v1

package
v0.32.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Nov 29, 2023 License: Apache-2.0 Imports: 9 Imported by: 0

Documentation

Index

Constants

View Source 
const (
	// Not specified.
	PkixPublicKeySignatureAlgorithmSignatureAlgorithmUnspecified = PkixPublicKeySignatureAlgorithm("SIGNATURE_ALGORITHM_UNSPECIFIED")
	// RSASSA-PSS 2048 bit key with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaPss2048Sha256 = PkixPublicKeySignatureAlgorithm("RSA_PSS_2048_SHA256")
	// RSASSA-PSS 2048 bit key with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPss2048Sha256 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PSS_2048_SHA256")
	// RSASSA-PSS 3072 bit key with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaPss3072Sha256 = PkixPublicKeySignatureAlgorithm("RSA_PSS_3072_SHA256")
	// RSASSA-PSS 3072 bit key with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPss3072Sha256 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PSS_3072_SHA256")
	// RSASSA-PSS 4096 bit key with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaPss4096Sha256 = PkixPublicKeySignatureAlgorithm("RSA_PSS_4096_SHA256")
	// RSASSA-PSS 4096 bit key with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPss4096Sha256 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PSS_4096_SHA256")
	// RSASSA-PSS 4096 bit key with a SHA512 digest.
	PkixPublicKeySignatureAlgorithmRsaPss4096Sha512 = PkixPublicKeySignatureAlgorithm("RSA_PSS_4096_SHA512")
	// RSASSA-PSS 4096 bit key with a SHA512 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPss4096Sha512 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PSS_4096_SHA512")
	// RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPkcs12048Sha256 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PKCS1_2048_SHA256")
	// RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPkcs13072Sha256 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PKCS1_3072_SHA256")
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPkcs14096Sha256 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PKCS1_4096_SHA256")
	// RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
	PkixPublicKeySignatureAlgorithmRsaSignPkcs14096Sha512 = PkixPublicKeySignatureAlgorithm("RSA_SIGN_PKCS1_4096_SHA512")
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmEcdsaP256Sha256 = PkixPublicKeySignatureAlgorithm("ECDSA_P256_SHA256")
	// ECDSA on the NIST P-256 curve with a SHA256 digest.
	PkixPublicKeySignatureAlgorithmEcSignP256Sha256 = PkixPublicKeySignatureAlgorithm("EC_SIGN_P256_SHA256")
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	PkixPublicKeySignatureAlgorithmEcdsaP384Sha384 = PkixPublicKeySignatureAlgorithm("ECDSA_P384_SHA384")
	// ECDSA on the NIST P-384 curve with a SHA384 digest.
	PkixPublicKeySignatureAlgorithmEcSignP384Sha384 = PkixPublicKeySignatureAlgorithm("EC_SIGN_P384_SHA384")
	// ECDSA on the NIST P-521 curve with a SHA512 digest.
	PkixPublicKeySignatureAlgorithmEcdsaP521Sha512 = PkixPublicKeySignatureAlgorithm("ECDSA_P521_SHA512")
	// ECDSA on the NIST P-521 curve with a SHA512 digest.
	PkixPublicKeySignatureAlgorithmEcSignP521Sha512 = PkixPublicKeySignatureAlgorithm("EC_SIGN_P521_SHA512")
)
View Source 
const (
	// Should never happen.
	VerificationRuleTrustedBuilderBuilderUnspecified = VerificationRuleTrustedBuilder("BUILDER_UNSPECIFIED")
	// The whole Google Cloud Build (GCB) builder group, including all GCB builder types.
	VerificationRuleTrustedBuilderGoogleCloudBuild = VerificationRuleTrustedBuilder("GOOGLE_CLOUD_BUILD")
)
View Source 
const (
	// Not specified.
	VulnerabilityCheckMaximumFixableSeverityMaximumAllowedSeverityUnspecified = VulnerabilityCheckMaximumFixableSeverity("MAXIMUM_ALLOWED_SEVERITY_UNSPECIFIED")
	// Block any vulnerability.
	VulnerabilityCheckMaximumFixableSeverityBlockAll = VulnerabilityCheckMaximumFixableSeverity("BLOCK_ALL")
	// Allow only minimal severity.
	VulnerabilityCheckMaximumFixableSeverityMinimal = VulnerabilityCheckMaximumFixableSeverity("MINIMAL")
	// Allow only low severity and lower.
	VulnerabilityCheckMaximumFixableSeverityLow = VulnerabilityCheckMaximumFixableSeverity("LOW")
	// Allow medium severity and lower.
	VulnerabilityCheckMaximumFixableSeverityMedium = VulnerabilityCheckMaximumFixableSeverity("MEDIUM")
	// Allow high severity and lower.
	VulnerabilityCheckMaximumFixableSeverityHigh = VulnerabilityCheckMaximumFixableSeverity("HIGH")
	// Allow critical severity and lower.
	VulnerabilityCheckMaximumFixableSeverityCritical = VulnerabilityCheckMaximumFixableSeverity("CRITICAL")
	// Allow all severity, even vulnerability with unspecified severity.
	VulnerabilityCheckMaximumFixableSeverityAllowAll = VulnerabilityCheckMaximumFixableSeverity("ALLOW_ALL")
)
View Source 
const (
	// Not specified.
	VulnerabilityCheckMaximumUnfixableSeverityMaximumAllowedSeverityUnspecified = VulnerabilityCheckMaximumUnfixableSeverity("MAXIMUM_ALLOWED_SEVERITY_UNSPECIFIED")
	// Block any vulnerability.
	VulnerabilityCheckMaximumUnfixableSeverityBlockAll = VulnerabilityCheckMaximumUnfixableSeverity("BLOCK_ALL")
	// Allow only minimal severity.
	VulnerabilityCheckMaximumUnfixableSeverityMinimal = VulnerabilityCheckMaximumUnfixableSeverity("MINIMAL")
	// Allow only low severity and lower.
	VulnerabilityCheckMaximumUnfixableSeverityLow = VulnerabilityCheckMaximumUnfixableSeverity("LOW")
	// Allow medium severity and lower.
	VulnerabilityCheckMaximumUnfixableSeverityMedium = VulnerabilityCheckMaximumUnfixableSeverity("MEDIUM")
	// Allow high severity and lower.
	VulnerabilityCheckMaximumUnfixableSeverityHigh = VulnerabilityCheckMaximumUnfixableSeverity("HIGH")
	// Allow critical severity and lower.
	VulnerabilityCheckMaximumUnfixableSeverityCritical = VulnerabilityCheckMaximumUnfixableSeverity("CRITICAL")
	// Allow all severity, even vulnerability with unspecified severity.
	VulnerabilityCheckMaximumUnfixableSeverityAllowAll = VulnerabilityCheckMaximumUnfixableSeverity("ALLOW_ALL")
)

Variables

This section is empty.

Functions

This section is empty.

Types

type AttestationAuthenticator added in v0.32.0 

type AttestationAuthenticator struct {
	// Optional. A user-provided name for this `AttestationAuthenticator`. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.
	DisplayName *string `pulumi:"displayName"`
	// Optional. A set of raw PKIX SubjectPublicKeyInfo format public keys. If any public key in the set validates the attestation signature, then the signature is considered authenticated (i.e. any one key is sufficient to authenticate).
	PkixPublicKeySet *PkixPublicKeySet `pulumi:"pkixPublicKeySet"`
}

An attestation authenticator that will be used to verify attestations. Typically this is just a set of public keys. Conceptually, an authenticator can be treated as always returning either "authenticated" or "not authenticated" when presented with a signed attestation (almost always assumed to be a [DSSE](https://github.com/secure-systems-lab/dsse) attestation). The details of how an authenticator makes this decision are specific to the type of 'authenticator' that this message wraps.

type AttestationAuthenticatorArgs added in v0.32.0 

type AttestationAuthenticatorArgs struct {
	// Optional. A user-provided name for this `AttestationAuthenticator`. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.
	DisplayName pulumi.StringPtrInput `pulumi:"displayName"`
	// Optional. A set of raw PKIX SubjectPublicKeyInfo format public keys. If any public key in the set validates the attestation signature, then the signature is considered authenticated (i.e. any one key is sufficient to authenticate).
	PkixPublicKeySet PkixPublicKeySetPtrInput `pulumi:"pkixPublicKeySet"`
}

An attestation authenticator that will be used to verify attestations. Typically this is just a set of public keys. Conceptually, an authenticator can be treated as always returning either "authenticated" or "not authenticated" when presented with a signed attestation (almost always assumed to be a [DSSE](https://github.com/secure-systems-lab/dsse) attestation). The details of how an authenticator makes this decision are specific to the type of 'authenticator' that this message wraps.

