.notes.occurrences.viewer).
	// This email address is fixed for the lifetime of the Attestor, but
	// callers should not make any other assumptions about the service
	// account email; future versions may use an email based on a
	// different naming pattern.
	DelegationServiceAccountEmail *string `pulumi:"delegationServiceAccountEmail"`
	// The resource name of a ATTESTATION_AUTHORITY Note, created by the
	// user. If the Note is in a different project from the Attestor, it
	// should be specified in the format `projects/*/notes/*` (or the legacy
	// `providers/*/notes/*`). This field may not be updated.
	// An attestation by this attestor is stored as a Container Analysis
	// ATTESTATION_AUTHORITY Occurrence that names a container image
	// and that links to this Note.
	NoteReference string `pulumi:"noteReference"`
	// Public keys that verify attestations signed by this attestor. This
	// field may be updated.
	// If this field is non-empty, one of the specified public keys must
	// verify that an attestation was signed by this attestor for the
	// image specified in the admission request.
	// If this field is empty, this attestor always returns that no valid
	// attestations exist.
	// Structure is documented below.
	PublicKeys []AttestorAttestationAuthorityNotePublicKey `pulumi:"publicKeys"`
}

type AttestorAttestationAuthorityNoteArgs 

type AttestorAttestationAuthorityNoteArgs struct {
	// (Output)
	// This field will contain the service account email address that
	// this Attestor will use as the principal when querying Container
	// Analysis. Attestor administrators must grant this service account
	// the IAM role needed to read attestations from the noteReference in
	// Container Analysis (containeranalysis.notes.occurrences.viewer).
	// This email address is fixed for the lifetime of the Attestor, but
	// callers should not make any other assumptions about the service
	// account email; future versions may use an email based on a
	// different naming pattern.
	DelegationServiceAccountEmail pulumi.StringPtrInput `pulumi:"delegationServiceAccountEmail"`
	// The resource name of a ATTESTATION_AUTHORITY Note, created by the
	// user. If the Note is in a different project from the Attestor, it
	// should be specified in the format `projects/*/notes/*` (or the legacy
	// `providers/*/notes/*`). This field may not be updated.
	// An attestation by this attestor is stored as a Container Analysis
	// ATTESTATION_AUTHORITY Occurrence that names a container image
	// and that links to this Note.
	NoteReference pulumi.StringInput `pulumi:"noteReference"`
	// Public keys that verify attestations signed by this attestor. This
	// field may be updated.
	// If this field is non-empty, one of the specified public keys must
	// verify that an attestation was signed by this attestor for the
	// image specified in the admission request.
	// If this field is empty, this attestor always returns that no valid
	// attestations exist.
	// Structure is documented below.
	PublicKeys AttestorAttestationAuthorityNotePublicKeyArrayInput `pulumi:"publicKeys"`
}

func (AttestorAttestationAuthorityNoteArgs) ElementType 

func (AttestorAttestationAuthorityNoteArgs) ElementType() reflect.Type

func (AttestorAttestationAuthorityNoteArgs) ToAttestorAttestationAuthorityNoteOutput 

func (i AttestorAttestationAuthorityNoteArgs) ToAttestorAttestationAuthorityNoteOutput() AttestorAttestationAuthorityNoteOutput

func (AttestorAttestationAuthorityNoteArgs) ToAttestorAttestationAuthorityNoteOutputWithContext 

func (i AttestorAttestationAuthorityNoteArgs) ToAttestorAttestationAuthorityNoteOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNoteOutput

func (AttestorAttestationAuthorityNoteArgs) ToAttestorAttestationAuthorityNotePtrOutput 

func (i AttestorAttestationAuthorityNoteArgs) ToAttestorAttestationAuthorityNotePtrOutput() AttestorAttestationAuthorityNotePtrOutput

func (AttestorAttestationAuthorityNoteArgs) ToAttestorAttestationAuthorityNotePtrOutputWithContext 

func (i AttestorAttestationAuthorityNoteArgs) ToAttestorAttestationAuthorityNotePtrOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNotePtrOutput

type AttestorAttestationAuthorityNoteInput 

type AttestorAttestationAuthorityNoteInput interface {
	pulumi.Input

	ToAttestorAttestationAuthorityNoteOutput() AttestorAttestationAuthorityNoteOutput
	ToAttestorAttestationAuthorityNoteOutputWithContext(context.Context) AttestorAttestationAuthorityNoteOutput
}

AttestorAttestationAuthorityNoteInput is an input type that accepts AttestorAttestationAuthorityNoteArgs and AttestorAttestationAuthorityNoteOutput values. You can construct a concrete instance of `AttestorAttestationAuthorityNoteInput` via: 

AttestorAttestationAuthorityNoteArgs{...}

type AttestorAttestationAuthorityNoteOutput 

type AttestorAttestationAuthorityNoteOutput struct{ *pulumi.OutputState }

func (AttestorAttestationAuthorityNoteOutput) DelegationServiceAccountEmail 

func (o AttestorAttestationAuthorityNoteOutput) DelegationServiceAccountEmail() pulumi.StringPtrOutput

(Output) This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the noteReference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.

func (AttestorAttestationAuthorityNoteOutput) ElementType 

func (AttestorAttestationAuthorityNoteOutput) ElementType() reflect.Type

func (AttestorAttestationAuthorityNoteOutput) NoteReference 

func (o AttestorAttestationAuthorityNoteOutput) NoteReference() pulumi.StringOutput

The resource name of a ATTESTATION_AUTHORITY Note, created by the user. If the Note is in a different project from the Attestor, it should be specified in the format `projects/*/notes/*` (or the legacy `providers/*/notes/*`). This field may not be updated. An attestation by this attestor is stored as a Container Analysis ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note.

func (AttestorAttestationAuthorityNoteOutput) PublicKeys 

func (o AttestorAttestationAuthorityNoteOutput) PublicKeys() AttestorAttestationAuthorityNotePublicKeyArrayOutput

Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist. Structure is documented below.

func (AttestorAttestationAuthorityNoteOutput) ToAttestorAttestationAuthorityNoteOutput 

func (o AttestorAttestationAuthorityNoteOutput) ToAttestorAttestationAuthorityNoteOutput() AttestorAttestationAuthorityNoteOutput

func (AttestorAttestationAuthorityNoteOutput) ToAttestorAttestationAuthorityNoteOutputWithContext 

func (o AttestorAttestationAuthorityNoteOutput) ToAttestorAttestationAuthorityNoteOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNoteOutput

func (AttestorAttestationAuthorityNoteOutput) ToAttestorAttestationAuthorityNotePtrOutput 

func (o AttestorAttestationAuthorityNoteOutput) ToAttestorAttestationAuthorityNotePtrOutput() AttestorAttestationAuthorityNotePtrOutput

func (AttestorAttestationAuthorityNoteOutput) ToAttestorAttestationAuthorityNotePtrOutputWithContext 

func (o AttestorAttestationAuthorityNoteOutput) ToAttestorAttestationAuthorityNotePtrOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNotePtrOutput

type AttestorAttestationAuthorityNotePtrInput 

type AttestorAttestationAuthorityNotePtrInput interface {
	pulumi.Input

	ToAttestorAttestationAuthorityNotePtrOutput() AttestorAttestationAuthorityNotePtrOutput
	ToAttestorAttestationAuthorityNotePtrOutputWithContext(context.Context) AttestorAttestationAuthorityNotePtrOutput
}

AttestorAttestationAuthorityNotePtrInput is an input type that accepts AttestorAttestationAuthorityNoteArgs, AttestorAttestationAuthorityNotePtr and AttestorAttestationAuthorityNotePtrOutput values. You can construct a concrete instance of `AttestorAttestationAuthorityNotePtrInput` via: 

        AttestorAttestationAuthorityNoteArgs{...}

or:

        nil

func AttestorAttestationAuthorityNotePtr 

func AttestorAttestationAuthorityNotePtr(v *AttestorAttestationAuthorityNoteArgs) AttestorAttestationAuthorityNotePtrInput

type AttestorAttestationAuthorityNotePtrOutput 

type AttestorAttestationAuthorityNotePtrOutput struct{ *pulumi.OutputState }

func (AttestorAttestationAuthorityNotePtrOutput) DelegationServiceAccountEmail 

func (o AttestorAttestationAuthorityNotePtrOutput) DelegationServiceAccountEmail() pulumi.StringPtrOutput

(Output) This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the noteReference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.

func (AttestorAttestationAuthorityNotePtrOutput) Elem 

func (o AttestorAttestationAuthorityNotePtrOutput) Elem() AttestorAttestationAuthorityNoteOutput

func (AttestorAttestationAuthorityNotePtrOutput) ElementType 

func (AttestorAttestationAuthorityNotePtrOutput) ElementType() reflect.Type

func (AttestorAttestationAuthorityNotePtrOutput) NoteReference 

func (o AttestorAttestationAuthorityNotePtrOutput) NoteReference() pulumi.StringPtrOutput

The resource name of a ATTESTATION_AUTHORITY Note, created by the user. If the Note is in a different project from the Attestor, it should be specified in the format `projects/*/notes/*` (or the legacy `providers/*/notes/*`). This field may not be updated. An attestation by this attestor is stored as a Container Analysis ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note.

func (AttestorAttestationAuthorityNotePtrOutput) PublicKeys 

func (o AttestorAttestationAuthorityNotePtrOutput) PublicKeys() AttestorAttestationAuthorityNotePublicKeyArrayOutput

Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist. Structure is documented below.

func (AttestorAttestationAuthorityNotePtrOutput) ToAttestorAttestationAuthorityNotePtrOutput 

func (o AttestorAttestationAuthorityNotePtrOutput) ToAttestorAttestationAuthorityNotePtrOutput() AttestorAttestationAuthorityNotePtrOutput

func (AttestorAttestationAuthorityNotePtrOutput) ToAttestorAttestationAuthorityNotePtrOutputWithContext 

func (o AttestorAttestationAuthorityNotePtrOutput) ToAttestorAttestationAuthorityNotePtrOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNotePtrOutput

type AttestorAttestationAuthorityNotePublicKey 

type AttestorAttestationAuthorityNotePublicKey struct {
	// ASCII-armored representation of a PGP public key, as the
	// entire output by the command
	// `gpg --export --armor foo@example.com` (either LF or CRLF
	// line endings). When using this field, id should be left
	// blank. The BinAuthz API handlers will calculate the ID
	// and fill it in automatically. BinAuthz computes this ID
	// as the OpenPGP RFC4880 V4 fingerprint, represented as
	// upper-case hex. If id is provided by the caller, it will
	// be overwritten by the API-calculated ID.
	AsciiArmoredPgpPublicKey *string `pulumi:"asciiArmoredPgpPublicKey"`
	// A descriptive comment. This field may be updated.
	Comment *string `pulumi:"comment"`
	// The ID of this public key. Signatures verified by BinAuthz
	// must include the ID of the public key that can be used to
	// verify them, and that ID must match the contents of this
	// field exactly. Additional restrictions on this field can
	// be imposed based on which public key type is encapsulated.
	// See the documentation on publicKey cases below for details.
	Id *string `pulumi:"id"`
	// A raw PKIX SubjectPublicKeyInfo format public key.
	// NOTE: id may be explicitly provided by the caller when using this
	// type of public key, but it MUST be a valid RFC3986 URI. If id is left
	// blank, a default one will be computed based on the digest of the DER
	// encoding of the public key.
	// Structure is documented below.
	PkixPublicKey *AttestorAttestationAuthorityNotePublicKeyPkixPublicKey `pulumi:"pkixPublicKey"`
}

type AttestorAttestationAuthorityNotePublicKeyArgs 

type AttestorAttestationAuthorityNotePublicKeyArgs struct {
	// ASCII-armored representation of a PGP public key, as the
	// entire output by the command
	// `gpg --export --armor foo@example.com` (either LF or CRLF
	// line endings). When using this field, id should be left
	// blank. The BinAuthz API handlers will calculate the ID
	// and fill it in automatically. BinAuthz computes this ID
	// as the OpenPGP RFC4880 V4 fingerprint, represented as
	// upper-case hex. If id is provided by the caller, it will
	// be overwritten by the API-calculated ID.
	AsciiArmoredPgpPublicKey pulumi.StringPtrInput `pulumi:"asciiArmoredPgpPublicKey"`
	// A descriptive comment. This field may be updated.
	Comment pulumi.StringPtrInput `pulumi:"comment"`
	// The ID of this public key. Signatures verified by BinAuthz
	// must include the ID of the public key that can be used to
	// verify them, and that ID must match the contents of this
	// field exactly. Additional restrictions on this field can
	// be imposed based on which public key type is encapsulated.
	// See the documentation on publicKey cases below for details.
	Id pulumi.StringPtrInput `pulumi:"id"`
	// A raw PKIX SubjectPublicKeyInfo format public key.
	// NOTE: id may be explicitly provided by the caller when using this
	// type of public key, but it MUST be a valid RFC3986 URI. If id is left
	// blank, a default one will be computed based on the digest of the DER
	// encoding of the public key.
	// Structure is documented below.
	PkixPublicKey AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrInput `pulumi:"pkixPublicKey"`
}

func (AttestorAttestationAuthorityNotePublicKeyArgs) ElementType 

func (AttestorAttestationAuthorityNotePublicKeyArgs) ElementType() reflect.Type

func (AttestorAttestationAuthorityNotePublicKeyArgs) ToAttestorAttestationAuthorityNotePublicKeyOutput 

func (i AttestorAttestationAuthorityNotePublicKeyArgs) ToAttestorAttestationAuthorityNotePublicKeyOutput() AttestorAttestationAuthorityNotePublicKeyOutput

func (AttestorAttestationAuthorityNotePublicKeyArgs) ToAttestorAttestationAuthorityNotePublicKeyOutputWithContext 

func (i AttestorAttestationAuthorityNotePublicKeyArgs) ToAttestorAttestationAuthorityNotePublicKeyOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNotePublicKeyOutput

type AttestorAttestationAuthorityNotePublicKeyArray 

type AttestorAttestationAuthorityNotePublicKeyArray []AttestorAttestationAuthorityNotePublicKeyInput

func (AttestorAttestationAuthorityNotePublicKeyArray) ElementType 

func (AttestorAttestationAuthorityNotePublicKeyArray) ElementType() reflect.Type

func (AttestorAttestationAuthorityNotePublicKeyArray) ToAttestorAttestationAuthorityNotePublicKeyArrayOutput 

func (i AttestorAttestationAuthorityNotePublicKeyArray) ToAttestorAttestationAuthorityNotePublicKeyArrayOutput() AttestorAttestationAuthorityNotePublicKeyArrayOutput

func (AttestorAttestationAuthorityNotePublicKeyArray) ToAttestorAttestationAuthorityNotePublicKeyArrayOutputWithContext 

func (i AttestorAttestationAuthorityNotePublicKeyArray) ToAttestorAttestationAuthorityNotePublicKeyArrayOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNotePublicKeyArrayOutput

type AttestorAttestationAuthorityNotePublicKeyArrayInput 

type AttestorAttestationAuthorityNotePublicKeyArrayInput interface {
	pulumi.Input

	ToAttestorAttestationAuthorityNotePublicKeyArrayOutput() AttestorAttestationAuthorityNotePublicKeyArrayOutput
	ToAttestorAttestationAuthorityNotePublicKeyArrayOutputWithContext(context.Context) AttestorAttestationAuthorityNotePublicKeyArrayOutput
}

AttestorAttestationAuthorityNotePublicKeyArrayInput is an input type that accepts AttestorAttestationAuthorityNotePublicKeyArray and AttestorAttestationAuthorityNotePublicKeyArrayOutput values. You can construct a concrete instance of `AttestorAttestationAuthorityNotePublicKeyArrayInput` via: 

AttestorAttestationAuthorityNotePublicKeyArray{ AttestorAttestationAuthorityNotePublicKeyArgs{...} }

type AttestorAttestationAuthorityNotePublicKeyArrayOutput 

type AttestorAttestationAuthorityNotePublicKeyArrayOutput struct{ *pulumi.OutputState }

func (AttestorAttestationAuthorityNotePublicKeyArrayOutput) ElementType 

func (AttestorAttestationAuthorityNotePublicKeyArrayOutput) ElementType() reflect.Type

func (AttestorAttestationAuthorityNotePublicKeyArrayOutput) Index 

func (o AttestorAttestationAuthorityNotePublicKeyArrayOutput) Index(i pulumi.IntInput) AttestorAttestationAuthorityNotePublicKeyOutput

func (AttestorAttestationAuthorityNotePublicKeyArrayOutput) ToAttestorAttestationAuthorityNotePublicKeyArrayOutput 

func (o AttestorAttestationAuthorityNotePublicKeyArrayOutput) ToAttestorAttestationAuthorityNotePublicKeyArrayOutput() AttestorAttestationAuthorityNotePublicKeyArrayOutput

func (AttestorAttestationAuthorityNotePublicKeyArrayOutput) ToAttestorAttestationAuthorityNotePublicKeyArrayOutputWithContext 

func (o AttestorAttestationAuthorityNotePublicKeyArrayOutput) ToAttestorAttestationAuthorityNotePublicKeyArrayOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNotePublicKeyArrayOutput

type AttestorAttestationAuthorityNotePublicKeyInput 

type AttestorAttestationAuthorityNotePublicKeyInput interface {
	pulumi.Input

	ToAttestorAttestationAuthorityNotePublicKeyOutput() AttestorAttestationAuthorityNotePublicKeyOutput
	ToAttestorAttestationAuthorityNotePublicKeyOutputWithContext(context.Context) AttestorAttestationAuthorityNotePublicKeyOutput
}

AttestorAttestationAuthorityNotePublicKeyInput is an input type that accepts AttestorAttestationAuthorityNotePublicKeyArgs and AttestorAttestationAuthorityNotePublicKeyOutput values. You can construct a concrete instance of `AttestorAttestationAuthorityNotePublicKeyInput` via: 

AttestorAttestationAuthorityNotePublicKeyArgs{...}

type AttestorAttestationAuthorityNotePublicKeyOutput 

type AttestorAttestationAuthorityNotePublicKeyOutput struct{ *pulumi.OutputState }

func (AttestorAttestationAuthorityNotePublicKeyOutput) AsciiArmoredPgpPublicKey 

func (o AttestorAttestationAuthorityNotePublicKeyOutput) AsciiArmoredPgpPublicKey() pulumi.StringPtrOutput

ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, id should be left blank. The BinAuthz API handlers will calculate the ID and fill it in automatically. BinAuthz computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.

func (AttestorAttestationAuthorityNotePublicKeyOutput) Comment 

func (o AttestorAttestationAuthorityNotePublicKeyOutput) Comment() pulumi.StringPtrOutput

A descriptive comment. This field may be updated.

func (AttestorAttestationAuthorityNotePublicKeyOutput) ElementType 

func (AttestorAttestationAuthorityNotePublicKeyOutput) ElementType() reflect.Type

func (AttestorAttestationAuthorityNotePublicKeyOutput) Id 

func (o AttestorAttestationAuthorityNotePublicKeyOutput) Id() pulumi.StringPtrOutput

The ID of this public key. Signatures verified by BinAuthz must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on publicKey cases below for details.

func (AttestorAttestationAuthorityNotePublicKeyOutput) PkixPublicKey 

func (o AttestorAttestationAuthorityNotePublicKeyOutput) PkixPublicKey() AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput

A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key. Structure is documented below.

func (AttestorAttestationAuthorityNotePublicKeyOutput) ToAttestorAttestationAuthorityNotePublicKeyOutput 

func (o AttestorAttestationAuthorityNotePublicKeyOutput) ToAttestorAttestationAuthorityNotePublicKeyOutput() AttestorAttestationAuthorityNotePublicKeyOutput

func (AttestorAttestationAuthorityNotePublicKeyOutput) ToAttestorAttestationAuthorityNotePublicKeyOutputWithContext 

func (o AttestorAttestationAuthorityNotePublicKeyOutput) ToAttestorAttestationAuthorityNotePublicKeyOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNotePublicKeyOutput

type AttestorAttestationAuthorityNotePublicKeyPkixPublicKey 

type AttestorAttestationAuthorityNotePublicKeyPkixPublicKey struct {
	// A PEM-encoded public key, as described in
	// `https://tools.ietf.org/html/rfc7468#section-13`
	PublicKeyPem *string `pulumi:"publicKeyPem"`
	// The signature algorithm used to verify a message against
	// a signature using this key. These signature algorithm must
	// match the structure and any object identifiers encoded in
	// publicKeyPem (i.e. this algorithm must match that of the
	// public key).
	//
	// ***
	SignatureAlgorithm *string `pulumi:"signatureAlgorithm"`
}

type AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs 

type AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs struct {
	// A PEM-encoded public key, as described in
	// `https://tools.ietf.org/html/rfc7468#section-13`
	PublicKeyPem pulumi.StringPtrInput `pulumi:"publicKeyPem"`
	// The signature algorithm used to verify a message against
	// a signature using this key. These signature algorithm must
	// match the structure and any object identifiers encoded in
	// publicKeyPem (i.e. this algorithm must match that of the
	// public key).
	//
	// ***
	SignatureAlgorithm pulumi.StringPtrInput `pulumi:"signatureAlgorithm"`
}

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs) ElementType 

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs) ElementType() reflect.Type

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput 

func (i AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput() AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutputWithContext 

func (i AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput 

func (i AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput() AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutputWithContext 

func (i AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput

type AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyInput 

type AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyInput interface {
	pulumi.Input

	ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput() AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput
	ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutputWithContext(context.Context) AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput
}

AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyInput is an input type that accepts AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs and AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput values. You can construct a concrete instance of `AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyInput` via: 

AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs{...}

type AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput 

type AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput struct{ *pulumi.OutputState }

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) ElementType 

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) ElementType() reflect.Type

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) PublicKeyPem 

func (o AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) PublicKeyPem() pulumi.StringPtrOutput

A PEM-encoded public key, as described in `https://tools.ietf.org/html/rfc7468#section-13`

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) SignatureAlgorithm 

func (o AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) SignatureAlgorithm() pulumi.StringPtrOutput

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in publicKeyPem (i.e. this algorithm must match that of the public key).

***

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput 

func (o AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput() AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutputWithContext 

func (o AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput 

func (o AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput() AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutputWithContext 

func (o AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput

type AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrInput 

type AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrInput interface {
	pulumi.Input

	ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput() AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput
	ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutputWithContext(context.Context) AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput
}

AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrInput is an input type that accepts AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs, AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtr and AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput values. You can construct a concrete instance of `AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrInput` via: 

        AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs{...}

or:

        nil

func AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtr 

func AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtr(v *AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyArgs) AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrInput

type AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput 

type AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput struct{ *pulumi.OutputState }

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput) Elem 

func (o AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput) Elem() AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyOutput

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput) ElementType 

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput) ElementType() reflect.Type

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput) PublicKeyPem 

func (o AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput) PublicKeyPem() pulumi.StringPtrOutput

A PEM-encoded public key, as described in `https://tools.ietf.org/html/rfc7468#section-13`

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput) SignatureAlgorithm 

func (o AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput) SignatureAlgorithm() pulumi.StringPtrOutput

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in publicKeyPem (i.e. this algorithm must match that of the public key).

***

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput 

func (o AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput() AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput

func (AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutputWithContext 

func (o AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput) ToAttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutputWithContext(ctx context.Context) AttestorAttestationAuthorityNotePublicKeyPkixPublicKeyPtrOutput

type AttestorIamBinding 

type AttestorIamBinding struct {
	pulumi.CustomResourceState

	// Used to find the parent resource to bind the IAM policy to
	Attestor  pulumi.StringOutput                  `pulumi:"attestor"`
	Condition AttestorIamBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:

* `binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached. * `binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved. * `binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.

A data source can be used to retrieve policy data in advent you do not need creation

* `binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor

> **Note:** `binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `binaryauthorization.AttestorIamBinding` and `binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.

> **Note:** `binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.

## google\_binary\_authorization\_attestor\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = binaryauthorization.NewAttestorIamPolicy(ctx, "policy", &binaryauthorization.AttestorIamPolicyArgs{
			Project:    pulumi.Any(attestor.Project),
			Attestor:   pulumi.Any(attestor.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := binaryauthorization.NewAttestorIamBinding(ctx, "binding", &binaryauthorization.AttestorIamBindingArgs{
			Project:  pulumi.Any(attestor.Project),
			Attestor: pulumi.Any(attestor.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := binaryauthorization.NewAttestorIamMember(ctx, "member", &binaryauthorization.AttestorIamMemberArgs{
			Project:  pulumi.Any(attestor.Project),
			Attestor: pulumi.Any(attestor.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = binaryauthorization.NewAttestorIamPolicy(ctx, "policy", &binaryauthorization.AttestorIamPolicyArgs{
			Project:    pulumi.Any(attestor.Project),
			Attestor:   pulumi.Any(attestor.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := binaryauthorization.NewAttestorIamBinding(ctx, "binding", &binaryauthorization.AttestorIamBindingArgs{
			Project:  pulumi.Any(attestor.Project),
			Attestor: pulumi.Any(attestor.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := binaryauthorization.NewAttestorIamMember(ctx, "member", &binaryauthorization.AttestorIamMemberArgs{
			Project:  pulumi.Any(attestor.Project),
			Attestor: pulumi.Any(attestor.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms:

* projects/{{project}}/attestors/{{name}}

* {{project}}/{{name}}

* {{name}}

Any variables not passed in the import command will be taken from the provider configuration.

Binary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.

IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.

```sh $ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor "projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com" ```

IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.

```sh $ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor "projects/{{project}}/attestors/{{attestor}} roles/viewer" ```