func (AttestationAuthenticatorArgs) ElementType added in v0.32.0 

func (AttestationAuthenticatorArgs) ElementType() reflect.Type

func (AttestationAuthenticatorArgs) ToAttestationAuthenticatorOutput added in v0.32.0 

func (i AttestationAuthenticatorArgs) ToAttestationAuthenticatorOutput() AttestationAuthenticatorOutput

func (AttestationAuthenticatorArgs) ToAttestationAuthenticatorOutputWithContext added in v0.32.0 

func (i AttestationAuthenticatorArgs) ToAttestationAuthenticatorOutputWithContext(ctx context.Context) AttestationAuthenticatorOutput

type AttestationAuthenticatorArray added in v0.32.0 

type AttestationAuthenticatorArray []AttestationAuthenticatorInput

func (AttestationAuthenticatorArray) ElementType added in v0.32.0 

func (AttestationAuthenticatorArray) ElementType() reflect.Type

func (AttestationAuthenticatorArray) ToAttestationAuthenticatorArrayOutput added in v0.32.0 

func (i AttestationAuthenticatorArray) ToAttestationAuthenticatorArrayOutput() AttestationAuthenticatorArrayOutput

func (AttestationAuthenticatorArray) ToAttestationAuthenticatorArrayOutputWithContext added in v0.32.0 

func (i AttestationAuthenticatorArray) ToAttestationAuthenticatorArrayOutputWithContext(ctx context.Context) AttestationAuthenticatorArrayOutput

type AttestationAuthenticatorArrayInput added in v0.32.0 

type AttestationAuthenticatorArrayInput interface {
	pulumi.Input

	ToAttestationAuthenticatorArrayOutput() AttestationAuthenticatorArrayOutput
	ToAttestationAuthenticatorArrayOutputWithContext(context.Context) AttestationAuthenticatorArrayOutput
}

AttestationAuthenticatorArrayInput is an input type that accepts AttestationAuthenticatorArray and AttestationAuthenticatorArrayOutput values. You can construct a concrete instance of `AttestationAuthenticatorArrayInput` via: 

AttestationAuthenticatorArray{ AttestationAuthenticatorArgs{...} }

type AttestationAuthenticatorArrayOutput added in v0.32.0 

type AttestationAuthenticatorArrayOutput struct{ *pulumi.OutputState }

func (AttestationAuthenticatorArrayOutput) ElementType added in v0.32.0 

func (AttestationAuthenticatorArrayOutput) ElementType() reflect.Type

func (AttestationAuthenticatorArrayOutput) Index added in v0.32.0 

func (o AttestationAuthenticatorArrayOutput) Index(i pulumi.IntInput) AttestationAuthenticatorOutput

func (AttestationAuthenticatorArrayOutput) ToAttestationAuthenticatorArrayOutput added in v0.32.0 

func (o AttestationAuthenticatorArrayOutput) ToAttestationAuthenticatorArrayOutput() AttestationAuthenticatorArrayOutput

func (AttestationAuthenticatorArrayOutput) ToAttestationAuthenticatorArrayOutputWithContext added in v0.32.0 

func (o AttestationAuthenticatorArrayOutput) ToAttestationAuthenticatorArrayOutputWithContext(ctx context.Context) AttestationAuthenticatorArrayOutput

type AttestationAuthenticatorInput added in v0.32.0 

type AttestationAuthenticatorInput interface {
	pulumi.Input

	ToAttestationAuthenticatorOutput() AttestationAuthenticatorOutput
	ToAttestationAuthenticatorOutputWithContext(context.Context) AttestationAuthenticatorOutput
}

AttestationAuthenticatorInput is an input type that accepts AttestationAuthenticatorArgs and AttestationAuthenticatorOutput values. You can construct a concrete instance of `AttestationAuthenticatorInput` via: 

AttestationAuthenticatorArgs{...}

type AttestationAuthenticatorOutput added in v0.32.0 

type AttestationAuthenticatorOutput struct{ *pulumi.OutputState }

An attestation authenticator that will be used to verify attestations. Typically this is just a set of public keys. Conceptually, an authenticator can be treated as always returning either "authenticated" or "not authenticated" when presented with a signed attestation (almost always assumed to be a [DSSE](https://github.com/secure-systems-lab/dsse) attestation). The details of how an authenticator makes this decision are specific to the type of 'authenticator' that this message wraps.

func (AttestationAuthenticatorOutput) DisplayName added in v0.32.0 

func (o AttestationAuthenticatorOutput) DisplayName() pulumi.StringPtrOutput

Optional. A user-provided name for this `AttestationAuthenticator`. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.

func (AttestationAuthenticatorOutput) ElementType added in v0.32.0 

func (AttestationAuthenticatorOutput) ElementType() reflect.Type

func (AttestationAuthenticatorOutput) PkixPublicKeySet added in v0.32.0 

func (o AttestationAuthenticatorOutput) PkixPublicKeySet() PkixPublicKeySetPtrOutput

Optional. A set of raw PKIX SubjectPublicKeyInfo format public keys. If any public key in the set validates the attestation signature, then the signature is considered authenticated (i.e. any one key is sufficient to authenticate).

func (AttestationAuthenticatorOutput) ToAttestationAuthenticatorOutput added in v0.32.0 

func (o AttestationAuthenticatorOutput) ToAttestationAuthenticatorOutput() AttestationAuthenticatorOutput

func (AttestationAuthenticatorOutput) ToAttestationAuthenticatorOutputWithContext added in v0.32.0 

func (o AttestationAuthenticatorOutput) ToAttestationAuthenticatorOutputWithContext(ctx context.Context) AttestationAuthenticatorOutput

type AttestationAuthenticatorResponse added in v0.32.0 

type AttestationAuthenticatorResponse struct {
	// Optional. A user-provided name for this `AttestationAuthenticator`. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.
	DisplayName string `pulumi:"displayName"`
	// Optional. A set of raw PKIX SubjectPublicKeyInfo format public keys. If any public key in the set validates the attestation signature, then the signature is considered authenticated (i.e. any one key is sufficient to authenticate).
	PkixPublicKeySet PkixPublicKeySetResponse `pulumi:"pkixPublicKeySet"`
}

An attestation authenticator that will be used to verify attestations. Typically this is just a set of public keys. Conceptually, an authenticator can be treated as always returning either "authenticated" or "not authenticated" when presented with a signed attestation (almost always assumed to be a [DSSE](https://github.com/secure-systems-lab/dsse) attestation). The details of how an authenticator makes this decision are specific to the type of 'authenticator' that this message wraps.

type AttestationAuthenticatorResponseArrayOutput added in v0.32.0 

type AttestationAuthenticatorResponseArrayOutput struct{ *pulumi.OutputState }

func (AttestationAuthenticatorResponseArrayOutput) ElementType added in v0.32.0 

func (AttestationAuthenticatorResponseArrayOutput) ElementType() reflect.Type

func (AttestationAuthenticatorResponseArrayOutput) Index added in v0.32.0 

func (o AttestationAuthenticatorResponseArrayOutput) Index(i pulumi.IntInput) AttestationAuthenticatorResponseOutput

func (AttestationAuthenticatorResponseArrayOutput) ToAttestationAuthenticatorResponseArrayOutput added in v0.32.0 

func (o AttestationAuthenticatorResponseArrayOutput) ToAttestationAuthenticatorResponseArrayOutput() AttestationAuthenticatorResponseArrayOutput

func (AttestationAuthenticatorResponseArrayOutput) ToAttestationAuthenticatorResponseArrayOutputWithContext added in v0.32.0 

func (o AttestationAuthenticatorResponseArrayOutput) ToAttestationAuthenticatorResponseArrayOutputWithContext(ctx context.Context) AttestationAuthenticatorResponseArrayOutput

type AttestationAuthenticatorResponseOutput added in v0.32.0 

type AttestationAuthenticatorResponseOutput struct{ *pulumi.OutputState }

An attestation authenticator that will be used to verify attestations. Typically this is just a set of public keys. Conceptually, an authenticator can be treated as always returning either "authenticated" or "not authenticated" when presented with a signed attestation (almost always assumed to be a [DSSE](https://github.com/secure-systems-lab/dsse) attestation). The details of how an authenticator makes this decision are specific to the type of 'authenticator' that this message wraps.

func (AttestationAuthenticatorResponseOutput) DisplayName added in v0.32.0 

func (o AttestationAuthenticatorResponseOutput) DisplayName() pulumi.StringOutput

Optional. A user-provided name for this `AttestationAuthenticator`. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.

func (AttestationAuthenticatorResponseOutput) ElementType added in v0.32.0 

func (AttestationAuthenticatorResponseOutput) ElementType() reflect.Type

func (AttestationAuthenticatorResponseOutput) PkixPublicKeySet added in v0.32.0 

func (o AttestationAuthenticatorResponseOutput) PkixPublicKeySet() PkixPublicKeySetResponseOutput

Optional. A set of raw PKIX SubjectPublicKeyInfo format public keys. If any public key in the set validates the attestation signature, then the signature is considered authenticated (i.e. any one key is sufficient to authenticate).