IAM policy imports use the identifier of the resource in question, e.g.

```sh $ pulumi import gcp:binaryauthorization/attestorIamBinding:AttestorIamBinding editor projects/{{project}}/attestors/{{attestor}} ```

-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the 

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetAttestorIamBinding 

func GetAttestorIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AttestorIamBindingState, opts ...pulumi.ResourceOption) (*AttestorIamBinding, error)

GetAttestorIamBinding gets an existing AttestorIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAttestorIamBinding 

func NewAttestorIamBinding(ctx *pulumi.Context,
	name string, args *AttestorIamBindingArgs, opts ...pulumi.ResourceOption) (*AttestorIamBinding, error)

NewAttestorIamBinding registers a new resource with the given unique name, arguments, and options.

func (*AttestorIamBinding) ElementType 

func (*AttestorIamBinding) ElementType() reflect.Type

func (*AttestorIamBinding) ToAttestorIamBindingOutput 

func (i *AttestorIamBinding) ToAttestorIamBindingOutput() AttestorIamBindingOutput

func (*AttestorIamBinding) ToAttestorIamBindingOutputWithContext 

func (i *AttestorIamBinding) ToAttestorIamBindingOutputWithContext(ctx context.Context) AttestorIamBindingOutput

type AttestorIamBindingArgs 

type AttestorIamBindingArgs struct {
	// Used to find the parent resource to bind the IAM policy to
	Attestor  pulumi.StringInput
	Condition AttestorIamBindingConditionPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Members pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a AttestorIamBinding resource.

func (AttestorIamBindingArgs) ElementType 

func (AttestorIamBindingArgs) ElementType() reflect.Type

type AttestorIamBindingArray 

type AttestorIamBindingArray []AttestorIamBindingInput

func (AttestorIamBindingArray) ElementType 

func (AttestorIamBindingArray) ElementType() reflect.Type

func (AttestorIamBindingArray) ToAttestorIamBindingArrayOutput 

func (i AttestorIamBindingArray) ToAttestorIamBindingArrayOutput() AttestorIamBindingArrayOutput

func (AttestorIamBindingArray) ToAttestorIamBindingArrayOutputWithContext 

func (i AttestorIamBindingArray) ToAttestorIamBindingArrayOutputWithContext(ctx context.Context) AttestorIamBindingArrayOutput

type AttestorIamBindingArrayInput 

type AttestorIamBindingArrayInput interface {
	pulumi.Input

	ToAttestorIamBindingArrayOutput() AttestorIamBindingArrayOutput
	ToAttestorIamBindingArrayOutputWithContext(context.Context) AttestorIamBindingArrayOutput
}

AttestorIamBindingArrayInput is an input type that accepts AttestorIamBindingArray and AttestorIamBindingArrayOutput values. You can construct a concrete instance of `AttestorIamBindingArrayInput` via: 

AttestorIamBindingArray{ AttestorIamBindingArgs{...} }

type AttestorIamBindingArrayOutput 

type AttestorIamBindingArrayOutput struct{ *pulumi.OutputState }

func (AttestorIamBindingArrayOutput) ElementType 

func (AttestorIamBindingArrayOutput) ElementType() reflect.Type

func (AttestorIamBindingArrayOutput) Index 

func (o AttestorIamBindingArrayOutput) Index(i pulumi.IntInput) AttestorIamBindingOutput

func (AttestorIamBindingArrayOutput) ToAttestorIamBindingArrayOutput 

func (o AttestorIamBindingArrayOutput) ToAttestorIamBindingArrayOutput() AttestorIamBindingArrayOutput

func (AttestorIamBindingArrayOutput) ToAttestorIamBindingArrayOutputWithContext 

func (o AttestorIamBindingArrayOutput) ToAttestorIamBindingArrayOutputWithContext(ctx context.Context) AttestorIamBindingArrayOutput

type AttestorIamBindingCondition 

type AttestorIamBindingCondition struct {
	Description *string `pulumi:"description"`
	Expression  string  `pulumi:"expression"`
	Title       string  `pulumi:"title"`
}

type AttestorIamBindingConditionArgs 

type AttestorIamBindingConditionArgs struct {
	Description pulumi.StringPtrInput `pulumi:"description"`
	Expression  pulumi.StringInput    `pulumi:"expression"`
	Title       pulumi.StringInput    `pulumi:"title"`
}

func (AttestorIamBindingConditionArgs) ElementType 

func (AttestorIamBindingConditionArgs) ElementType() reflect.Type

func (AttestorIamBindingConditionArgs) ToAttestorIamBindingConditionOutput 

func (i AttestorIamBindingConditionArgs) ToAttestorIamBindingConditionOutput() AttestorIamBindingConditionOutput

func (AttestorIamBindingConditionArgs) ToAttestorIamBindingConditionOutputWithContext 

func (i AttestorIamBindingConditionArgs) ToAttestorIamBindingConditionOutputWithContext(ctx context.Context) AttestorIamBindingConditionOutput

func (AttestorIamBindingConditionArgs) ToAttestorIamBindingConditionPtrOutput 

func (i AttestorIamBindingConditionArgs) ToAttestorIamBindingConditionPtrOutput() AttestorIamBindingConditionPtrOutput

func (AttestorIamBindingConditionArgs) ToAttestorIamBindingConditionPtrOutputWithContext 

func (i AttestorIamBindingConditionArgs) ToAttestorIamBindingConditionPtrOutputWithContext(ctx context.Context) AttestorIamBindingConditionPtrOutput

type AttestorIamBindingConditionInput 

type AttestorIamBindingConditionInput interface {
	pulumi.Input

	ToAttestorIamBindingConditionOutput() AttestorIamBindingConditionOutput
	ToAttestorIamBindingConditionOutputWithContext(context.Context) AttestorIamBindingConditionOutput
}

AttestorIamBindingConditionInput is an input type that accepts AttestorIamBindingConditionArgs and AttestorIamBindingConditionOutput values. You can construct a concrete instance of `AttestorIamBindingConditionInput` via: 

AttestorIamBindingConditionArgs{...}

type AttestorIamBindingConditionOutput 

type AttestorIamBindingConditionOutput struct{ *pulumi.OutputState }

func (AttestorIamBindingConditionOutput) Description 

func (o AttestorIamBindingConditionOutput) Description() pulumi.StringPtrOutput

func (AttestorIamBindingConditionOutput) ElementType 

func (AttestorIamBindingConditionOutput) ElementType() reflect.Type

func (AttestorIamBindingConditionOutput) Expression 

func (o AttestorIamBindingConditionOutput) Expression() pulumi.StringOutput

func (AttestorIamBindingConditionOutput) Title 

func (o AttestorIamBindingConditionOutput) Title() pulumi.StringOutput

func (AttestorIamBindingConditionOutput) ToAttestorIamBindingConditionOutput 

func (o AttestorIamBindingConditionOutput) ToAttestorIamBindingConditionOutput() AttestorIamBindingConditionOutput

func (AttestorIamBindingConditionOutput) ToAttestorIamBindingConditionOutputWithContext 

func (o AttestorIamBindingConditionOutput) ToAttestorIamBindingConditionOutputWithContext(ctx context.Context) AttestorIamBindingConditionOutput

func (AttestorIamBindingConditionOutput) ToAttestorIamBindingConditionPtrOutput 

func (o AttestorIamBindingConditionOutput) ToAttestorIamBindingConditionPtrOutput() AttestorIamBindingConditionPtrOutput

func (AttestorIamBindingConditionOutput) ToAttestorIamBindingConditionPtrOutputWithContext 

func (o AttestorIamBindingConditionOutput) ToAttestorIamBindingConditionPtrOutputWithContext(ctx context.Context) AttestorIamBindingConditionPtrOutput

type AttestorIamBindingConditionPtrInput 

type AttestorIamBindingConditionPtrInput interface {
	pulumi.Input

	ToAttestorIamBindingConditionPtrOutput() AttestorIamBindingConditionPtrOutput
	ToAttestorIamBindingConditionPtrOutputWithContext(context.Context) AttestorIamBindingConditionPtrOutput
}

AttestorIamBindingConditionPtrInput is an input type that accepts AttestorIamBindingConditionArgs, AttestorIamBindingConditionPtr and AttestorIamBindingConditionPtrOutput values. You can construct a concrete instance of `AttestorIamBindingConditionPtrInput` via: 

        AttestorIamBindingConditionArgs{...}

or:

        nil

func AttestorIamBindingConditionPtr 

func AttestorIamBindingConditionPtr(v *AttestorIamBindingConditionArgs) AttestorIamBindingConditionPtrInput

type AttestorIamBindingConditionPtrOutput 

type AttestorIamBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (AttestorIamBindingConditionPtrOutput) Description 

func (o AttestorIamBindingConditionPtrOutput) Description() pulumi.StringPtrOutput

func (AttestorIamBindingConditionPtrOutput) Elem 

func (o AttestorIamBindingConditionPtrOutput) Elem() AttestorIamBindingConditionOutput

func (AttestorIamBindingConditionPtrOutput) ElementType 

func (AttestorIamBindingConditionPtrOutput) ElementType() reflect.Type

func (AttestorIamBindingConditionPtrOutput) Expression 

func (o AttestorIamBindingConditionPtrOutput) Expression() pulumi.StringPtrOutput

func (AttestorIamBindingConditionPtrOutput) Title 

func (o AttestorIamBindingConditionPtrOutput) Title() pulumi.StringPtrOutput

func (AttestorIamBindingConditionPtrOutput) ToAttestorIamBindingConditionPtrOutput 

func (o AttestorIamBindingConditionPtrOutput) ToAttestorIamBindingConditionPtrOutput() AttestorIamBindingConditionPtrOutput

func (AttestorIamBindingConditionPtrOutput) ToAttestorIamBindingConditionPtrOutputWithContext 

func (o AttestorIamBindingConditionPtrOutput) ToAttestorIamBindingConditionPtrOutputWithContext(ctx context.Context) AttestorIamBindingConditionPtrOutput

type AttestorIamBindingInput 

type AttestorIamBindingInput interface {
	pulumi.Input

	ToAttestorIamBindingOutput() AttestorIamBindingOutput
	ToAttestorIamBindingOutputWithContext(ctx context.Context) AttestorIamBindingOutput
}

type AttestorIamBindingMap 

type AttestorIamBindingMap map[string]AttestorIamBindingInput

func (AttestorIamBindingMap) ElementType 

func (AttestorIamBindingMap) ElementType() reflect.Type

func (AttestorIamBindingMap) ToAttestorIamBindingMapOutput 

func (i AttestorIamBindingMap) ToAttestorIamBindingMapOutput() AttestorIamBindingMapOutput

func (AttestorIamBindingMap) ToAttestorIamBindingMapOutputWithContext 

func (i AttestorIamBindingMap) ToAttestorIamBindingMapOutputWithContext(ctx context.Context) AttestorIamBindingMapOutput

type AttestorIamBindingMapInput 

type AttestorIamBindingMapInput interface {
	pulumi.Input

	ToAttestorIamBindingMapOutput() AttestorIamBindingMapOutput
	ToAttestorIamBindingMapOutputWithContext(context.Context) AttestorIamBindingMapOutput
}

AttestorIamBindingMapInput is an input type that accepts AttestorIamBindingMap and AttestorIamBindingMapOutput values. You can construct a concrete instance of `AttestorIamBindingMapInput` via: 

AttestorIamBindingMap{ "key": AttestorIamBindingArgs{...} }

type AttestorIamBindingMapOutput 

type AttestorIamBindingMapOutput struct{ *pulumi.OutputState }

func (AttestorIamBindingMapOutput) ElementType 

func (AttestorIamBindingMapOutput) ElementType() reflect.Type

func (AttestorIamBindingMapOutput) MapIndex 

func (o AttestorIamBindingMapOutput) MapIndex(k pulumi.StringInput) AttestorIamBindingOutput

func (AttestorIamBindingMapOutput) ToAttestorIamBindingMapOutput 

func (o AttestorIamBindingMapOutput) ToAttestorIamBindingMapOutput() AttestorIamBindingMapOutput

func (AttestorIamBindingMapOutput) ToAttestorIamBindingMapOutputWithContext 

func (o AttestorIamBindingMapOutput) ToAttestorIamBindingMapOutputWithContext(ctx context.Context) AttestorIamBindingMapOutput

type AttestorIamBindingOutput 

type AttestorIamBindingOutput struct{ *pulumi.OutputState }

func (AttestorIamBindingOutput) Attestor 

func (o AttestorIamBindingOutput) Attestor() pulumi.StringOutput

Used to find the parent resource to bind the IAM policy to

func (AttestorIamBindingOutput) Condition 

func (o AttestorIamBindingOutput) Condition() AttestorIamBindingConditionPtrOutput

func (AttestorIamBindingOutput) ElementType 

func (AttestorIamBindingOutput) ElementType() reflect.Type

func (AttestorIamBindingOutput) Etag 

func (o AttestorIamBindingOutput) Etag() pulumi.StringOutput

(Computed) The etag of the IAM policy.

func (AttestorIamBindingOutput) Members 

func (o AttestorIamBindingOutput) Members() pulumi.StringArrayOutput

Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"

func (AttestorIamBindingOutput) Project 

func (o AttestorIamBindingOutput) Project() pulumi.StringOutput

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

func (AttestorIamBindingOutput) Role 

func (o AttestorIamBindingOutput) Role() pulumi.StringOutput

The role that should be applied. Only one `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (AttestorIamBindingOutput) ToAttestorIamBindingOutput 

func (o AttestorIamBindingOutput) ToAttestorIamBindingOutput() AttestorIamBindingOutput

func (AttestorIamBindingOutput) ToAttestorIamBindingOutputWithContext 

func (o AttestorIamBindingOutput) ToAttestorIamBindingOutputWithContext(ctx context.Context) AttestorIamBindingOutput

type AttestorIamBindingState 

type AttestorIamBindingState struct {
	// Used to find the parent resource to bind the IAM policy to
	Attestor  pulumi.StringPtrInput
	Condition AttestorIamBindingConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Members pulumi.StringArrayInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (AttestorIamBindingState) ElementType 

func (AttestorIamBindingState) ElementType() reflect.Type

type AttestorIamMember 

type AttestorIamMember struct {
	pulumi.CustomResourceState

	// Used to find the parent resource to bind the IAM policy to
	Attestor  pulumi.StringOutput                 `pulumi:"attestor"`
	Condition AttestorIamMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Member pulumi.StringOutput `pulumi:"member"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:

* `binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached. * `binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved. * `binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.

A data source can be used to retrieve policy data in advent you do not need creation

* `binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor

> **Note:** `binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `binaryauthorization.AttestorIamBinding` and `binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.

> **Note:** `binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.

## google\_binary\_authorization\_attestor\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = binaryauthorization.NewAttestorIamPolicy(ctx, "policy", &binaryauthorization.AttestorIamPolicyArgs{
			Project:    pulumi.Any(attestor.Project),
			Attestor:   pulumi.Any(attestor.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := binaryauthorization.NewAttestorIamBinding(ctx, "binding", &binaryauthorization.AttestorIamBindingArgs{
			Project:  pulumi.Any(attestor.Project),
			Attestor: pulumi.Any(attestor.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := binaryauthorization.NewAttestorIamMember(ctx, "member", &binaryauthorization.AttestorIamMemberArgs{
			Project:  pulumi.Any(attestor.Project),
			Attestor: pulumi.Any(attestor.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = binaryauthorization.NewAttestorIamPolicy(ctx, "policy", &binaryauthorization.AttestorIamPolicyArgs{
			Project:    pulumi.Any(attestor.Project),
			Attestor:   pulumi.Any(attestor.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := binaryauthorization.NewAttestorIamBinding(ctx, "binding", &binaryauthorization.AttestorIamBindingArgs{
			Project:  pulumi.Any(attestor.Project),
			Attestor: pulumi.Any(attestor.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := binaryauthorization.NewAttestorIamMember(ctx, "member", &binaryauthorization.AttestorIamMemberArgs{
			Project:  pulumi.Any(attestor.Project),
			Attestor: pulumi.Any(attestor.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms:

* projects/{{project}}/attestors/{{name}}

* {{project}}/{{name}}

* {{name}}

Any variables not passed in the import command will be taken from the provider configuration.

Binary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.

IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.

```sh $ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor "projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com" ```

IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.

```sh $ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor "projects/{{project}}/attestors/{{attestor}} roles/viewer" ```

IAM policy imports use the identifier of the resource in question, e.g.

```sh $ pulumi import gcp:binaryauthorization/attestorIamMember:AttestorIamMember editor projects/{{project}}/attestors/{{attestor}} ```

-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the 

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetAttestorIamMember 

func GetAttestorIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AttestorIamMemberState, opts ...pulumi.ResourceOption) (*AttestorIamMember, error)

GetAttestorIamMember gets an existing AttestorIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAttestorIamMember 

func NewAttestorIamMember(ctx *pulumi.Context,
	name string, args *AttestorIamMemberArgs, opts ...pulumi.ResourceOption) (*AttestorIamMember, error)

NewAttestorIamMember registers a new resource with the given unique name, arguments, and options.

func (*AttestorIamMember) ElementType 

func (*AttestorIamMember) ElementType() reflect.Type

func (*AttestorIamMember) ToAttestorIamMemberOutput 

func (i *AttestorIamMember) ToAttestorIamMemberOutput() AttestorIamMemberOutput

func (*AttestorIamMember) ToAttestorIamMemberOutputWithContext 

func (i *AttestorIamMember) ToAttestorIamMemberOutputWithContext(ctx context.Context) AttestorIamMemberOutput

type AttestorIamMemberArgs 

type AttestorIamMemberArgs struct {
	// Used to find the parent resource to bind the IAM policy to
	Attestor  pulumi.StringInput
	Condition AttestorIamMemberConditionPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Member pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a AttestorIamMember resource.

func (AttestorIamMemberArgs) ElementType 

func (AttestorIamMemberArgs) ElementType() reflect.Type

type AttestorIamMemberArray 

type AttestorIamMemberArray []AttestorIamMemberInput

func (AttestorIamMemberArray) ElementType 

func (AttestorIamMemberArray) ElementType() reflect.Type

func (AttestorIamMemberArray) ToAttestorIamMemberArrayOutput 

func (i AttestorIamMemberArray) ToAttestorIamMemberArrayOutput() AttestorIamMemberArrayOutput

func (AttestorIamMemberArray) ToAttestorIamMemberArrayOutputWithContext 

func (i AttestorIamMemberArray) ToAttestorIamMemberArrayOutputWithContext(ctx context.Context) AttestorIamMemberArrayOutput

type AttestorIamMemberArrayInput 

type AttestorIamMemberArrayInput interface {
	pulumi.Input

	ToAttestorIamMemberArrayOutput() AttestorIamMemberArrayOutput
	ToAttestorIamMemberArrayOutputWithContext(context.Context) AttestorIamMemberArrayOutput
}

AttestorIamMemberArrayInput is an input type that accepts AttestorIamMemberArray and AttestorIamMemberArrayOutput values. You can construct a concrete instance of `AttestorIamMemberArrayInput` via: 

AttestorIamMemberArray{ AttestorIamMemberArgs{...} }

type AttestorIamMemberArrayOutput 

type AttestorIamMemberArrayOutput struct{ *pulumi.OutputState }

func (AttestorIamMemberArrayOutput) ElementType 

func (AttestorIamMemberArrayOutput) ElementType() reflect.Type

func (AttestorIamMemberArrayOutput) Index 

func (o AttestorIamMemberArrayOutput) Index(i pulumi.IntInput) AttestorIamMemberOutput

func (AttestorIamMemberArrayOutput) ToAttestorIamMemberArrayOutput 

func (o AttestorIamMemberArrayOutput) ToAttestorIamMemberArrayOutput() AttestorIamMemberArrayOutput

func (AttestorIamMemberArrayOutput) ToAttestorIamMemberArrayOutputWithContext 

func (o AttestorIamMemberArrayOutput) ToAttestorIamMemberArrayOutputWithContext(ctx context.Context) AttestorIamMemberArrayOutput

type AttestorIamMemberCondition 

type AttestorIamMemberCondition struct {
	Description *string `pulumi:"description"`
	Expression  string  `pulumi:"expression"`
	Title       string  `pulumi:"title"`
}

type AttestorIamMemberConditionArgs 

type AttestorIamMemberConditionArgs struct {
	Description pulumi.StringPtrInput `pulumi:"description"`
	Expression  pulumi.StringInput    `pulumi:"expression"`
	Title       pulumi.StringInput    `pulumi:"title"`
}

func (AttestorIamMemberConditionArgs) ElementType 

func (AttestorIamMemberConditionArgs) ElementType() reflect.Type

func (AttestorIamMemberConditionArgs) ToAttestorIamMemberConditionOutput 

func (i AttestorIamMemberConditionArgs) ToAttestorIamMemberConditionOutput() AttestorIamMemberConditionOutput

func (AttestorIamMemberConditionArgs) ToAttestorIamMemberConditionOutputWithContext 

func (i AttestorIamMemberConditionArgs) ToAttestorIamMemberConditionOutputWithContext(ctx context.Context) AttestorIamMemberConditionOutput

func (AttestorIamMemberConditionArgs) ToAttestorIamMemberConditionPtrOutput 

func (i AttestorIamMemberConditionArgs) ToAttestorIamMemberConditionPtrOutput() AttestorIamMemberConditionPtrOutput

func (AttestorIamMemberConditionArgs) ToAttestorIamMemberConditionPtrOutputWithContext 

func (i AttestorIamMemberConditionArgs) ToAttestorIamMemberConditionPtrOutputWithContext(ctx context.Context) AttestorIamMemberConditionPtrOutput

type AttestorIamMemberConditionInput 

type AttestorIamMemberConditionInput interface {
	pulumi.Input

	ToAttestorIamMemberConditionOutput() AttestorIamMemberConditionOutput
	ToAttestorIamMemberConditionOutputWithContext(context.Context) AttestorIamMemberConditionOutput
}

AttestorIamMemberConditionInput is an input type that accepts AttestorIamMemberConditionArgs and AttestorIamMemberConditionOutput values. You can construct a concrete instance of `AttestorIamMemberConditionInput` via: 

AttestorIamMemberConditionArgs{...}

type AttestorIamMemberConditionOutput 

type AttestorIamMemberConditionOutput struct{ *pulumi.OutputState }

func (AttestorIamMemberConditionOutput) Description 

func (o AttestorIamMemberConditionOutput) Description() pulumi.StringPtrOutput

func (AttestorIamMemberConditionOutput) ElementType 

func (AttestorIamMemberConditionOutput) ElementType() reflect.Type

func (AttestorIamMemberConditionOutput) Expression 

func (o AttestorIamMemberConditionOutput) Expression() pulumi.StringOutput

func (AttestorIamMemberConditionOutput) Title 

func (o AttestorIamMemberConditionOutput) Title() pulumi.StringOutput

func (AttestorIamMemberConditionOutput) ToAttestorIamMemberConditionOutput 

func (o AttestorIamMemberConditionOutput) ToAttestorIamMemberConditionOutput() AttestorIamMemberConditionOutput

func (AttestorIamMemberConditionOutput) ToAttestorIamMemberConditionOutputWithContext 

func (o AttestorIamMemberConditionOutput) ToAttestorIamMemberConditionOutputWithContext(ctx context.Context) AttestorIamMemberConditionOutput

func (AttestorIamMemberConditionOutput) ToAttestorIamMemberConditionPtrOutput 

func (o AttestorIamMemberConditionOutput) ToAttestorIamMemberConditionPtrOutput() AttestorIamMemberConditionPtrOutput

func (AttestorIamMemberConditionOutput) ToAttestorIamMemberConditionPtrOutputWithContext 

func (o AttestorIamMemberConditionOutput) ToAttestorIamMemberConditionPtrOutputWithContext(ctx context.Context) AttestorIamMemberConditionPtrOutput

type AttestorIamMemberConditionPtrInput 

type AttestorIamMemberConditionPtrInput interface {
	pulumi.Input

	ToAttestorIamMemberConditionPtrOutput() AttestorIamMemberConditionPtrOutput
	ToAttestorIamMemberConditionPtrOutputWithContext(context.Context) AttestorIamMemberConditionPtrOutput
}

AttestorIamMemberConditionPtrInput is an input type that accepts AttestorIamMemberConditionArgs, AttestorIamMemberConditionPtr and AttestorIamMemberConditionPtrOutput values. You can construct a concrete instance of `AttestorIamMemberConditionPtrInput` via: 

        AttestorIamMemberConditionArgs{...}

or:

        nil

func AttestorIamMemberConditionPtr 

func AttestorIamMemberConditionPtr(v *AttestorIamMemberConditionArgs) AttestorIamMemberConditionPtrInput

type AttestorIamMemberConditionPtrOutput 

type AttestorIamMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (AttestorIamMemberConditionPtrOutput) Description 

func (o AttestorIamMemberConditionPtrOutput) Description() pulumi.StringPtrOutput

func (AttestorIamMemberConditionPtrOutput) Elem 

func (o AttestorIamMemberConditionPtrOutput) Elem() AttestorIamMemberConditionOutput

func (AttestorIamMemberConditionPtrOutput) ElementType 

func (AttestorIamMemberConditionPtrOutput) ElementType() reflect.Type

func (AttestorIamMemberConditionPtrOutput) Expression 

func (o AttestorIamMemberConditionPtrOutput) Expression() pulumi.StringPtrOutput

func (AttestorIamMemberConditionPtrOutput) Title 

func (o AttestorIamMemberConditionPtrOutput) Title() pulumi.StringPtrOutput

func (AttestorIamMemberConditionPtrOutput) ToAttestorIamMemberConditionPtrOutput 

func (o AttestorIamMemberConditionPtrOutput) ToAttestorIamMemberConditionPtrOutput() AttestorIamMemberConditionPtrOutput

func (AttestorIamMemberConditionPtrOutput) ToAttestorIamMemberConditionPtrOutputWithContext 

func (o AttestorIamMemberConditionPtrOutput) ToAttestorIamMemberConditionPtrOutputWithContext(ctx context.Context) AttestorIamMemberConditionPtrOutput

type AttestorIamMemberInput 

type AttestorIamMemberInput interface {
	pulumi.Input

	ToAttestorIamMemberOutput() AttestorIamMemberOutput
	ToAttestorIamMemberOutputWithContext(ctx context.Context) AttestorIamMemberOutput
}

type AttestorIamMemberMap 

type AttestorIamMemberMap map[string]AttestorIamMemberInput

func (AttestorIamMemberMap) ElementType 

func (AttestorIamMemberMap) ElementType() reflect.Type

func (AttestorIamMemberMap) ToAttestorIamMemberMapOutput 

func (i AttestorIamMemberMap) ToAttestorIamMemberMapOutput() AttestorIamMemberMapOutput

func (AttestorIamMemberMap) ToAttestorIamMemberMapOutputWithContext 

func (i AttestorIamMemberMap) ToAttestorIamMemberMapOutputWithContext(ctx context.Context) AttestorIamMemberMapOutput

type AttestorIamMemberMapInput 

type AttestorIamMemberMapInput interface {
	pulumi.Input

	ToAttestorIamMemberMapOutput() AttestorIamMemberMapOutput
	ToAttestorIamMemberMapOutputWithContext(context.Context) AttestorIamMemberMapOutput
}

AttestorIamMemberMapInput is an input type that accepts AttestorIamMemberMap and AttestorIamMemberMapOutput values. You can construct a concrete instance of `AttestorIamMemberMapInput` via: 

AttestorIamMemberMap{ "key": AttestorIamMemberArgs{...} }

type AttestorIamMemberMapOutput 

type AttestorIamMemberMapOutput struct{ *pulumi.OutputState }

func (AttestorIamMemberMapOutput) ElementType 

func (AttestorIamMemberMapOutput) ElementType() reflect.Type

func (AttestorIamMemberMapOutput) MapIndex 

func (o AttestorIamMemberMapOutput) MapIndex(k pulumi.StringInput) AttestorIamMemberOutput

func (AttestorIamMemberMapOutput) ToAttestorIamMemberMapOutput 

func (o AttestorIamMemberMapOutput) ToAttestorIamMemberMapOutput() AttestorIamMemberMapOutput

func (AttestorIamMemberMapOutput) ToAttestorIamMemberMapOutputWithContext 

func (o AttestorIamMemberMapOutput) ToAttestorIamMemberMapOutputWithContext(ctx context.Context) AttestorIamMemberMapOutput

type AttestorIamMemberOutput 

type AttestorIamMemberOutput struct{ *pulumi.OutputState }

func (AttestorIamMemberOutput) Attestor 

func (o AttestorIamMemberOutput) Attestor() pulumi.StringOutput

Used to find the parent resource to bind the IAM policy to

func (AttestorIamMemberOutput) Condition 

func (o AttestorIamMemberOutput) Condition() AttestorIamMemberConditionPtrOutput

func (AttestorIamMemberOutput) ElementType 

func (AttestorIamMemberOutput) ElementType() reflect.Type

func (AttestorIamMemberOutput) Etag 

func (o AttestorIamMemberOutput) Etag() pulumi.StringOutput

(Computed) The etag of the IAM policy.

func (AttestorIamMemberOutput) Member 

func (o AttestorIamMemberOutput) Member() pulumi.StringOutput

Identities that will be granted the privilege in `role`. Each entry can have one of the following values: * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project" * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project" * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"

func (AttestorIamMemberOutput) Project 

func (o AttestorIamMemberOutput) Project() pulumi.StringOutput

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

func (AttestorIamMemberOutput) Role 

func (o AttestorIamMemberOutput) Role() pulumi.StringOutput

The role that should be applied. Only one `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (AttestorIamMemberOutput) ToAttestorIamMemberOutput 

func (o AttestorIamMemberOutput) ToAttestorIamMemberOutput() AttestorIamMemberOutput

func (AttestorIamMemberOutput) ToAttestorIamMemberOutputWithContext 

func (o AttestorIamMemberOutput) ToAttestorIamMemberOutputWithContext(ctx context.Context) AttestorIamMemberOutput

type AttestorIamMemberState 

type AttestorIamMemberState struct {
	// Used to find the parent resource to bind the IAM policy to
	Attestor  pulumi.StringPtrInput
	Condition AttestorIamMemberConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// Identities that will be granted the privilege in `role`.
	// Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Member pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `binaryauthorization.AttestorIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (AttestorIamMemberState) ElementType 

func (AttestorIamMemberState) ElementType() reflect.Type

type AttestorIamPolicy 

type AttestorIamPolicy struct {
	pulumi.CustomResourceState

	// Used to find the parent resource to bind the IAM policy to
	Attestor pulumi.StringOutput `pulumi:"attestor"`
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
}

Three different resources help you manage your IAM policy for Binary Authorization Attestor. Each of these resources serves a different use case:

* `binaryauthorization.AttestorIamPolicy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached. * `binaryauthorization.AttestorIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved. * `binaryauthorization.AttestorIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved.