func (AttestationAuthenticatorResponseOutput) ToAttestationAuthenticatorResponseOutput added in v0.32.0 

func (o AttestationAuthenticatorResponseOutput) ToAttestationAuthenticatorResponseOutput() AttestationAuthenticatorResponseOutput

func (AttestationAuthenticatorResponseOutput) ToAttestationAuthenticatorResponseOutputWithContext added in v0.32.0 

func (o AttestationAuthenticatorResponseOutput) ToAttestationAuthenticatorResponseOutputWithContext(ctx context.Context) AttestationAuthenticatorResponseOutput

type AttestationSource added in v0.32.0 

type AttestationSource struct {
	// The IDs of the GCP projects storing the SLSA attestations as Container Analysis Occurrences.
	ContainerAnalysisAttestationProjects []string `pulumi:"containerAnalysisAttestationProjects"`
}

Specifies the locations for fetching the provenance attestations.

type AttestationSourceArgs added in v0.32.0 

type AttestationSourceArgs struct {
	// The IDs of the GCP projects storing the SLSA attestations as Container Analysis Occurrences.
	ContainerAnalysisAttestationProjects pulumi.StringArrayInput `pulumi:"containerAnalysisAttestationProjects"`
}

Specifies the locations for fetching the provenance attestations.

func (AttestationSourceArgs) ElementType added in v0.32.0 

func (AttestationSourceArgs) ElementType() reflect.Type

func (AttestationSourceArgs) ToAttestationSourceOutput added in v0.32.0 

func (i AttestationSourceArgs) ToAttestationSourceOutput() AttestationSourceOutput

func (AttestationSourceArgs) ToAttestationSourceOutputWithContext added in v0.32.0 

func (i AttestationSourceArgs) ToAttestationSourceOutputWithContext(ctx context.Context) AttestationSourceOutput

func (AttestationSourceArgs) ToAttestationSourcePtrOutput added in v0.32.0 

func (i AttestationSourceArgs) ToAttestationSourcePtrOutput() AttestationSourcePtrOutput

func (AttestationSourceArgs) ToAttestationSourcePtrOutputWithContext added in v0.32.0 

func (i AttestationSourceArgs) ToAttestationSourcePtrOutputWithContext(ctx context.Context) AttestationSourcePtrOutput

type AttestationSourceInput added in v0.32.0 

type AttestationSourceInput interface {
	pulumi.Input

	ToAttestationSourceOutput() AttestationSourceOutput
	ToAttestationSourceOutputWithContext(context.Context) AttestationSourceOutput
}

AttestationSourceInput is an input type that accepts AttestationSourceArgs and AttestationSourceOutput values. You can construct a concrete instance of `AttestationSourceInput` via: 

AttestationSourceArgs{...}

type AttestationSourceOutput added in v0.32.0 

type AttestationSourceOutput struct{ *pulumi.OutputState }

Specifies the locations for fetching the provenance attestations.

func (AttestationSourceOutput) ContainerAnalysisAttestationProjects added in v0.32.0 

func (o AttestationSourceOutput) ContainerAnalysisAttestationProjects() pulumi.StringArrayOutput

The IDs of the GCP projects storing the SLSA attestations as Container Analysis Occurrences.

func (AttestationSourceOutput) ElementType added in v0.32.0 

func (AttestationSourceOutput) ElementType() reflect.Type

func (AttestationSourceOutput) ToAttestationSourceOutput added in v0.32.0 

func (o AttestationSourceOutput) ToAttestationSourceOutput() AttestationSourceOutput

func (AttestationSourceOutput) ToAttestationSourceOutputWithContext added in v0.32.0 

func (o AttestationSourceOutput) ToAttestationSourceOutputWithContext(ctx context.Context) AttestationSourceOutput

func (AttestationSourceOutput) ToAttestationSourcePtrOutput added in v0.32.0 

func (o AttestationSourceOutput) ToAttestationSourcePtrOutput() AttestationSourcePtrOutput

func (AttestationSourceOutput) ToAttestationSourcePtrOutputWithContext added in v0.32.0 

func (o AttestationSourceOutput) ToAttestationSourcePtrOutputWithContext(ctx context.Context) AttestationSourcePtrOutput

type AttestationSourcePtrInput added in v0.32.0 

type AttestationSourcePtrInput interface {
	pulumi.Input

	ToAttestationSourcePtrOutput() AttestationSourcePtrOutput
	ToAttestationSourcePtrOutputWithContext(context.Context) AttestationSourcePtrOutput
}

AttestationSourcePtrInput is an input type that accepts AttestationSourceArgs, AttestationSourcePtr and AttestationSourcePtrOutput values. You can construct a concrete instance of `AttestationSourcePtrInput` via: 

        AttestationSourceArgs{...}

or:

        nil

func AttestationSourcePtr added in v0.32.0 

func AttestationSourcePtr(v *AttestationSourceArgs) AttestationSourcePtrInput

type AttestationSourcePtrOutput added in v0.32.0 

type AttestationSourcePtrOutput struct{ *pulumi.OutputState }

func (AttestationSourcePtrOutput) ContainerAnalysisAttestationProjects added in v0.32.0 

func (o AttestationSourcePtrOutput) ContainerAnalysisAttestationProjects() pulumi.StringArrayOutput

The IDs of the GCP projects storing the SLSA attestations as Container Analysis Occurrences.

func (AttestationSourcePtrOutput) Elem added in v0.32.0 

func (o AttestationSourcePtrOutput) Elem() AttestationSourceOutput

func (AttestationSourcePtrOutput) ElementType added in v0.32.0 

func (AttestationSourcePtrOutput) ElementType() reflect.Type

func (AttestationSourcePtrOutput) ToAttestationSourcePtrOutput added in v0.32.0 

func (o AttestationSourcePtrOutput) ToAttestationSourcePtrOutput() AttestationSourcePtrOutput

func (AttestationSourcePtrOutput) ToAttestationSourcePtrOutputWithContext added in v0.32.0 

func (o AttestationSourcePtrOutput) ToAttestationSourcePtrOutputWithContext(ctx context.Context) AttestationSourcePtrOutput

type AttestationSourceResponse added in v0.32.0 

type AttestationSourceResponse struct {
	// The IDs of the GCP projects storing the SLSA attestations as Container Analysis Occurrences.
	ContainerAnalysisAttestationProjects []string `pulumi:"containerAnalysisAttestationProjects"`
}

Specifies the locations for fetching the provenance attestations.

type AttestationSourceResponseOutput added in v0.32.0 

type AttestationSourceResponseOutput struct{ *pulumi.OutputState }

Specifies the locations for fetching the provenance attestations.

func (AttestationSourceResponseOutput) ContainerAnalysisAttestationProjects added in v0.32.0 

func (o AttestationSourceResponseOutput) ContainerAnalysisAttestationProjects() pulumi.StringArrayOutput

The IDs of the GCP projects storing the SLSA attestations as Container Analysis Occurrences.

func (AttestationSourceResponseOutput) ElementType added in v0.32.0 

func (AttestationSourceResponseOutput) ElementType() reflect.Type

func (AttestationSourceResponseOutput) ToAttestationSourceResponseOutput added in v0.32.0 

func (o AttestationSourceResponseOutput) ToAttestationSourceResponseOutput() AttestationSourceResponseOutput

func (AttestationSourceResponseOutput) ToAttestationSourceResponseOutputWithContext added in v0.32.0 

func (o AttestationSourceResponseOutput) ToAttestationSourceResponseOutputWithContext(ctx context.Context) AttestationSourceResponseOutput

type Attestor 

type Attestor struct {
	pulumi.CustomResourceState

	// Required. The attestors ID.
	AttestorId pulumi.StringOutput `pulumi:"attestorId"`
	// Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
	Description pulumi.StringOutput `pulumi:"description"`
	// Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.
	Name    pulumi.StringOutput `pulumi:"name"`
	Project pulumi.StringOutput `pulumi:"project"`
	// Time when the attestor was last updated.
	UpdateTime pulumi.StringOutput `pulumi:"updateTime"`
	// This specifies how an attestation will be read, and how it will be used during policy enforcement.
	UserOwnedGrafeasNote UserOwnedGrafeasNoteResponseOutput `pulumi:"userOwnedGrafeasNote"`
}

Creates an attestor, and returns a copy of the new attestor. Returns `NOT_FOUND` if the project does not exist, `INVALID_ARGUMENT` if the request is malformed, `ALREADY_EXISTS` if the attestor already exists.

func GetAttestor 

func GetAttestor(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AttestorState, opts ...pulumi.ResourceOption) (*Attestor, error)

GetAttestor gets an existing Attestor resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAttestor 

func NewAttestor(ctx *pulumi.Context,
	name string, args *AttestorArgs, opts ...pulumi.ResourceOption) (*Attestor, error)

NewAttestor registers a new resource with the given unique name, arguments, and options.

func (*Attestor) ElementType 

func (*Attestor) ElementType() reflect.Type

func (*Attestor) ToAttestorOutput 

func (i *Attestor) ToAttestorOutput() AttestorOutput

func (*Attestor) ToAttestorOutputWithContext 

func (i *Attestor) ToAttestorOutputWithContext(ctx context.Context) AttestorOutput

type AttestorArgs 

type AttestorArgs struct {
	// Required. The attestors ID.
	AttestorId pulumi.StringInput
	// Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
	Description pulumi.StringPtrInput
	// Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
	Etag pulumi.StringPtrInput
	// The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.
	Name    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
	// This specifies how an attestation will be read, and how it will be used during policy enforcement.
	UserOwnedGrafeasNote UserOwnedGrafeasNotePtrInput
}