A data source can be used to retrieve policy data in advent you do not need creation

* `binaryauthorization.AttestorIamPolicy`: Retrieves the IAM policy for the attestor

> **Note:** `binaryauthorization.AttestorIamPolicy` **cannot** be used in conjunction with `binaryauthorization.AttestorIamBinding` and `binaryauthorization.AttestorIamMember` or they will fight over what your policy should be.

> **Note:** `binaryauthorization.AttestorIamBinding` resources **can be** used in conjunction with `binaryauthorization.AttestorIamMember` resources **only if** they do not grant privilege to the same role.

## google\_binary\_authorization\_attestor\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = binaryauthorization.NewAttestorIamPolicy(ctx, "policy", &binaryauthorization.AttestorIamPolicyArgs{
			Project:    pulumi.Any(attestor.Project),
			Attestor:   pulumi.Any(attestor.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := binaryauthorization.NewAttestorIamBinding(ctx, "binding", &binaryauthorization.AttestorIamBindingArgs{
			Project:  pulumi.Any(attestor.Project),
			Attestor: pulumi.Any(attestor.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := binaryauthorization.NewAttestorIamMember(ctx, "member", &binaryauthorization.AttestorIamMemberArgs{
			Project:  pulumi.Any(attestor.Project),
			Attestor: pulumi.Any(attestor.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_policy

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = binaryauthorization.NewAttestorIamPolicy(ctx, "policy", &binaryauthorization.AttestorIamPolicyArgs{
			Project:    pulumi.Any(attestor.Project),
			Attestor:   pulumi.Any(attestor.Name),
			PolicyData: pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_binding

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := binaryauthorization.NewAttestorIamBinding(ctx, "binding", &binaryauthorization.AttestorIamBindingArgs{
			Project:  pulumi.Any(attestor.Project),
			Attestor: pulumi.Any(attestor.Name),
			Role:     pulumi.String("roles/viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_binary\_authorization\_attestor\_iam\_member

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := binaryauthorization.NewAttestorIamMember(ctx, "member", &binaryauthorization.AttestorIamMemberArgs{
			Project:  pulumi.Any(attestor.Project),
			Attestor: pulumi.Any(attestor.Name),
			Role:     pulumi.String("roles/viewer"),
			Member:   pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms:

* projects/{{project}}/attestors/{{name}}

* {{project}}/{{name}}

* {{name}}

Any variables not passed in the import command will be taken from the provider configuration.

Binary Authorization attestor IAM resources can be imported using the resource identifiers, role, and member.

IAM member imports use space-delimited identifiers: the resource in question, the role, and the member identity, e.g.

```sh $ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor "projects/{{project}}/attestors/{{attestor}} roles/viewer user:jane@example.com" ```

IAM binding imports use space-delimited identifiers: the resource in question and the role, e.g.

```sh $ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor "projects/{{project}}/attestors/{{attestor}} roles/viewer" ```

IAM policy imports use the identifier of the resource in question, e.g.

```sh $ pulumi import gcp:binaryauthorization/attestorIamPolicy:AttestorIamPolicy editor projects/{{project}}/attestors/{{attestor}} ```

-> **Custom Roles**: If you're importing a IAM resource with a custom role, make sure to use the 

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetAttestorIamPolicy 

func GetAttestorIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AttestorIamPolicyState, opts ...pulumi.ResourceOption) (*AttestorIamPolicy, error)

GetAttestorIamPolicy gets an existing AttestorIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAttestorIamPolicy 

func NewAttestorIamPolicy(ctx *pulumi.Context,
	name string, args *AttestorIamPolicyArgs, opts ...pulumi.ResourceOption) (*AttestorIamPolicy, error)

NewAttestorIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*AttestorIamPolicy) ElementType 

func (*AttestorIamPolicy) ElementType() reflect.Type

func (*AttestorIamPolicy) ToAttestorIamPolicyOutput 

func (i *AttestorIamPolicy) ToAttestorIamPolicyOutput() AttestorIamPolicyOutput

func (*AttestorIamPolicy) ToAttestorIamPolicyOutputWithContext 

func (i *AttestorIamPolicy) ToAttestorIamPolicyOutputWithContext(ctx context.Context) AttestorIamPolicyOutput

type AttestorIamPolicyArgs 

type AttestorIamPolicyArgs struct {
	// Used to find the parent resource to bind the IAM policy to
	Attestor pulumi.StringInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a AttestorIamPolicy resource.

func (AttestorIamPolicyArgs) ElementType 

func (AttestorIamPolicyArgs) ElementType() reflect.Type

type AttestorIamPolicyArray 

type AttestorIamPolicyArray []AttestorIamPolicyInput

func (AttestorIamPolicyArray) ElementType 

func (AttestorIamPolicyArray) ElementType() reflect.Type

func (AttestorIamPolicyArray) ToAttestorIamPolicyArrayOutput 

func (i AttestorIamPolicyArray) ToAttestorIamPolicyArrayOutput() AttestorIamPolicyArrayOutput

func (AttestorIamPolicyArray) ToAttestorIamPolicyArrayOutputWithContext 

func (i AttestorIamPolicyArray) ToAttestorIamPolicyArrayOutputWithContext(ctx context.Context) AttestorIamPolicyArrayOutput

type AttestorIamPolicyArrayInput 

type AttestorIamPolicyArrayInput interface {
	pulumi.Input

	ToAttestorIamPolicyArrayOutput() AttestorIamPolicyArrayOutput
	ToAttestorIamPolicyArrayOutputWithContext(context.Context) AttestorIamPolicyArrayOutput
}

AttestorIamPolicyArrayInput is an input type that accepts AttestorIamPolicyArray and AttestorIamPolicyArrayOutput values. You can construct a concrete instance of `AttestorIamPolicyArrayInput` via: 

AttestorIamPolicyArray{ AttestorIamPolicyArgs{...} }

type AttestorIamPolicyArrayOutput 

type AttestorIamPolicyArrayOutput struct{ *pulumi.OutputState }

func (AttestorIamPolicyArrayOutput) ElementType 

func (AttestorIamPolicyArrayOutput) ElementType() reflect.Type

func (AttestorIamPolicyArrayOutput) Index 

func (o AttestorIamPolicyArrayOutput) Index(i pulumi.IntInput) AttestorIamPolicyOutput

func (AttestorIamPolicyArrayOutput) ToAttestorIamPolicyArrayOutput 

func (o AttestorIamPolicyArrayOutput) ToAttestorIamPolicyArrayOutput() AttestorIamPolicyArrayOutput

func (AttestorIamPolicyArrayOutput) ToAttestorIamPolicyArrayOutputWithContext 

func (o AttestorIamPolicyArrayOutput) ToAttestorIamPolicyArrayOutputWithContext(ctx context.Context) AttestorIamPolicyArrayOutput

type AttestorIamPolicyInput 

type AttestorIamPolicyInput interface {
	pulumi.Input

	ToAttestorIamPolicyOutput() AttestorIamPolicyOutput
	ToAttestorIamPolicyOutputWithContext(ctx context.Context) AttestorIamPolicyOutput
}

type AttestorIamPolicyMap 

type AttestorIamPolicyMap map[string]AttestorIamPolicyInput

func (AttestorIamPolicyMap) ElementType 

func (AttestorIamPolicyMap) ElementType() reflect.Type

func (AttestorIamPolicyMap) ToAttestorIamPolicyMapOutput 

func (i AttestorIamPolicyMap) ToAttestorIamPolicyMapOutput() AttestorIamPolicyMapOutput

func (AttestorIamPolicyMap) ToAttestorIamPolicyMapOutputWithContext 

func (i AttestorIamPolicyMap) ToAttestorIamPolicyMapOutputWithContext(ctx context.Context) AttestorIamPolicyMapOutput

type AttestorIamPolicyMapInput 

type AttestorIamPolicyMapInput interface {
	pulumi.Input

	ToAttestorIamPolicyMapOutput() AttestorIamPolicyMapOutput
	ToAttestorIamPolicyMapOutputWithContext(context.Context) AttestorIamPolicyMapOutput
}

AttestorIamPolicyMapInput is an input type that accepts AttestorIamPolicyMap and AttestorIamPolicyMapOutput values. You can construct a concrete instance of `AttestorIamPolicyMapInput` via: 

AttestorIamPolicyMap{ "key": AttestorIamPolicyArgs{...} }

type AttestorIamPolicyMapOutput 

type AttestorIamPolicyMapOutput struct{ *pulumi.OutputState }

func (AttestorIamPolicyMapOutput) ElementType 

func (AttestorIamPolicyMapOutput) ElementType() reflect.Type

func (AttestorIamPolicyMapOutput) MapIndex 

func (o AttestorIamPolicyMapOutput) MapIndex(k pulumi.StringInput) AttestorIamPolicyOutput

func (AttestorIamPolicyMapOutput) ToAttestorIamPolicyMapOutput 

func (o AttestorIamPolicyMapOutput) ToAttestorIamPolicyMapOutput() AttestorIamPolicyMapOutput

func (AttestorIamPolicyMapOutput) ToAttestorIamPolicyMapOutputWithContext 

func (o AttestorIamPolicyMapOutput) ToAttestorIamPolicyMapOutputWithContext(ctx context.Context) AttestorIamPolicyMapOutput

type AttestorIamPolicyOutput 

type AttestorIamPolicyOutput struct{ *pulumi.OutputState }

func (AttestorIamPolicyOutput) Attestor 

func (o AttestorIamPolicyOutput) Attestor() pulumi.StringOutput

Used to find the parent resource to bind the IAM policy to

func (AttestorIamPolicyOutput) ElementType 

func (AttestorIamPolicyOutput) ElementType() reflect.Type

func (AttestorIamPolicyOutput) Etag 

func (o AttestorIamPolicyOutput) Etag() pulumi.StringOutput

(Computed) The etag of the IAM policy.

func (AttestorIamPolicyOutput) PolicyData 

func (o AttestorIamPolicyOutput) PolicyData() pulumi.StringOutput

The policy data generated by a `organizations.getIAMPolicy` data source.

func (AttestorIamPolicyOutput) Project 

func (o AttestorIamPolicyOutput) Project() pulumi.StringOutput

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

func (AttestorIamPolicyOutput) ToAttestorIamPolicyOutput 

func (o AttestorIamPolicyOutput) ToAttestorIamPolicyOutput() AttestorIamPolicyOutput

func (AttestorIamPolicyOutput) ToAttestorIamPolicyOutputWithContext 

func (o AttestorIamPolicyOutput) ToAttestorIamPolicyOutputWithContext(ctx context.Context) AttestorIamPolicyOutput

type AttestorIamPolicyState 

type AttestorIamPolicyState struct {
	// Used to find the parent resource to bind the IAM policy to
	Attestor pulumi.StringPtrInput
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput
}

func (AttestorIamPolicyState) ElementType 

func (AttestorIamPolicyState) ElementType() reflect.Type

type AttestorInput 

type AttestorInput interface {
	pulumi.Input

	ToAttestorOutput() AttestorOutput
	ToAttestorOutputWithContext(ctx context.Context) AttestorOutput
}

type AttestorMap 

type AttestorMap map[string]AttestorInput

func (AttestorMap) ElementType 

func (AttestorMap) ElementType() reflect.Type

func (AttestorMap) ToAttestorMapOutput 

func (i AttestorMap) ToAttestorMapOutput() AttestorMapOutput

func (AttestorMap) ToAttestorMapOutputWithContext 

func (i AttestorMap) ToAttestorMapOutputWithContext(ctx context.Context) AttestorMapOutput

type AttestorMapInput 

type AttestorMapInput interface {
	pulumi.Input

	ToAttestorMapOutput() AttestorMapOutput
	ToAttestorMapOutputWithContext(context.Context) AttestorMapOutput
}

AttestorMapInput is an input type that accepts AttestorMap and AttestorMapOutput values. You can construct a concrete instance of `AttestorMapInput` via: 

AttestorMap{ "key": AttestorArgs{...} }

type AttestorMapOutput 

type AttestorMapOutput struct{ *pulumi.OutputState }

func (AttestorMapOutput) ElementType 

func (AttestorMapOutput) ElementType() reflect.Type

func (AttestorMapOutput) MapIndex 

func (o AttestorMapOutput) MapIndex(k pulumi.StringInput) AttestorOutput

func (AttestorMapOutput) ToAttestorMapOutput 

func (o AttestorMapOutput) ToAttestorMapOutput() AttestorMapOutput

func (AttestorMapOutput) ToAttestorMapOutputWithContext 

func (o AttestorMapOutput) ToAttestorMapOutputWithContext(ctx context.Context) AttestorMapOutput

type AttestorOutput 

type AttestorOutput struct{ *pulumi.OutputState }

func (AttestorOutput) AttestationAuthorityNote 

func (o AttestorOutput) AttestationAuthorityNote() AttestorAttestationAuthorityNoteOutput

A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. Structure is documented below.

func (AttestorOutput) Description 

func (o AttestorOutput) Description() pulumi.StringPtrOutput

A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

func (AttestorOutput) ElementType 

func (AttestorOutput) ElementType() reflect.Type

func (AttestorOutput) Name 

func (o AttestorOutput) Name() pulumi.StringOutput

The resource name.

func (AttestorOutput) Project 

func (o AttestorOutput) Project() pulumi.StringOutput

func (AttestorOutput) ToAttestorOutput 

func (o AttestorOutput) ToAttestorOutput() AttestorOutput

func (AttestorOutput) ToAttestorOutputWithContext 

func (o AttestorOutput) ToAttestorOutputWithContext(ctx context.Context) AttestorOutput

type AttestorState 

type AttestorState struct {
	// A Container Analysis ATTESTATION_AUTHORITY Note, created by the user.
	// Structure is documented below.
	AttestationAuthorityNote AttestorAttestationAuthorityNotePtrInput
	// A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
	Description pulumi.StringPtrInput
	// The resource name.
	Name    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
}

func (AttestorState) ElementType 

func (AttestorState) ElementType() reflect.Type

type LookupAttestorIamPolicyArgs 

type LookupAttestorIamPolicyArgs struct {
	// Used to find the parent resource to bind the IAM policy to
	Attestor string `pulumi:"attestor"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project *string `pulumi:"project"`
}

A collection of arguments for invoking getAttestorIamPolicy.

type LookupAttestorIamPolicyOutputArgs 

type LookupAttestorIamPolicyOutputArgs struct {
	// Used to find the parent resource to bind the IAM policy to
	Attestor pulumi.StringInput `pulumi:"attestor"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	Project pulumi.StringPtrInput `pulumi:"project"`
}

A collection of arguments for invoking getAttestorIamPolicy.

func (LookupAttestorIamPolicyOutputArgs) ElementType 

func (LookupAttestorIamPolicyOutputArgs) ElementType() reflect.Type

type LookupAttestorIamPolicyResult 

type LookupAttestorIamPolicyResult struct {
	Attestor string `pulumi:"attestor"`
	// (Computed) The etag of the IAM policy.
	Etag string `pulumi:"etag"`
	// The provider-assigned unique ID for this managed resource.
	Id string `pulumi:"id"`
	// (Required only by `binaryauthorization.AttestorIamPolicy`) The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData string `pulumi:"policyData"`
	Project    string `pulumi:"project"`
}

A collection of values returned by getAttestorIamPolicy.

func LookupAttestorIamPolicy 

func LookupAttestorIamPolicy(ctx *pulumi.Context, args *LookupAttestorIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupAttestorIamPolicyResult, error)

Retrieves the current IAM policy data for attestor

## example

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := binaryauthorization.LookupAttestorIamPolicy(ctx, &binaryauthorization.LookupAttestorIamPolicyArgs{
			Project:  pulumi.StringRef(attestor.Project),
			Attestor: attestor.Name,
		}, nil)
		if err != nil {
			return err
		}
		return nil
	})
}