The set of arguments for constructing a Attestor resource.

func (AttestorArgs) ElementType 

func (AttestorArgs) ElementType() reflect.Type

type AttestorIamBinding added in v0.26.0 

type AttestorIamBinding struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetAttestorIamBinding added in v0.26.0 

func GetAttestorIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AttestorIamBindingState, opts ...pulumi.ResourceOption) (*AttestorIamBinding, error)

GetAttestorIamBinding gets an existing AttestorIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAttestorIamBinding added in v0.26.0 

func NewAttestorIamBinding(ctx *pulumi.Context,
	name string, args *AttestorIamBindingArgs, opts ...pulumi.ResourceOption) (*AttestorIamBinding, error)

NewAttestorIamBinding registers a new resource with the given unique name, arguments, and options.

func (*AttestorIamBinding) ElementType added in v0.26.0 

func (*AttestorIamBinding) ElementType() reflect.Type

func (*AttestorIamBinding) ToAttestorIamBindingOutput added in v0.26.0 

func (i *AttestorIamBinding) ToAttestorIamBindingOutput() AttestorIamBindingOutput

func (*AttestorIamBinding) ToAttestorIamBindingOutputWithContext added in v0.26.0 

func (i *AttestorIamBinding) ToAttestorIamBindingOutputWithContext(ctx context.Context) AttestorIamBindingOutput

type AttestorIamBindingArgs added in v0.26.0 

type AttestorIamBindingArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringInput
}

The set of arguments for constructing a AttestorIamBinding resource.

func (AttestorIamBindingArgs) ElementType added in v0.26.0 

func (AttestorIamBindingArgs) ElementType() reflect.Type

type AttestorIamBindingInput added in v0.26.0 

type AttestorIamBindingInput interface {
	pulumi.Input

	ToAttestorIamBindingOutput() AttestorIamBindingOutput
	ToAttestorIamBindingOutputWithContext(ctx context.Context) AttestorIamBindingOutput
}

type AttestorIamBindingOutput added in v0.26.0 

type AttestorIamBindingOutput struct{ *pulumi.OutputState }

func (AttestorIamBindingOutput) Condition added in v0.26.0 

func (o AttestorIamBindingOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (AttestorIamBindingOutput) ElementType added in v0.26.0 

func (AttestorIamBindingOutput) ElementType() reflect.Type

func (AttestorIamBindingOutput) Etag added in v0.26.0 

func (o AttestorIamBindingOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (AttestorIamBindingOutput) Members added in v0.26.0 

func (o AttestorIamBindingOutput) Members() pulumi.StringArrayOutput

Identities that will be granted the privilege in role. Each entry can have one of the following values:

  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (AttestorIamBindingOutput) Name added in v0.26.0 

func (o AttestorIamBindingOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (AttestorIamBindingOutput) Project added in v0.26.0 

func (o AttestorIamBindingOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (AttestorIamBindingOutput) Role added in v0.26.0 

func (o AttestorIamBindingOutput) Role() pulumi.StringOutput

The role that should be applied. Only one `IamBinding` can be used per role.

func (AttestorIamBindingOutput) ToAttestorIamBindingOutput added in v0.26.0 

func (o AttestorIamBindingOutput) ToAttestorIamBindingOutput() AttestorIamBindingOutput

func (AttestorIamBindingOutput) ToAttestorIamBindingOutputWithContext added in v0.26.0 

func (o AttestorIamBindingOutput) ToAttestorIamBindingOutputWithContext(ctx context.Context) AttestorIamBindingOutput

type AttestorIamBindingState added in v0.26.0 

type AttestorIamBindingState struct {
}

func (AttestorIamBindingState) ElementType added in v0.26.0 

func (AttestorIamBindingState) ElementType() reflect.Type

type AttestorIamMember added in v0.26.0 

type AttestorIamMember struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringOutput `pulumi:"member"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetAttestorIamMember added in v0.26.0 

func GetAttestorIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AttestorIamMemberState, opts ...pulumi.ResourceOption) (*AttestorIamMember, error)

GetAttestorIamMember gets an existing AttestorIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAttestorIamMember added in v0.26.0 

func NewAttestorIamMember(ctx *pulumi.Context,
	name string, args *AttestorIamMemberArgs, opts ...pulumi.ResourceOption) (*AttestorIamMember, error)

NewAttestorIamMember registers a new resource with the given unique name, arguments, and options.

func (*AttestorIamMember) ElementType added in v0.26.0 

func (*AttestorIamMember) ElementType() reflect.Type

func (*AttestorIamMember) ToAttestorIamMemberOutput added in v0.26.0 

func (i *AttestorIamMember) ToAttestorIamMemberOutput() AttestorIamMemberOutput

func (*AttestorIamMember) ToAttestorIamMemberOutputWithContext added in v0.26.0 

func (i *AttestorIamMember) ToAttestorIamMemberOutputWithContext(ctx context.Context) AttestorIamMemberOutput

type AttestorIamMemberArgs added in v0.26.0 

type AttestorIamMemberArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied.
	Role pulumi.StringInput
}

The set of arguments for constructing a AttestorIamMember resource.

func (AttestorIamMemberArgs) ElementType added in v0.26.0 

func (AttestorIamMemberArgs) ElementType() reflect.Type

type AttestorIamMemberInput added in v0.26.0 

type AttestorIamMemberInput interface {
	pulumi.Input

	ToAttestorIamMemberOutput() AttestorIamMemberOutput
	ToAttestorIamMemberOutputWithContext(ctx context.Context) AttestorIamMemberOutput
}

type AttestorIamMemberOutput added in v0.26.0 

type AttestorIamMemberOutput struct{ *pulumi.OutputState }

func (AttestorIamMemberOutput) Condition added in v0.26.0 

func (o AttestorIamMemberOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (AttestorIamMemberOutput) ElementType added in v0.26.0 

func (AttestorIamMemberOutput) ElementType() reflect.Type

func (AttestorIamMemberOutput) Etag added in v0.26.0 

func (o AttestorIamMemberOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (AttestorIamMemberOutput) Member added in v0.26.0 

func (o AttestorIamMemberOutput) Member() pulumi.StringOutput

Identity that will be granted the privilege in role. The entry can have one of the following values:

  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (AttestorIamMemberOutput) Name added in v0.26.0 

func (o AttestorIamMemberOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (AttestorIamMemberOutput) Project added in v0.26.0 

func (o AttestorIamMemberOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (AttestorIamMemberOutput) Role added in v0.26.0 

func (o AttestorIamMemberOutput) Role() pulumi.StringOutput

The role that should be applied.

func (AttestorIamMemberOutput) ToAttestorIamMemberOutput added in v0.26.0 

func (o AttestorIamMemberOutput) ToAttestorIamMemberOutput() AttestorIamMemberOutput

func (AttestorIamMemberOutput) ToAttestorIamMemberOutputWithContext added in v0.26.0 

func (o AttestorIamMemberOutput) ToAttestorIamMemberOutputWithContext(ctx context.Context) AttestorIamMemberOutput

type AttestorIamMemberState added in v0.26.0 

type AttestorIamMemberState struct {
}

func (AttestorIamMemberState) ElementType added in v0.26.0 

func (AttestorIamMemberState) ElementType() reflect.Type

type AttestorIamPolicy 

type AttestorIamPolicy struct {
	pulumi.CustomResourceState

	AttestorId pulumi.StringOutput `pulumi:"attestorId"`
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingResponseArrayOutput `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag    pulumi.StringOutput `pulumi:"etag"`
	Project pulumi.StringOutput `pulumi:"project"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntOutput `pulumi:"version"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetAttestorIamPolicy 

func GetAttestorIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *AttestorIamPolicyState, opts ...pulumi.ResourceOption) (*AttestorIamPolicy, error)

GetAttestorIamPolicy gets an existing AttestorIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewAttestorIamPolicy 

func NewAttestorIamPolicy(ctx *pulumi.Context,
	name string, args *AttestorIamPolicyArgs, opts ...pulumi.ResourceOption) (*AttestorIamPolicy, error)

NewAttestorIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*AttestorIamPolicy) ElementType 

func (*AttestorIamPolicy) ElementType() reflect.Type

func (*AttestorIamPolicy) ToAttestorIamPolicyOutput 

func (i *AttestorIamPolicy) ToAttestorIamPolicyOutput() AttestorIamPolicyOutput

func (*AttestorIamPolicy) ToAttestorIamPolicyOutputWithContext 

func (i *AttestorIamPolicy) ToAttestorIamPolicyOutputWithContext(ctx context.Context) AttestorIamPolicyOutput

type AttestorIamPolicyArgs 

type AttestorIamPolicyArgs struct {
	AttestorId pulumi.StringInput
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingArrayInput
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a AttestorIamPolicy resource.

func (AttestorIamPolicyArgs) ElementType 

func (AttestorIamPolicyArgs) ElementType() reflect.Type

type AttestorIamPolicyInput 

type AttestorIamPolicyInput interface {
	pulumi.Input

	ToAttestorIamPolicyOutput() AttestorIamPolicyOutput
	ToAttestorIamPolicyOutputWithContext(ctx context.Context) AttestorIamPolicyOutput
}

type AttestorIamPolicyOutput 

type AttestorIamPolicyOutput struct{ *pulumi.OutputState }

func (AttestorIamPolicyOutput) AttestorId added in v0.21.0 

func (o AttestorIamPolicyOutput) AttestorId() pulumi.StringOutput

func (AttestorIamPolicyOutput) Bindings added in v0.19.0 

func (o AttestorIamPolicyOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (AttestorIamPolicyOutput) ElementType 

func (AttestorIamPolicyOutput) ElementType() reflect.Type

func (AttestorIamPolicyOutput) Etag added in v0.19.0 

func (o AttestorIamPolicyOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (AttestorIamPolicyOutput) Project added in v0.21.0 

func (o AttestorIamPolicyOutput) Project() pulumi.StringOutput

func (AttestorIamPolicyOutput) ToAttestorIamPolicyOutput 

func (o AttestorIamPolicyOutput) ToAttestorIamPolicyOutput() AttestorIamPolicyOutput

func (AttestorIamPolicyOutput) ToAttestorIamPolicyOutputWithContext 

func (o AttestorIamPolicyOutput) ToAttestorIamPolicyOutputWithContext(ctx context.Context) AttestorIamPolicyOutput

func (AttestorIamPolicyOutput) Version added in v0.19.0 

func (o AttestorIamPolicyOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type AttestorIamPolicyState 

type AttestorIamPolicyState struct {
}

func (AttestorIamPolicyState) ElementType 

func (AttestorIamPolicyState) ElementType() reflect.Type

type AttestorInput 

type AttestorInput interface {
	pulumi.Input

	ToAttestorOutput() AttestorOutput
	ToAttestorOutputWithContext(ctx context.Context) AttestorOutput
}

type AttestorOutput 

type AttestorOutput struct{ *pulumi.OutputState }

func (AttestorOutput) AttestorId added in v0.21.0 

func (o AttestorOutput) AttestorId() pulumi.StringOutput

Required. The attestors ID.

func (AttestorOutput) Description added in v0.19.0 

func (o AttestorOutput) Description() pulumi.StringOutput

Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

func (AttestorOutput) ElementType 

func (AttestorOutput) ElementType() reflect.Type

func (AttestorOutput) Etag added in v0.19.0 

func (o AttestorOutput) Etag() pulumi.StringOutput

Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.

func (AttestorOutput) Name added in v0.19.0 

func (o AttestorOutput) Name() pulumi.StringOutput

The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.

func (AttestorOutput) Project added in v0.21.0 

func (o AttestorOutput) Project() pulumi.StringOutput

func (AttestorOutput) ToAttestorOutput 

func (o AttestorOutput) ToAttestorOutput() AttestorOutput

func (AttestorOutput) ToAttestorOutputWithContext 

func (o AttestorOutput) ToAttestorOutputWithContext(ctx context.Context) AttestorOutput

func (AttestorOutput) UpdateTime added in v0.19.0 

func (o AttestorOutput) UpdateTime() pulumi.StringOutput

Time when the attestor was last updated.

func (AttestorOutput) UserOwnedGrafeasNote added in v0.19.0 

func (o AttestorOutput) UserOwnedGrafeasNote() UserOwnedGrafeasNoteResponseOutput

This specifies how an attestation will be read, and how it will be used during policy enforcement.

type AttestorPublicKey 

type AttestorPublicKey struct {
	// ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID.
	AsciiArmoredPgpPublicKey *string `pulumi:"asciiArmoredPgpPublicKey"`
	// Optional. A descriptive comment. This field may be updated.
	Comment *string `pulumi:"comment"`
	// The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details.
	Id *string `pulumi:"id"`
	// A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
	PkixPublicKey *PkixPublicKey `pulumi:"pkixPublicKey"`
}

An attestor public key that will be used to verify attestations signed by this attestor.

type AttestorPublicKeyArgs 

type AttestorPublicKeyArgs struct {
	// ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID.
	AsciiArmoredPgpPublicKey pulumi.StringPtrInput `pulumi:"asciiArmoredPgpPublicKey"`
	// Optional. A descriptive comment. This field may be updated.
	Comment pulumi.StringPtrInput `pulumi:"comment"`
	// The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details.
	Id pulumi.StringPtrInput `pulumi:"id"`
	// A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
	PkixPublicKey PkixPublicKeyPtrInput `pulumi:"pkixPublicKey"`
}

An attestor public key that will be used to verify attestations signed by this attestor.

func (AttestorPublicKeyArgs) ElementType 

func (AttestorPublicKeyArgs) ElementType() reflect.Type

func (AttestorPublicKeyArgs) ToAttestorPublicKeyOutput 

func (i AttestorPublicKeyArgs) ToAttestorPublicKeyOutput() AttestorPublicKeyOutput

func (AttestorPublicKeyArgs) ToAttestorPublicKeyOutputWithContext 

func (i AttestorPublicKeyArgs) ToAttestorPublicKeyOutputWithContext(ctx context.Context) AttestorPublicKeyOutput

type AttestorPublicKeyArray 

type AttestorPublicKeyArray []AttestorPublicKeyInput

func (AttestorPublicKeyArray) ElementType 

func (AttestorPublicKeyArray) ElementType() reflect.Type

func (AttestorPublicKeyArray) ToAttestorPublicKeyArrayOutput 

func (i AttestorPublicKeyArray) ToAttestorPublicKeyArrayOutput() AttestorPublicKeyArrayOutput

func (AttestorPublicKeyArray) ToAttestorPublicKeyArrayOutputWithContext 

func (i AttestorPublicKeyArray) ToAttestorPublicKeyArrayOutputWithContext(ctx context.Context) AttestorPublicKeyArrayOutput

type AttestorPublicKeyArrayInput 

type AttestorPublicKeyArrayInput interface {
	pulumi.Input

	ToAttestorPublicKeyArrayOutput() AttestorPublicKeyArrayOutput
	ToAttestorPublicKeyArrayOutputWithContext(context.Context) AttestorPublicKeyArrayOutput
}

AttestorPublicKeyArrayInput is an input type that accepts AttestorPublicKeyArray and AttestorPublicKeyArrayOutput values. You can construct a concrete instance of `AttestorPublicKeyArrayInput` via: 

AttestorPublicKeyArray{ AttestorPublicKeyArgs{...} }

type AttestorPublicKeyArrayOutput 

type AttestorPublicKeyArrayOutput struct{ *pulumi.OutputState }

func (AttestorPublicKeyArrayOutput) ElementType 

func (AttestorPublicKeyArrayOutput) ElementType() reflect.Type

func (AttestorPublicKeyArrayOutput) Index 

func (o AttestorPublicKeyArrayOutput) Index(i pulumi.IntInput) AttestorPublicKeyOutput

func (AttestorPublicKeyArrayOutput) ToAttestorPublicKeyArrayOutput 

func (o AttestorPublicKeyArrayOutput) ToAttestorPublicKeyArrayOutput() AttestorPublicKeyArrayOutput

func (AttestorPublicKeyArrayOutput) ToAttestorPublicKeyArrayOutputWithContext 

func (o AttestorPublicKeyArrayOutput) ToAttestorPublicKeyArrayOutputWithContext(ctx context.Context) AttestorPublicKeyArrayOutput

type AttestorPublicKeyInput 

type AttestorPublicKeyInput interface {
	pulumi.Input

	ToAttestorPublicKeyOutput() AttestorPublicKeyOutput
	ToAttestorPublicKeyOutputWithContext(context.Context) AttestorPublicKeyOutput
}

AttestorPublicKeyInput is an input type that accepts AttestorPublicKeyArgs and AttestorPublicKeyOutput values. You can construct a concrete instance of `AttestorPublicKeyInput` via: 

AttestorPublicKeyArgs{...}

type AttestorPublicKeyOutput 

type AttestorPublicKeyOutput struct{ *pulumi.OutputState }

An attestor public key that will be used to verify attestations signed by this attestor.

func (AttestorPublicKeyOutput) AsciiArmoredPgpPublicKey 

func (o AttestorPublicKeyOutput) AsciiArmoredPgpPublicKey() pulumi.StringPtrOutput

ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID.

func (AttestorPublicKeyOutput) Comment 

func (o AttestorPublicKeyOutput) Comment() pulumi.StringPtrOutput

Optional. A descriptive comment. This field may be updated.

func (AttestorPublicKeyOutput) ElementType 

func (AttestorPublicKeyOutput) ElementType() reflect.Type

func (AttestorPublicKeyOutput) Id 

func (o AttestorPublicKeyOutput) Id() pulumi.StringPtrOutput

The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on `public_key` cases below for details.