```

type LookupAttestorIamPolicyResultOutput 

type LookupAttestorIamPolicyResultOutput struct{ *pulumi.OutputState }

A collection of values returned by getAttestorIamPolicy.

func LookupAttestorIamPolicyOutput 

func LookupAttestorIamPolicyOutput(ctx *pulumi.Context, args LookupAttestorIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupAttestorIamPolicyResultOutput

func (LookupAttestorIamPolicyResultOutput) Attestor 

func (o LookupAttestorIamPolicyResultOutput) Attestor() pulumi.StringOutput

func (LookupAttestorIamPolicyResultOutput) ElementType 

func (LookupAttestorIamPolicyResultOutput) ElementType() reflect.Type

func (LookupAttestorIamPolicyResultOutput) Etag 

func (o LookupAttestorIamPolicyResultOutput) Etag() pulumi.StringOutput

(Computed) The etag of the IAM policy.

func (LookupAttestorIamPolicyResultOutput) Id 

func (o LookupAttestorIamPolicyResultOutput) Id() pulumi.StringOutput

The provider-assigned unique ID for this managed resource.

func (LookupAttestorIamPolicyResultOutput) PolicyData 

func (o LookupAttestorIamPolicyResultOutput) PolicyData() pulumi.StringOutput

(Required only by `binaryauthorization.AttestorIamPolicy`) The policy data generated by a `organizations.getIAMPolicy` data source.

func (LookupAttestorIamPolicyResultOutput) Project 

func (o LookupAttestorIamPolicyResultOutput) Project() pulumi.StringOutput

func (LookupAttestorIamPolicyResultOutput) ToLookupAttestorIamPolicyResultOutput 

func (o LookupAttestorIamPolicyResultOutput) ToLookupAttestorIamPolicyResultOutput() LookupAttestorIamPolicyResultOutput

func (LookupAttestorIamPolicyResultOutput) ToLookupAttestorIamPolicyResultOutputWithContext 

func (o LookupAttestorIamPolicyResultOutput) ToLookupAttestorIamPolicyResultOutputWithContext(ctx context.Context) LookupAttestorIamPolicyResultOutput

type Policy 

type Policy struct {
	pulumi.CustomResourceState

	// A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
	// image's admission requests will always be permitted regardless of your admission rules.
	AdmissionWhitelistPatterns PolicyAdmissionWhitelistPatternArrayOutput `pulumi:"admissionWhitelistPatterns"`
	// Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
	// must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
	// denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
	// location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
	ClusterAdmissionRules PolicyClusterAdmissionRuleArrayOutput `pulumi:"clusterAdmissionRules"`
	// Default admission rule for a cluster without a per-cluster admission
	// rule.
	// Structure is documented below.
	DefaultAdmissionRule PolicyDefaultAdmissionRuleOutput `pulumi:"defaultAdmissionRule"`
	// A descriptive comment.
	Description pulumi.StringPtrOutput `pulumi:"description"`
	// Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not
	// covered by the global policy will be subject to the project admission policy. Possible values: ["ENABLE", "DISABLE"]
	GlobalPolicyEvaluationMode pulumi.StringOutput `pulumi:"globalPolicyEvaluationMode"`
	Project                    pulumi.StringOutput `pulumi:"project"`
}

A policy for container image binary authorization.

To get more information about Policy, see:

* [API documentation](https://cloud.google.com/binary-authorization/docs/reference/rest/) * How-to Guides

## Example Usage

### Binary Authorization Policy Basic

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		note, err := containeranalysis.NewNote(ctx, "note", &containeranalysis.NoteArgs{
			Name: pulumi.String("test-attestor-note"),
			AttestationAuthority: &containeranalysis.NoteAttestationAuthorityArgs{
				Hint: &containeranalysis.NoteAttestationAuthorityHintArgs{
					HumanReadableName: pulumi.String("My attestor"),
				},
			},
		})
		if err != nil {
			return err
		}
		attestor, err := binaryauthorization.NewAttestor(ctx, "attestor", &binaryauthorization.AttestorArgs{
			Name: pulumi.String("test-attestor"),
			AttestationAuthorityNote: &binaryauthorization.AttestorAttestationAuthorityNoteArgs{
				NoteReference: note.Name,
			},
		})
		if err != nil {
			return err
		}
		_, err = binaryauthorization.NewPolicy(ctx, "policy", &binaryauthorization.PolicyArgs{
			AdmissionWhitelistPatterns: binaryauthorization.PolicyAdmissionWhitelistPatternArray{
				&binaryauthorization.PolicyAdmissionWhitelistPatternArgs{
					NamePattern: pulumi.String("gcr.io/google_containers/*"),
				},
			},
			DefaultAdmissionRule: &binaryauthorization.PolicyDefaultAdmissionRuleArgs{
				EvaluationMode:  pulumi.String("ALWAYS_ALLOW"),
				EnforcementMode: pulumi.String("ENFORCED_BLOCK_AND_AUDIT_LOG"),
			},
			ClusterAdmissionRules: binaryauthorization.PolicyClusterAdmissionRuleArray{
				&binaryauthorization.PolicyClusterAdmissionRuleArgs{
					Cluster:         pulumi.String("us-central1-a.prod-cluster"),
					EvaluationMode:  pulumi.String("REQUIRE_ATTESTATION"),
					EnforcementMode: pulumi.String("ENFORCED_BLOCK_AND_AUDIT_LOG"),
					RequireAttestationsBies: pulumi.StringArray{
						attestor.Name,
					},
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Binary Authorization Policy Global Evaluation

```go package main

import ( 

"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/binaryauthorization"
"github.com/pulumi/pulumi-gcp/sdk/v7/go/gcp/containeranalysis"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

) 

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		note, err := containeranalysis.NewNote(ctx, "note", &containeranalysis.NoteArgs{
			Name: pulumi.String("test-attestor-note"),
			AttestationAuthority: &containeranalysis.NoteAttestationAuthorityArgs{
				Hint: &containeranalysis.NoteAttestationAuthorityHintArgs{
					HumanReadableName: pulumi.String("My attestor"),
				},
			},
		})
		if err != nil {
			return err
		}
		attestor, err := binaryauthorization.NewAttestor(ctx, "attestor", &binaryauthorization.AttestorArgs{
			Name: pulumi.String("test-attestor"),
			AttestationAuthorityNote: &binaryauthorization.AttestorAttestationAuthorityNoteArgs{
				NoteReference: note.Name,
			},
		})
		if err != nil {
			return err
		}
		_, err = binaryauthorization.NewPolicy(ctx, "policy", &binaryauthorization.PolicyArgs{
			DefaultAdmissionRule: &binaryauthorization.PolicyDefaultAdmissionRuleArgs{
				EvaluationMode:  pulumi.String("REQUIRE_ATTESTATION"),
				EnforcementMode: pulumi.String("ENFORCED_BLOCK_AND_AUDIT_LOG"),
				RequireAttestationsBies: pulumi.StringArray{
					attestor.Name,
				},
			},
			GlobalPolicyEvaluationMode: pulumi.String("ENABLE"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Policy can be imported using any of these accepted formats:

* `projects/{{project}}`

* `{{project}}`

When using the `pulumi import` command, Policy can be imported using one of the formats above. For example:

```sh $ pulumi import gcp:binaryauthorization/policy:Policy default projects/{{project}} ```

```sh $ pulumi import gcp:binaryauthorization/policy:Policy default {{project}} ```

func GetPolicy 

func GetPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyState, opts ...pulumi.ResourceOption) (*Policy, error)

GetPolicy gets an existing Policy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicy 

func NewPolicy(ctx *pulumi.Context,
	name string, args *PolicyArgs, opts ...pulumi.ResourceOption) (*Policy, error)

NewPolicy registers a new resource with the given unique name, arguments, and options.

func (*Policy) ElementType 

func (*Policy) ElementType() reflect.Type

func (*Policy) ToPolicyOutput 

func (i *Policy) ToPolicyOutput() PolicyOutput

func (*Policy) ToPolicyOutputWithContext 

func (i *Policy) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

type PolicyAdmissionWhitelistPattern 

type PolicyAdmissionWhitelistPattern struct {
	// An image name pattern to whitelist, in the form
	// `registry/path/to/image`. This supports a trailing * as a
	// wildcard, but this is allowed only in text after the registry/
	// part.
	NamePattern string `pulumi:"namePattern"`
}

type PolicyAdmissionWhitelistPatternArgs 

type PolicyAdmissionWhitelistPatternArgs struct {
	// An image name pattern to whitelist, in the form
	// `registry/path/to/image`. This supports a trailing * as a
	// wildcard, but this is allowed only in text after the registry/
	// part.
	NamePattern pulumi.StringInput `pulumi:"namePattern"`
}

func (PolicyAdmissionWhitelistPatternArgs) ElementType 

func (PolicyAdmissionWhitelistPatternArgs) ElementType() reflect.Type

func (PolicyAdmissionWhitelistPatternArgs) ToPolicyAdmissionWhitelistPatternOutput 

func (i PolicyAdmissionWhitelistPatternArgs) ToPolicyAdmissionWhitelistPatternOutput() PolicyAdmissionWhitelistPatternOutput

func (PolicyAdmissionWhitelistPatternArgs) ToPolicyAdmissionWhitelistPatternOutputWithContext 

func (i PolicyAdmissionWhitelistPatternArgs) ToPolicyAdmissionWhitelistPatternOutputWithContext(ctx context.Context) PolicyAdmissionWhitelistPatternOutput

type PolicyAdmissionWhitelistPatternArray 

type PolicyAdmissionWhitelistPatternArray []PolicyAdmissionWhitelistPatternInput

func (PolicyAdmissionWhitelistPatternArray) ElementType 

func (PolicyAdmissionWhitelistPatternArray) ElementType() reflect.Type

func (PolicyAdmissionWhitelistPatternArray) ToPolicyAdmissionWhitelistPatternArrayOutput 

func (i PolicyAdmissionWhitelistPatternArray) ToPolicyAdmissionWhitelistPatternArrayOutput() PolicyAdmissionWhitelistPatternArrayOutput

func (PolicyAdmissionWhitelistPatternArray) ToPolicyAdmissionWhitelistPatternArrayOutputWithContext 

func (i PolicyAdmissionWhitelistPatternArray) ToPolicyAdmissionWhitelistPatternArrayOutputWithContext(ctx context.Context) PolicyAdmissionWhitelistPatternArrayOutput

type PolicyAdmissionWhitelistPatternArrayInput 

type PolicyAdmissionWhitelistPatternArrayInput interface {
	pulumi.Input

	ToPolicyAdmissionWhitelistPatternArrayOutput() PolicyAdmissionWhitelistPatternArrayOutput
	ToPolicyAdmissionWhitelistPatternArrayOutputWithContext(context.Context) PolicyAdmissionWhitelistPatternArrayOutput
}

PolicyAdmissionWhitelistPatternArrayInput is an input type that accepts PolicyAdmissionWhitelistPatternArray and PolicyAdmissionWhitelistPatternArrayOutput values. You can construct a concrete instance of `PolicyAdmissionWhitelistPatternArrayInput` via: 

PolicyAdmissionWhitelistPatternArray{ PolicyAdmissionWhitelistPatternArgs{...} }

type PolicyAdmissionWhitelistPatternArrayOutput 

type PolicyAdmissionWhitelistPatternArrayOutput struct{ *pulumi.OutputState }

func (PolicyAdmissionWhitelistPatternArrayOutput) ElementType 

func (PolicyAdmissionWhitelistPatternArrayOutput) ElementType() reflect.Type

func (PolicyAdmissionWhitelistPatternArrayOutput) Index 

func (o PolicyAdmissionWhitelistPatternArrayOutput) Index(i pulumi.IntInput) PolicyAdmissionWhitelistPatternOutput

func (PolicyAdmissionWhitelistPatternArrayOutput) ToPolicyAdmissionWhitelistPatternArrayOutput 

func (o PolicyAdmissionWhitelistPatternArrayOutput) ToPolicyAdmissionWhitelistPatternArrayOutput() PolicyAdmissionWhitelistPatternArrayOutput

func (PolicyAdmissionWhitelistPatternArrayOutput) ToPolicyAdmissionWhitelistPatternArrayOutputWithContext 

func (o PolicyAdmissionWhitelistPatternArrayOutput) ToPolicyAdmissionWhitelistPatternArrayOutputWithContext(ctx context.Context) PolicyAdmissionWhitelistPatternArrayOutput

type PolicyAdmissionWhitelistPatternInput 

type PolicyAdmissionWhitelistPatternInput interface {
	pulumi.Input

	ToPolicyAdmissionWhitelistPatternOutput() PolicyAdmissionWhitelistPatternOutput
	ToPolicyAdmissionWhitelistPatternOutputWithContext(context.Context) PolicyAdmissionWhitelistPatternOutput
}

PolicyAdmissionWhitelistPatternInput is an input type that accepts PolicyAdmissionWhitelistPatternArgs and PolicyAdmissionWhitelistPatternOutput values. You can construct a concrete instance of `PolicyAdmissionWhitelistPatternInput` via: 

PolicyAdmissionWhitelistPatternArgs{...}

type PolicyAdmissionWhitelistPatternOutput 

type PolicyAdmissionWhitelistPatternOutput struct{ *pulumi.OutputState }

func (PolicyAdmissionWhitelistPatternOutput) ElementType 

func (PolicyAdmissionWhitelistPatternOutput) ElementType() reflect.Type

func (PolicyAdmissionWhitelistPatternOutput) NamePattern 

func (o PolicyAdmissionWhitelistPatternOutput) NamePattern() pulumi.StringOutput

An image name pattern to whitelist, in the form `registry/path/to/image`. This supports a trailing * as a wildcard, but this is allowed only in text after the registry/ part.

func (PolicyAdmissionWhitelistPatternOutput) ToPolicyAdmissionWhitelistPatternOutput 

func (o PolicyAdmissionWhitelistPatternOutput) ToPolicyAdmissionWhitelistPatternOutput() PolicyAdmissionWhitelistPatternOutput

func (PolicyAdmissionWhitelistPatternOutput) ToPolicyAdmissionWhitelistPatternOutputWithContext 

func (o PolicyAdmissionWhitelistPatternOutput) ToPolicyAdmissionWhitelistPatternOutputWithContext(ctx context.Context) PolicyAdmissionWhitelistPatternOutput

type PolicyArgs 

type PolicyArgs struct {
	// A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
	// image's admission requests will always be permitted regardless of your admission rules.
	AdmissionWhitelistPatterns PolicyAdmissionWhitelistPatternArrayInput
	// Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
	// must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
	// denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
	// location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
	ClusterAdmissionRules PolicyClusterAdmissionRuleArrayInput
	// Default admission rule for a cluster without a per-cluster admission
	// rule.
	// Structure is documented below.
	DefaultAdmissionRule PolicyDefaultAdmissionRuleInput
	// A descriptive comment.
	Description pulumi.StringPtrInput
	// Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not
	// covered by the global policy will be subject to the project admission policy. Possible values: ["ENABLE", "DISABLE"]
	GlobalPolicyEvaluationMode pulumi.StringPtrInput
	Project                    pulumi.StringPtrInput
}

The set of arguments for constructing a Policy resource.

func (PolicyArgs) ElementType 

func (PolicyArgs) ElementType() reflect.Type

type PolicyArray 

type PolicyArray []PolicyInput

func (PolicyArray) ElementType 

func (PolicyArray) ElementType() reflect.Type

func (PolicyArray) ToPolicyArrayOutput 

func (i PolicyArray) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArray) ToPolicyArrayOutputWithContext 

func (i PolicyArray) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyArrayInput 

type PolicyArrayInput interface {
	pulumi.Input

	ToPolicyArrayOutput() PolicyArrayOutput
	ToPolicyArrayOutputWithContext(context.Context) PolicyArrayOutput
}

PolicyArrayInput is an input type that accepts PolicyArray and PolicyArrayOutput values. You can construct a concrete instance of `PolicyArrayInput` via: 

PolicyArray{ PolicyArgs{...} }

type PolicyArrayOutput 

type PolicyArrayOutput struct{ *pulumi.OutputState }

func (PolicyArrayOutput) ElementType 

func (PolicyArrayOutput) ElementType() reflect.Type

func (PolicyArrayOutput) Index 

func (o PolicyArrayOutput) Index(i pulumi.IntInput) PolicyOutput

func (PolicyArrayOutput) ToPolicyArrayOutput 

func (o PolicyArrayOutput) ToPolicyArrayOutput() PolicyArrayOutput

func (PolicyArrayOutput) ToPolicyArrayOutputWithContext 

func (o PolicyArrayOutput) ToPolicyArrayOutputWithContext(ctx context.Context) PolicyArrayOutput

type PolicyClusterAdmissionRule 

type PolicyClusterAdmissionRule struct {
	// The identifier for this object. Format specified above.
	Cluster string `pulumi:"cluster"`
	// The action when a pod creation is denied by the admission rule.
	// Possible values are: `ENFORCED_BLOCK_AND_AUDIT_LOG`, `DRYRUN_AUDIT_LOG_ONLY`.
	EnforcementMode string `pulumi:"enforcementMode"`
	// How this admission rule will be evaluated.
	// Possible values are: `ALWAYS_ALLOW`, `REQUIRE_ATTESTATION`, `ALWAYS_DENY`.
	EvaluationMode string `pulumi:"evaluationMode"`
	// The resource names of the attestors that must attest to a
	// container image. If the attestor is in a different project from the
	// policy, it should be specified in the format `projects/*/attestors/*`.
	// Each attestor must exist before a policy can reference it. To add an
	// attestor to a policy the principal issuing the policy change
	// request must be able to read the attestor resource.
	// Note: this field must be non-empty when the evaluationMode field
	// specifies REQUIRE_ATTESTATION, otherwise it must be empty.
	RequireAttestationsBies []string `pulumi:"requireAttestationsBies"`
}

type PolicyClusterAdmissionRuleArgs 

type PolicyClusterAdmissionRuleArgs struct {
	// The identifier for this object. Format specified above.
	Cluster pulumi.StringInput `pulumi:"cluster"`
	// The action when a pod creation is denied by the admission rule.
	// Possible values are: `ENFORCED_BLOCK_AND_AUDIT_LOG`, `DRYRUN_AUDIT_LOG_ONLY`.
	EnforcementMode pulumi.StringInput `pulumi:"enforcementMode"`
	// How this admission rule will be evaluated.
	// Possible values are: `ALWAYS_ALLOW`, `REQUIRE_ATTESTATION`, `ALWAYS_DENY`.
	EvaluationMode pulumi.StringInput `pulumi:"evaluationMode"`
	// The resource names of the attestors that must attest to a
	// container image. If the attestor is in a different project from the
	// policy, it should be specified in the format `projects/*/attestors/*`.
	// Each attestor must exist before a policy can reference it. To add an
	// attestor to a policy the principal issuing the policy change
	// request must be able to read the attestor resource.
	// Note: this field must be non-empty when the evaluationMode field
	// specifies REQUIRE_ATTESTATION, otherwise it must be empty.
	RequireAttestationsBies pulumi.StringArrayInput `pulumi:"requireAttestationsBies"`
}

func (PolicyClusterAdmissionRuleArgs) ElementType 

func (PolicyClusterAdmissionRuleArgs) ElementType() reflect.Type

func (PolicyClusterAdmissionRuleArgs) ToPolicyClusterAdmissionRuleOutput 

func (i PolicyClusterAdmissionRuleArgs) ToPolicyClusterAdmissionRuleOutput() PolicyClusterAdmissionRuleOutput

func (PolicyClusterAdmissionRuleArgs) ToPolicyClusterAdmissionRuleOutputWithContext 

func (i PolicyClusterAdmissionRuleArgs) ToPolicyClusterAdmissionRuleOutputWithContext(ctx context.Context) PolicyClusterAdmissionRuleOutput

type PolicyClusterAdmissionRuleArray 

type PolicyClusterAdmissionRuleArray []PolicyClusterAdmissionRuleInput

func (PolicyClusterAdmissionRuleArray) ElementType 

func (PolicyClusterAdmissionRuleArray) ElementType() reflect.Type

func (PolicyClusterAdmissionRuleArray) ToPolicyClusterAdmissionRuleArrayOutput 

func (i PolicyClusterAdmissionRuleArray) ToPolicyClusterAdmissionRuleArrayOutput() PolicyClusterAdmissionRuleArrayOutput

func (PolicyClusterAdmissionRuleArray) ToPolicyClusterAdmissionRuleArrayOutputWithContext 

func (i PolicyClusterAdmissionRuleArray) ToPolicyClusterAdmissionRuleArrayOutputWithContext(ctx context.Context) PolicyClusterAdmissionRuleArrayOutput

type PolicyClusterAdmissionRuleArrayInput 

type PolicyClusterAdmissionRuleArrayInput interface {
	pulumi.Input

	ToPolicyClusterAdmissionRuleArrayOutput() PolicyClusterAdmissionRuleArrayOutput
	ToPolicyClusterAdmissionRuleArrayOutputWithContext(context.Context) PolicyClusterAdmissionRuleArrayOutput
}

PolicyClusterAdmissionRuleArrayInput is an input type that accepts PolicyClusterAdmissionRuleArray and PolicyClusterAdmissionRuleArrayOutput values. You can construct a concrete instance of `PolicyClusterAdmissionRuleArrayInput` via: 

PolicyClusterAdmissionRuleArray{ PolicyClusterAdmissionRuleArgs{...} }

type PolicyClusterAdmissionRuleArrayOutput 

type PolicyClusterAdmissionRuleArrayOutput struct{ *pulumi.OutputState }

func (PolicyClusterAdmissionRuleArrayOutput) ElementType 

func (PolicyClusterAdmissionRuleArrayOutput) ElementType() reflect.Type

func (PolicyClusterAdmissionRuleArrayOutput) Index 

func (o PolicyClusterAdmissionRuleArrayOutput) Index(i pulumi.IntInput) PolicyClusterAdmissionRuleOutput

func (PolicyClusterAdmissionRuleArrayOutput) ToPolicyClusterAdmissionRuleArrayOutput 

func (o PolicyClusterAdmissionRuleArrayOutput) ToPolicyClusterAdmissionRuleArrayOutput() PolicyClusterAdmissionRuleArrayOutput

func (PolicyClusterAdmissionRuleArrayOutput) ToPolicyClusterAdmissionRuleArrayOutputWithContext 

func (o PolicyClusterAdmissionRuleArrayOutput) ToPolicyClusterAdmissionRuleArrayOutputWithContext(ctx context.Context) PolicyClusterAdmissionRuleArrayOutput

type PolicyClusterAdmissionRuleInput 

type PolicyClusterAdmissionRuleInput interface {
	pulumi.Input

	ToPolicyClusterAdmissionRuleOutput() PolicyClusterAdmissionRuleOutput
	ToPolicyClusterAdmissionRuleOutputWithContext(context.Context) PolicyClusterAdmissionRuleOutput
}

PolicyClusterAdmissionRuleInput is an input type that accepts PolicyClusterAdmissionRuleArgs and PolicyClusterAdmissionRuleOutput values. You can construct a concrete instance of `PolicyClusterAdmissionRuleInput` via: 

PolicyClusterAdmissionRuleArgs{...}

type PolicyClusterAdmissionRuleOutput 

type PolicyClusterAdmissionRuleOutput struct{ *pulumi.OutputState }

func (PolicyClusterAdmissionRuleOutput) Cluster 

func (o PolicyClusterAdmissionRuleOutput) Cluster() pulumi.StringOutput

The identifier for this object. Format specified above.

func (PolicyClusterAdmissionRuleOutput) ElementType 

func (PolicyClusterAdmissionRuleOutput) ElementType() reflect.Type