func (AttestorPublicKeyOutput) PkixPublicKey 

func (o AttestorPublicKeyOutput) PkixPublicKey() PkixPublicKeyPtrOutput

A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

func (AttestorPublicKeyOutput) ToAttestorPublicKeyOutput 

func (o AttestorPublicKeyOutput) ToAttestorPublicKeyOutput() AttestorPublicKeyOutput

func (AttestorPublicKeyOutput) ToAttestorPublicKeyOutputWithContext 

func (o AttestorPublicKeyOutput) ToAttestorPublicKeyOutputWithContext(ctx context.Context) AttestorPublicKeyOutput

type AttestorPublicKeyResponse 

type AttestorPublicKeyResponse struct {
	// ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID.
	AsciiArmoredPgpPublicKey string `pulumi:"asciiArmoredPgpPublicKey"`
	// Optional. A descriptive comment. This field may be updated.
	Comment string `pulumi:"comment"`
	// A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
	PkixPublicKey PkixPublicKeyResponse `pulumi:"pkixPublicKey"`
}

An attestor public key that will be used to verify attestations signed by this attestor.

type AttestorPublicKeyResponseArrayOutput 

type AttestorPublicKeyResponseArrayOutput struct{ *pulumi.OutputState }

func (AttestorPublicKeyResponseArrayOutput) ElementType 

func (AttestorPublicKeyResponseArrayOutput) ElementType() reflect.Type

func (AttestorPublicKeyResponseArrayOutput) Index 

func (o AttestorPublicKeyResponseArrayOutput) Index(i pulumi.IntInput) AttestorPublicKeyResponseOutput

func (AttestorPublicKeyResponseArrayOutput) ToAttestorPublicKeyResponseArrayOutput 

func (o AttestorPublicKeyResponseArrayOutput) ToAttestorPublicKeyResponseArrayOutput() AttestorPublicKeyResponseArrayOutput

func (AttestorPublicKeyResponseArrayOutput) ToAttestorPublicKeyResponseArrayOutputWithContext 

func (o AttestorPublicKeyResponseArrayOutput) ToAttestorPublicKeyResponseArrayOutputWithContext(ctx context.Context) AttestorPublicKeyResponseArrayOutput

type AttestorPublicKeyResponseOutput 

type AttestorPublicKeyResponseOutput struct{ *pulumi.OutputState }

An attestor public key that will be used to verify attestations signed by this attestor.

func (AttestorPublicKeyResponseOutput) AsciiArmoredPgpPublicKey 

func (o AttestorPublicKeyResponseOutput) AsciiArmoredPgpPublicKey() pulumi.StringOutput

ASCII-armored representation of a PGP public key, as the entire output by the command `gpg --export --armor foo@example.com` (either LF or CRLF line endings). When using this field, `id` should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If `id` is provided by the caller, it will be overwritten by the API-calculated ID.

func (AttestorPublicKeyResponseOutput) Comment 

func (o AttestorPublicKeyResponseOutput) Comment() pulumi.StringOutput

Optional. A descriptive comment. This field may be updated.

func (AttestorPublicKeyResponseOutput) ElementType 

func (AttestorPublicKeyResponseOutput) ElementType() reflect.Type

func (AttestorPublicKeyResponseOutput) PkixPublicKey 

func (o AttestorPublicKeyResponseOutput) PkixPublicKey() PkixPublicKeyResponseOutput

A raw PKIX SubjectPublicKeyInfo format public key. NOTE: `id` may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If `id` is left blank, a default one will be computed based on the digest of the DER encoding of the public key.

func (AttestorPublicKeyResponseOutput) ToAttestorPublicKeyResponseOutput 

func (o AttestorPublicKeyResponseOutput) ToAttestorPublicKeyResponseOutput() AttestorPublicKeyResponseOutput

func (AttestorPublicKeyResponseOutput) ToAttestorPublicKeyResponseOutputWithContext 

func (o AttestorPublicKeyResponseOutput) ToAttestorPublicKeyResponseOutputWithContext(ctx context.Context) AttestorPublicKeyResponseOutput

type AttestorState 

type AttestorState struct {
}

func (AttestorState) ElementType 

func (AttestorState) ElementType() reflect.Type

type Binding 

type Binding struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition *Expr `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members []string `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role *string `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

type BindingArgs 

type BindingArgs struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition ExprPtrInput `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members pulumi.StringArrayInput `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role pulumi.StringPtrInput `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

func (BindingArgs) ElementType 

func (BindingArgs) ElementType() reflect.Type

func (BindingArgs) ToBindingOutput 

func (i BindingArgs) ToBindingOutput() BindingOutput

func (BindingArgs) ToBindingOutputWithContext 

func (i BindingArgs) ToBindingOutputWithContext(ctx context.Context) BindingOutput

type BindingArray 

type BindingArray []BindingInput

func (BindingArray) ElementType 

func (BindingArray) ElementType() reflect.Type

func (BindingArray) ToBindingArrayOutput 

func (i BindingArray) ToBindingArrayOutput() BindingArrayOutput

func (BindingArray) ToBindingArrayOutputWithContext 

func (i BindingArray) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput

type BindingArrayInput 

type BindingArrayInput interface {
	pulumi.Input

	ToBindingArrayOutput() BindingArrayOutput
	ToBindingArrayOutputWithContext(context.Context) BindingArrayOutput
}

BindingArrayInput is an input type that accepts BindingArray and BindingArrayOutput values. You can construct a concrete instance of `BindingArrayInput` via: 

BindingArray{ BindingArgs{...} }

type BindingArrayOutput 

type BindingArrayOutput struct{ *pulumi.OutputState }

func (BindingArrayOutput) ElementType 

func (BindingArrayOutput) ElementType() reflect.Type

func (BindingArrayOutput) Index 

func (o BindingArrayOutput) Index(i pulumi.IntInput) BindingOutput

func (BindingArrayOutput) ToBindingArrayOutput 

func (o BindingArrayOutput) ToBindingArrayOutput() BindingArrayOutput

func (BindingArrayOutput) ToBindingArrayOutputWithContext 

func (o BindingArrayOutput) ToBindingArrayOutputWithContext(ctx context.Context) BindingArrayOutput

type BindingInput 

type BindingInput interface {
	pulumi.Input

	ToBindingOutput() BindingOutput
	ToBindingOutputWithContext(context.Context) BindingOutput
}

BindingInput is an input type that accepts BindingArgs and BindingOutput values. You can construct a concrete instance of `BindingInput` via: 

BindingArgs{...}

type BindingOutput 

type BindingOutput struct{ *pulumi.OutputState }

Associates `members`, or principals, with a `role`.

func (BindingOutput) Condition 

func (o BindingOutput) Condition() ExprPtrOutput

The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

func (BindingOutput) ElementType 

func (BindingOutput) ElementType() reflect.Type

func (BindingOutput) Members 

func (o BindingOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (BindingOutput) Role 

func (o BindingOutput) Role() pulumi.StringPtrOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (BindingOutput) ToBindingOutput 

func (o BindingOutput) ToBindingOutput() BindingOutput

func (BindingOutput) ToBindingOutputWithContext 

func (o BindingOutput) ToBindingOutputWithContext(ctx context.Context) BindingOutput

type BindingResponse 

type BindingResponse struct {
	// The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Condition ExprResponse `pulumi:"condition"`
	// Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.
	Members []string `pulumi:"members"`
	// Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
	Role string `pulumi:"role"`
}

Associates `members`, or principals, with a `role`.

type BindingResponseArrayOutput 

type BindingResponseArrayOutput struct{ *pulumi.OutputState }

func (BindingResponseArrayOutput) ElementType 

func (BindingResponseArrayOutput) ElementType() reflect.Type

func (BindingResponseArrayOutput) Index 

func (o BindingResponseArrayOutput) Index(i pulumi.IntInput) BindingResponseOutput

func (BindingResponseArrayOutput) ToBindingResponseArrayOutput 

func (o BindingResponseArrayOutput) ToBindingResponseArrayOutput() BindingResponseArrayOutput

func (BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext 

func (o BindingResponseArrayOutput) ToBindingResponseArrayOutputWithContext(ctx context.Context) BindingResponseArrayOutput

type BindingResponseOutput 

type BindingResponseOutput struct{ *pulumi.OutputState }

Associates `members`, or principals, with a `role`.

func (BindingResponseOutput) Condition 

func (o BindingResponseOutput) Condition() ExprResponseOutput

The condition that is associated with this binding. If the condition evaluates to `true`, then this binding applies to the current request. If the condition evaluates to `false`, then this binding does not apply to the current request. However, a different role binding might grant the same role to one or more of the principals in this binding. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

func (BindingResponseOutput) ElementType 

func (BindingResponseOutput) ElementType() reflect.Type

func (BindingResponseOutput) Members 

func (o BindingResponseOutput) Members() pulumi.StringArrayOutput

Specifies the principals requesting access for a Google Cloud resource. `members` can have the following values: * `allUsers`: A special identifier that represents anyone who is on the internet; with or without a Google account. * `allAuthenticatedUsers`: A special identifier that represents anyone who is authenticated with a Google account or a service account. Does not include identities that come from external identity providers (IdPs) through identity federation. * `user:{emailid}`: An email address that represents a specific Google account. For example, `alice@example.com` . * `serviceAccount:{emailid}`: An email address that represents a Google service account. For example, `my-other-app@appspot.gserviceaccount.com`. * `serviceAccount:{projectid}.svc.id.goog[{namespace}/{kubernetes-sa}]`: An identifier for a [Kubernetes service account](https://cloud.google.com/kubernetes-engine/docs/how-to/kubernetes-service-accounts). For example, `my-project.svc.id.goog[my-namespace/my-kubernetes-sa]`. * `group:{emailid}`: An email address that represents a Google group. For example, `admins@example.com`. * `domain:{domain}`: The G Suite domain (primary) that represents all the users of that domain. For example, `google.com` or `example.com`. * `deleted:user:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a user that has been recently deleted. For example, `alice@example.com?uid=123456789012345678901`. If the user is recovered, this value reverts to `user:{emailid}` and the recovered user retains the role in the binding. * `deleted:serviceAccount:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a service account that has been recently deleted. For example, `my-other-app@appspot.gserviceaccount.com?uid=123456789012345678901`. If the service account is undeleted, this value reverts to `serviceAccount:{emailid}` and the undeleted service account retains the role in the binding. * `deleted:group:{emailid}?uid={uniqueid}`: An email address (plus unique identifier) representing a Google group that has been recently deleted. For example, `admins@example.com?uid=123456789012345678901`. If the group is recovered, this value reverts to `group:{emailid}` and the recovered group retains the role in the binding.

func (BindingResponseOutput) Role 

func (o BindingResponseOutput) Role() pulumi.StringOutput

Role that is assigned to the list of `members`, or principals. For example, `roles/viewer`, `roles/editor`, or `roles/owner`.

func (BindingResponseOutput) ToBindingResponseOutput 

func (o BindingResponseOutput) ToBindingResponseOutput() BindingResponseOutput

func (BindingResponseOutput) ToBindingResponseOutputWithContext 

func (o BindingResponseOutput) ToBindingResponseOutputWithContext(ctx context.Context) BindingResponseOutput

type Check added in v0.32.0 

type Check struct {
	// Optional. A special-case check that always denies. Note that this still only applies when the scope of the `CheckSet` applies and the image isn't exempted by an image allowlist. This check is primarily useful for testing, or to set the default behavior for all unmatched scopes to "deny".
	AlwaysDeny *bool `pulumi:"alwaysDeny"`
	// Optional. A user-provided name for this check. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.
	DisplayName *string `pulumi:"displayName"`
	// Optional. Images exempted from this check. If any of the patterns match the image url, the check will not be evaluated.
	ImageAllowlist *ImageAllowlist `pulumi:"imageAllowlist"`
	// Optional. Require that an image is no older than a configured expiration time. Image age is determined by its upload time.
	ImageFreshnessCheck *ImageFreshnessCheck `pulumi:"imageFreshnessCheck"`
	// Optional. Require a SimpleSigning-type attestation for every image in the deployment.
	SimpleSigningAttestationCheck *SimpleSigningAttestationCheck `pulumi:"simpleSigningAttestationCheck"`
	// Optional. Require that an image was built by a trusted builder (such as Google Cloud Build), meets requirements for Supply chain Levels for Software Artifacts (SLSA), and was built from a trusted source code repostitory.
	SlsaCheck *SlsaCheck `pulumi:"slsaCheck"`
	// Optional. Require that an image lives in a trusted directory.
	TrustedDirectoryCheck *TrustedDirectoryCheck `pulumi:"trustedDirectoryCheck"`
	// Optional. Require that an image does not contain vulnerabilities that violate the configured rules, such as based on severity levels.
	VulnerabilityCheck *VulnerabilityCheck `pulumi:"vulnerabilityCheck"`
}

A single check to perform against a Pod. Checks are grouped into `CheckSet` objects, which are defined by the top-level policy.

type CheckArgs added in v0.32.0 

type CheckArgs struct {
	// Optional. A special-case check that always denies. Note that this still only applies when the scope of the `CheckSet` applies and the image isn't exempted by an image allowlist. This check is primarily useful for testing, or to set the default behavior for all unmatched scopes to "deny".
	AlwaysDeny pulumi.BoolPtrInput `pulumi:"alwaysDeny"`
	// Optional. A user-provided name for this check. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.
	DisplayName pulumi.StringPtrInput `pulumi:"displayName"`
	// Optional. Images exempted from this check. If any of the patterns match the image url, the check will not be evaluated.
	ImageAllowlist ImageAllowlistPtrInput `pulumi:"imageAllowlist"`
	// Optional. Require that an image is no older than a configured expiration time. Image age is determined by its upload time.
	ImageFreshnessCheck ImageFreshnessCheckPtrInput `pulumi:"imageFreshnessCheck"`
	// Optional. Require a SimpleSigning-type attestation for every image in the deployment.
	SimpleSigningAttestationCheck SimpleSigningAttestationCheckPtrInput `pulumi:"simpleSigningAttestationCheck"`
	// Optional. Require that an image was built by a trusted builder (such as Google Cloud Build), meets requirements for Supply chain Levels for Software Artifacts (SLSA), and was built from a trusted source code repostitory.
	SlsaCheck SlsaCheckPtrInput `pulumi:"slsaCheck"`
	// Optional. Require that an image lives in a trusted directory.
	TrustedDirectoryCheck TrustedDirectoryCheckPtrInput `pulumi:"trustedDirectoryCheck"`
	// Optional. Require that an image does not contain vulnerabilities that violate the configured rules, such as based on severity levels.
	VulnerabilityCheck VulnerabilityCheckPtrInput `pulumi:"vulnerabilityCheck"`
}

A single check to perform against a Pod. Checks are grouped into `CheckSet` objects, which are defined by the top-level policy.

func (CheckArgs) ElementType added in v0.32.0 

func (CheckArgs) ElementType() reflect.Type

func (CheckArgs) ToCheckOutput added in v0.32.0 

func (i CheckArgs) ToCheckOutput() CheckOutput

func (CheckArgs) ToCheckOutputWithContext added in v0.32.0 

func (i CheckArgs) ToCheckOutputWithContext(ctx context.Context) CheckOutput

type CheckArray added in v0.32.0 

type CheckArray []CheckInput

func (CheckArray) ElementType added in v0.32.0 

func (CheckArray) ElementType() reflect.Type

func (CheckArray) ToCheckArrayOutput added in v0.32.0 

func (i CheckArray) ToCheckArrayOutput() CheckArrayOutput

func (CheckArray) ToCheckArrayOutputWithContext added in v0.32.0 

func (i CheckArray) ToCheckArrayOutputWithContext(ctx context.Context) CheckArrayOutput

type CheckArrayInput added in v0.32.0 

type CheckArrayInput interface {
	pulumi.Input

	ToCheckArrayOutput() CheckArrayOutput
	ToCheckArrayOutputWithContext(context.Context) CheckArrayOutput
}

CheckArrayInput is an input type that accepts CheckArray and CheckArrayOutput values. You can construct a concrete instance of `CheckArrayInput` via: 

CheckArray{ CheckArgs{...} }

type CheckArrayOutput added in v0.32.0 

type CheckArrayOutput struct{ *pulumi.OutputState }

func (CheckArrayOutput) ElementType added in v0.32.0 

func (CheckArrayOutput) ElementType() reflect.Type

func (CheckArrayOutput) Index added in v0.32.0 

func (o CheckArrayOutput) Index(i pulumi.IntInput) CheckOutput

func (CheckArrayOutput) ToCheckArrayOutput added in v0.32.0 

func (o CheckArrayOutput) ToCheckArrayOutput() CheckArrayOutput

func (CheckArrayOutput) ToCheckArrayOutputWithContext added in v0.32.0 

func (o CheckArrayOutput) ToCheckArrayOutputWithContext(ctx context.Context) CheckArrayOutput

type CheckInput added in v0.32.0 

type CheckInput interface {
	pulumi.Input

	ToCheckOutput() CheckOutput
	ToCheckOutputWithContext(context.Context) CheckOutput
}

CheckInput is an input type that accepts CheckArgs and CheckOutput values. You can construct a concrete instance of `CheckInput` via: 

CheckArgs{...}

type CheckOutput added in v0.32.0 

type CheckOutput struct{ *pulumi.OutputState }

A single check to perform against a Pod. Checks are grouped into `CheckSet` objects, which are defined by the top-level policy.

func (CheckOutput) AlwaysDeny added in v0.32.0 

func (o CheckOutput) AlwaysDeny() pulumi.BoolPtrOutput

Optional. A special-case check that always denies. Note that this still only applies when the scope of the `CheckSet` applies and the image isn't exempted by an image allowlist. This check is primarily useful for testing, or to set the default behavior for all unmatched scopes to "deny".