func (PolicyClusterAdmissionRuleOutput) EnforcementMode 

func (o PolicyClusterAdmissionRuleOutput) EnforcementMode() pulumi.StringOutput

The action when a pod creation is denied by the admission rule. Possible values are: `ENFORCED_BLOCK_AND_AUDIT_LOG`, `DRYRUN_AUDIT_LOG_ONLY`.

func (PolicyClusterAdmissionRuleOutput) EvaluationMode 

func (o PolicyClusterAdmissionRuleOutput) EvaluationMode() pulumi.StringOutput

How this admission rule will be evaluated. Possible values are: `ALWAYS_ALLOW`, `REQUIRE_ATTESTATION`, `ALWAYS_DENY`.

func (PolicyClusterAdmissionRuleOutput) RequireAttestationsBies 

func (o PolicyClusterAdmissionRuleOutput) RequireAttestationsBies() pulumi.StringArrayOutput

The resource names of the attestors that must attest to a container image. If the attestor is in a different project from the policy, it should be specified in the format `projects/*/attestors/*`. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource. Note: this field must be non-empty when the evaluationMode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.

func (PolicyClusterAdmissionRuleOutput) ToPolicyClusterAdmissionRuleOutput 

func (o PolicyClusterAdmissionRuleOutput) ToPolicyClusterAdmissionRuleOutput() PolicyClusterAdmissionRuleOutput

func (PolicyClusterAdmissionRuleOutput) ToPolicyClusterAdmissionRuleOutputWithContext 

func (o PolicyClusterAdmissionRuleOutput) ToPolicyClusterAdmissionRuleOutputWithContext(ctx context.Context) PolicyClusterAdmissionRuleOutput

type PolicyDefaultAdmissionRule 

type PolicyDefaultAdmissionRule struct {
	// The action when a pod creation is denied by the admission rule.
	// Possible values are: `ENFORCED_BLOCK_AND_AUDIT_LOG`, `DRYRUN_AUDIT_LOG_ONLY`.
	//
	// ***
	EnforcementMode string `pulumi:"enforcementMode"`
	// How this admission rule will be evaluated.
	// Possible values are: `ALWAYS_ALLOW`, `REQUIRE_ATTESTATION`, `ALWAYS_DENY`.
	EvaluationMode string `pulumi:"evaluationMode"`
	// The resource names of the attestors that must attest to a
	// container image. If the attestor is in a different project from the
	// policy, it should be specified in the format `projects/*/attestors/*`.
	// Each attestor must exist before a policy can reference it. To add an
	// attestor to a policy the principal issuing the policy change
	// request must be able to read the attestor resource.
	// Note: this field must be non-empty when the evaluationMode field
	// specifies REQUIRE_ATTESTATION, otherwise it must be empty.
	RequireAttestationsBies []string `pulumi:"requireAttestationsBies"`
}

type PolicyDefaultAdmissionRuleArgs 

type PolicyDefaultAdmissionRuleArgs struct {
	// The action when a pod creation is denied by the admission rule.
	// Possible values are: `ENFORCED_BLOCK_AND_AUDIT_LOG`, `DRYRUN_AUDIT_LOG_ONLY`.
	//
	// ***
	EnforcementMode pulumi.StringInput `pulumi:"enforcementMode"`
	// How this admission rule will be evaluated.
	// Possible values are: `ALWAYS_ALLOW`, `REQUIRE_ATTESTATION`, `ALWAYS_DENY`.
	EvaluationMode pulumi.StringInput `pulumi:"evaluationMode"`
	// The resource names of the attestors that must attest to a
	// container image. If the attestor is in a different project from the
	// policy, it should be specified in the format `projects/*/attestors/*`.
	// Each attestor must exist before a policy can reference it. To add an
	// attestor to a policy the principal issuing the policy change
	// request must be able to read the attestor resource.
	// Note: this field must be non-empty when the evaluationMode field
	// specifies REQUIRE_ATTESTATION, otherwise it must be empty.
	RequireAttestationsBies pulumi.StringArrayInput `pulumi:"requireAttestationsBies"`
}

func (PolicyDefaultAdmissionRuleArgs) ElementType 

func (PolicyDefaultAdmissionRuleArgs) ElementType() reflect.Type

func (PolicyDefaultAdmissionRuleArgs) ToPolicyDefaultAdmissionRuleOutput 

func (i PolicyDefaultAdmissionRuleArgs) ToPolicyDefaultAdmissionRuleOutput() PolicyDefaultAdmissionRuleOutput

func (PolicyDefaultAdmissionRuleArgs) ToPolicyDefaultAdmissionRuleOutputWithContext 

func (i PolicyDefaultAdmissionRuleArgs) ToPolicyDefaultAdmissionRuleOutputWithContext(ctx context.Context) PolicyDefaultAdmissionRuleOutput

func (PolicyDefaultAdmissionRuleArgs) ToPolicyDefaultAdmissionRulePtrOutput 

func (i PolicyDefaultAdmissionRuleArgs) ToPolicyDefaultAdmissionRulePtrOutput() PolicyDefaultAdmissionRulePtrOutput

func (PolicyDefaultAdmissionRuleArgs) ToPolicyDefaultAdmissionRulePtrOutputWithContext 

func (i PolicyDefaultAdmissionRuleArgs) ToPolicyDefaultAdmissionRulePtrOutputWithContext(ctx context.Context) PolicyDefaultAdmissionRulePtrOutput

type PolicyDefaultAdmissionRuleInput 

type PolicyDefaultAdmissionRuleInput interface {
	pulumi.Input

	ToPolicyDefaultAdmissionRuleOutput() PolicyDefaultAdmissionRuleOutput
	ToPolicyDefaultAdmissionRuleOutputWithContext(context.Context) PolicyDefaultAdmissionRuleOutput
}

PolicyDefaultAdmissionRuleInput is an input type that accepts PolicyDefaultAdmissionRuleArgs and PolicyDefaultAdmissionRuleOutput values. You can construct a concrete instance of `PolicyDefaultAdmissionRuleInput` via: 

PolicyDefaultAdmissionRuleArgs{...}

type PolicyDefaultAdmissionRuleOutput 

type PolicyDefaultAdmissionRuleOutput struct{ *pulumi.OutputState }

func (PolicyDefaultAdmissionRuleOutput) ElementType 

func (PolicyDefaultAdmissionRuleOutput) ElementType() reflect.Type

func (PolicyDefaultAdmissionRuleOutput) EnforcementMode 

func (o PolicyDefaultAdmissionRuleOutput) EnforcementMode() pulumi.StringOutput

The action when a pod creation is denied by the admission rule. Possible values are: `ENFORCED_BLOCK_AND_AUDIT_LOG`, `DRYRUN_AUDIT_LOG_ONLY`.

***

func (PolicyDefaultAdmissionRuleOutput) EvaluationMode 

func (o PolicyDefaultAdmissionRuleOutput) EvaluationMode() pulumi.StringOutput

How this admission rule will be evaluated. Possible values are: `ALWAYS_ALLOW`, `REQUIRE_ATTESTATION`, `ALWAYS_DENY`.

func (PolicyDefaultAdmissionRuleOutput) RequireAttestationsBies 

func (o PolicyDefaultAdmissionRuleOutput) RequireAttestationsBies() pulumi.StringArrayOutput

The resource names of the attestors that must attest to a container image. If the attestor is in a different project from the policy, it should be specified in the format `projects/*/attestors/*`. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource. Note: this field must be non-empty when the evaluationMode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.

func (PolicyDefaultAdmissionRuleOutput) ToPolicyDefaultAdmissionRuleOutput 

func (o PolicyDefaultAdmissionRuleOutput) ToPolicyDefaultAdmissionRuleOutput() PolicyDefaultAdmissionRuleOutput

func (PolicyDefaultAdmissionRuleOutput) ToPolicyDefaultAdmissionRuleOutputWithContext 

func (o PolicyDefaultAdmissionRuleOutput) ToPolicyDefaultAdmissionRuleOutputWithContext(ctx context.Context) PolicyDefaultAdmissionRuleOutput

func (PolicyDefaultAdmissionRuleOutput) ToPolicyDefaultAdmissionRulePtrOutput 

func (o PolicyDefaultAdmissionRuleOutput) ToPolicyDefaultAdmissionRulePtrOutput() PolicyDefaultAdmissionRulePtrOutput

func (PolicyDefaultAdmissionRuleOutput) ToPolicyDefaultAdmissionRulePtrOutputWithContext 

func (o PolicyDefaultAdmissionRuleOutput) ToPolicyDefaultAdmissionRulePtrOutputWithContext(ctx context.Context) PolicyDefaultAdmissionRulePtrOutput

type PolicyDefaultAdmissionRulePtrInput 

type PolicyDefaultAdmissionRulePtrInput interface {
	pulumi.Input

	ToPolicyDefaultAdmissionRulePtrOutput() PolicyDefaultAdmissionRulePtrOutput
	ToPolicyDefaultAdmissionRulePtrOutputWithContext(context.Context) PolicyDefaultAdmissionRulePtrOutput
}

PolicyDefaultAdmissionRulePtrInput is an input type that accepts PolicyDefaultAdmissionRuleArgs, PolicyDefaultAdmissionRulePtr and PolicyDefaultAdmissionRulePtrOutput values. You can construct a concrete instance of `PolicyDefaultAdmissionRulePtrInput` via: 

        PolicyDefaultAdmissionRuleArgs{...}

or:

        nil

func PolicyDefaultAdmissionRulePtr 

func PolicyDefaultAdmissionRulePtr(v *PolicyDefaultAdmissionRuleArgs) PolicyDefaultAdmissionRulePtrInput

type PolicyDefaultAdmissionRulePtrOutput 

type PolicyDefaultAdmissionRulePtrOutput struct{ *pulumi.OutputState }

func (PolicyDefaultAdmissionRulePtrOutput) Elem 

func (o PolicyDefaultAdmissionRulePtrOutput) Elem() PolicyDefaultAdmissionRuleOutput

func (PolicyDefaultAdmissionRulePtrOutput) ElementType 

func (PolicyDefaultAdmissionRulePtrOutput) ElementType() reflect.Type

func (PolicyDefaultAdmissionRulePtrOutput) EnforcementMode 

func (o PolicyDefaultAdmissionRulePtrOutput) EnforcementMode() pulumi.StringPtrOutput

The action when a pod creation is denied by the admission rule. Possible values are: `ENFORCED_BLOCK_AND_AUDIT_LOG`, `DRYRUN_AUDIT_LOG_ONLY`.

***

func (PolicyDefaultAdmissionRulePtrOutput) EvaluationMode 

func (o PolicyDefaultAdmissionRulePtrOutput) EvaluationMode() pulumi.StringPtrOutput

How this admission rule will be evaluated. Possible values are: `ALWAYS_ALLOW`, `REQUIRE_ATTESTATION`, `ALWAYS_DENY`.

func (PolicyDefaultAdmissionRulePtrOutput) RequireAttestationsBies 

func (o PolicyDefaultAdmissionRulePtrOutput) RequireAttestationsBies() pulumi.StringArrayOutput

The resource names of the attestors that must attest to a container image. If the attestor is in a different project from the policy, it should be specified in the format `projects/*/attestors/*`. Each attestor must exist before a policy can reference it. To add an attestor to a policy the principal issuing the policy change request must be able to read the attestor resource. Note: this field must be non-empty when the evaluationMode field specifies REQUIRE_ATTESTATION, otherwise it must be empty.

func (PolicyDefaultAdmissionRulePtrOutput) ToPolicyDefaultAdmissionRulePtrOutput 

func (o PolicyDefaultAdmissionRulePtrOutput) ToPolicyDefaultAdmissionRulePtrOutput() PolicyDefaultAdmissionRulePtrOutput

func (PolicyDefaultAdmissionRulePtrOutput) ToPolicyDefaultAdmissionRulePtrOutputWithContext 

func (o PolicyDefaultAdmissionRulePtrOutput) ToPolicyDefaultAdmissionRulePtrOutputWithContext(ctx context.Context) PolicyDefaultAdmissionRulePtrOutput

type PolicyInput 

type PolicyInput interface {
	pulumi.Input

	ToPolicyOutput() PolicyOutput
	ToPolicyOutputWithContext(ctx context.Context) PolicyOutput
}

type PolicyMap 

type PolicyMap map[string]PolicyInput

func (PolicyMap) ElementType 

func (PolicyMap) ElementType() reflect.Type

func (PolicyMap) ToPolicyMapOutput 

func (i PolicyMap) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMap) ToPolicyMapOutputWithContext 

func (i PolicyMap) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyMapInput 

type PolicyMapInput interface {
	pulumi.Input

	ToPolicyMapOutput() PolicyMapOutput
	ToPolicyMapOutputWithContext(context.Context) PolicyMapOutput
}

PolicyMapInput is an input type that accepts PolicyMap and PolicyMapOutput values. You can construct a concrete instance of `PolicyMapInput` via: 

PolicyMap{ "key": PolicyArgs{...} }

type PolicyMapOutput 

type PolicyMapOutput struct{ *pulumi.OutputState }

func (PolicyMapOutput) ElementType 

func (PolicyMapOutput) ElementType() reflect.Type

func (PolicyMapOutput) MapIndex 

func (o PolicyMapOutput) MapIndex(k pulumi.StringInput) PolicyOutput

func (PolicyMapOutput) ToPolicyMapOutput 

func (o PolicyMapOutput) ToPolicyMapOutput() PolicyMapOutput

func (PolicyMapOutput) ToPolicyMapOutputWithContext 

func (o PolicyMapOutput) ToPolicyMapOutputWithContext(ctx context.Context) PolicyMapOutput

type PolicyOutput 

type PolicyOutput struct{ *pulumi.OutputState }

func (PolicyOutput) AdmissionWhitelistPatterns 

func (o PolicyOutput) AdmissionWhitelistPatterns() PolicyAdmissionWhitelistPatternArrayOutput

A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the image's admission requests will always be permitted regardless of your admission rules.

func (PolicyOutput) ClusterAdmissionRules 

func (o PolicyOutput) ClusterAdmissionRules() PolicyClusterAdmissionRuleArrayOutput

Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').

func (PolicyOutput) DefaultAdmissionRule 

func (o PolicyOutput) DefaultAdmissionRule() PolicyDefaultAdmissionRuleOutput

Default admission rule for a cluster without a per-cluster admission rule. Structure is documented below.

func (PolicyOutput) Description 

func (o PolicyOutput) Description() pulumi.StringPtrOutput

A descriptive comment.

func (PolicyOutput) ElementType 

func (PolicyOutput) ElementType() reflect.Type

func (PolicyOutput) GlobalPolicyEvaluationMode 

func (o PolicyOutput) GlobalPolicyEvaluationMode() pulumi.StringOutput

Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not covered by the global policy will be subject to the project admission policy. Possible values: ["ENABLE", "DISABLE"]

func (PolicyOutput) Project 

func (o PolicyOutput) Project() pulumi.StringOutput

func (PolicyOutput) ToPolicyOutput 

func (o PolicyOutput) ToPolicyOutput() PolicyOutput

func (PolicyOutput) ToPolicyOutputWithContext 

func (o PolicyOutput) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

type PolicyState 

type PolicyState struct {
	// A whitelist of image patterns to exclude from admission rules. If an image's name matches a whitelist pattern, the
	// image's admission requests will always be permitted regardless of your admission rules.
	AdmissionWhitelistPatterns PolicyAdmissionWhitelistPatternArrayInput
	// Per-cluster admission rules. An admission rule specifies either that all container images used in a pod creation request
	// must be attested to by one or more attestors, that all pod creations will be allowed, or that all pod creations will be
	// denied. There can be at most one admission rule per cluster spec. Identifier format: '{{location}}.{{clusterId}}'. A
	// location is either a compute zone (e.g. 'us-central1-a') or a region (e.g. 'us-central1').
	ClusterAdmissionRules PolicyClusterAdmissionRuleArrayInput
	// Default admission rule for a cluster without a per-cluster admission
	// rule.
	// Structure is documented below.
	DefaultAdmissionRule PolicyDefaultAdmissionRulePtrInput
	// A descriptive comment.
	Description pulumi.StringPtrInput
	// Controls the evaluation of a Google-maintained global admission policy for common system-level images. Images not
	// covered by the global policy will be subject to the project admission policy. Possible values: ["ENABLE", "DISABLE"]
	GlobalPolicyEvaluationMode pulumi.StringPtrInput
	Project                    pulumi.StringPtrInput
}

func (PolicyState) ElementType 

func (PolicyState) ElementType() reflect.Type

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.