func (CheckOutput) DisplayName added in v0.32.0 

func (o CheckOutput) DisplayName() pulumi.StringPtrOutput

Optional. A user-provided name for this check. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.

func (CheckOutput) ElementType added in v0.32.0 

func (CheckOutput) ElementType() reflect.Type

func (CheckOutput) ImageAllowlist added in v0.32.0 

func (o CheckOutput) ImageAllowlist() ImageAllowlistPtrOutput

Optional. Images exempted from this check. If any of the patterns match the image url, the check will not be evaluated.

func (CheckOutput) ImageFreshnessCheck added in v0.32.0 

func (o CheckOutput) ImageFreshnessCheck() ImageFreshnessCheckPtrOutput

Optional. Require that an image is no older than a configured expiration time. Image age is determined by its upload time.

func (CheckOutput) SimpleSigningAttestationCheck added in v0.32.0 

func (o CheckOutput) SimpleSigningAttestationCheck() SimpleSigningAttestationCheckPtrOutput

Optional. Require a SimpleSigning-type attestation for every image in the deployment.

func (CheckOutput) SlsaCheck added in v0.32.0 

func (o CheckOutput) SlsaCheck() SlsaCheckPtrOutput

Optional. Require that an image was built by a trusted builder (such as Google Cloud Build), meets requirements for Supply chain Levels for Software Artifacts (SLSA), and was built from a trusted source code repostitory.

func (CheckOutput) ToCheckOutput added in v0.32.0 

func (o CheckOutput) ToCheckOutput() CheckOutput

func (CheckOutput) ToCheckOutputWithContext added in v0.32.0 

func (o CheckOutput) ToCheckOutputWithContext(ctx context.Context) CheckOutput

func (CheckOutput) TrustedDirectoryCheck added in v0.32.0 

func (o CheckOutput) TrustedDirectoryCheck() TrustedDirectoryCheckPtrOutput

Optional. Require that an image lives in a trusted directory.

func (CheckOutput) VulnerabilityCheck added in v0.32.0 

func (o CheckOutput) VulnerabilityCheck() VulnerabilityCheckPtrOutput

Optional. Require that an image does not contain vulnerabilities that violate the configured rules, such as based on severity levels.

type CheckResponse added in v0.32.0 

type CheckResponse struct {
	// Optional. A special-case check that always denies. Note that this still only applies when the scope of the `CheckSet` applies and the image isn't exempted by an image allowlist. This check is primarily useful for testing, or to set the default behavior for all unmatched scopes to "deny".
	AlwaysDeny bool `pulumi:"alwaysDeny"`
	// Optional. A user-provided name for this check. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.
	DisplayName string `pulumi:"displayName"`
	// Optional. Images exempted from this check. If any of the patterns match the image url, the check will not be evaluated.
	ImageAllowlist ImageAllowlistResponse `pulumi:"imageAllowlist"`
	// Optional. Require that an image is no older than a configured expiration time. Image age is determined by its upload time.
	ImageFreshnessCheck ImageFreshnessCheckResponse `pulumi:"imageFreshnessCheck"`
	// Optional. Require a SimpleSigning-type attestation for every image in the deployment.
	SimpleSigningAttestationCheck SimpleSigningAttestationCheckResponse `pulumi:"simpleSigningAttestationCheck"`
	// Optional. Require that an image was built by a trusted builder (such as Google Cloud Build), meets requirements for Supply chain Levels for Software Artifacts (SLSA), and was built from a trusted source code repostitory.
	SlsaCheck SlsaCheckResponse `pulumi:"slsaCheck"`
	// Optional. Require that an image lives in a trusted directory.
	TrustedDirectoryCheck TrustedDirectoryCheckResponse `pulumi:"trustedDirectoryCheck"`
	// Optional. Require that an image does not contain vulnerabilities that violate the configured rules, such as based on severity levels.
	VulnerabilityCheck VulnerabilityCheckResponse `pulumi:"vulnerabilityCheck"`
}

A single check to perform against a Pod. Checks are grouped into `CheckSet` objects, which are defined by the top-level policy.

type CheckResponseArrayOutput added in v0.32.0 

type CheckResponseArrayOutput struct{ *pulumi.OutputState }

func (CheckResponseArrayOutput) ElementType added in v0.32.0 

func (CheckResponseArrayOutput) ElementType() reflect.Type

func (CheckResponseArrayOutput) Index added in v0.32.0 

func (o CheckResponseArrayOutput) Index(i pulumi.IntInput) CheckResponseOutput

func (CheckResponseArrayOutput) ToCheckResponseArrayOutput added in v0.32.0 

func (o CheckResponseArrayOutput) ToCheckResponseArrayOutput() CheckResponseArrayOutput

func (CheckResponseArrayOutput) ToCheckResponseArrayOutputWithContext added in v0.32.0 

func (o CheckResponseArrayOutput) ToCheckResponseArrayOutputWithContext(ctx context.Context) CheckResponseArrayOutput

type CheckResponseOutput added in v0.32.0 

type CheckResponseOutput struct{ *pulumi.OutputState }

A single check to perform against a Pod. Checks are grouped into `CheckSet` objects, which are defined by the top-level policy.

func (CheckResponseOutput) AlwaysDeny added in v0.32.0 

func (o CheckResponseOutput) AlwaysDeny() pulumi.BoolOutput

Optional. A special-case check that always denies. Note that this still only applies when the scope of the `CheckSet` applies and the image isn't exempted by an image allowlist. This check is primarily useful for testing, or to set the default behavior for all unmatched scopes to "deny".

func (CheckResponseOutput) DisplayName added in v0.32.0 

func (o CheckResponseOutput) DisplayName() pulumi.StringOutput

Optional. A user-provided name for this check. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.

func (CheckResponseOutput) ElementType added in v0.32.0 

func (CheckResponseOutput) ElementType() reflect.Type

func (CheckResponseOutput) ImageAllowlist added in v0.32.0 

func (o CheckResponseOutput) ImageAllowlist() ImageAllowlistResponseOutput

Optional. Images exempted from this check. If any of the patterns match the image url, the check will not be evaluated.

func (CheckResponseOutput) ImageFreshnessCheck added in v0.32.0 

func (o CheckResponseOutput) ImageFreshnessCheck() ImageFreshnessCheckResponseOutput

Optional. Require that an image is no older than a configured expiration time. Image age is determined by its upload time.

func (CheckResponseOutput) SimpleSigningAttestationCheck added in v0.32.0 

func (o CheckResponseOutput) SimpleSigningAttestationCheck() SimpleSigningAttestationCheckResponseOutput

Optional. Require a SimpleSigning-type attestation for every image in the deployment.

func (CheckResponseOutput) SlsaCheck added in v0.32.0 

func (o CheckResponseOutput) SlsaCheck() SlsaCheckResponseOutput

Optional. Require that an image was built by a trusted builder (such as Google Cloud Build), meets requirements for Supply chain Levels for Software Artifacts (SLSA), and was built from a trusted source code repostitory.

func (CheckResponseOutput) ToCheckResponseOutput added in v0.32.0 

func (o CheckResponseOutput) ToCheckResponseOutput() CheckResponseOutput

func (CheckResponseOutput) ToCheckResponseOutputWithContext added in v0.32.0 

func (o CheckResponseOutput) ToCheckResponseOutputWithContext(ctx context.Context) CheckResponseOutput

func (CheckResponseOutput) TrustedDirectoryCheck added in v0.32.0 

func (o CheckResponseOutput) TrustedDirectoryCheck() TrustedDirectoryCheckResponseOutput

Optional. Require that an image lives in a trusted directory.

func (CheckResponseOutput) VulnerabilityCheck added in v0.32.0 

func (o CheckResponseOutput) VulnerabilityCheck() VulnerabilityCheckResponseOutput

Optional. Require that an image does not contain vulnerabilities that violate the configured rules, such as based on severity levels.

type CheckSet added in v0.32.0 

type CheckSet struct {
	// Optional. The checks to apply. The ultimate result of evaluating the check set will be "allow" if and only if every check in `checks` evaluates to "allow". If `checks` is empty, the default behavior is "always allow".
	Checks []Check `pulumi:"checks"`
	// Optional. A user-provided name for this `CheckSet`. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.
	DisplayName *string `pulumi:"displayName"`
	// Optional. Images exempted from this `CheckSet`. If any of the patterns match the image being evaluated, no checks in the `CheckSet` will be evaluated.
	ImageAllowlist *ImageAllowlist `pulumi:"imageAllowlist"`
	// Optional. The scope to which this `CheckSet` applies. If unset or an empty string (the default), applies to all namespaces and service accounts. See the `Scope` message documentation for details on scoping rules.
	Scope *Scope `pulumi:"scope"`
}

A conjunction of policy checks, scoped to a particular namespace or Kubernetes service account. In order for evaluation of a `CheckSet` to return "allowed" for a given image in a given Pod, one of the following conditions must be satisfied: * The image is explicitly exempted by an entry in `image_allowlist`, OR * ALL of the `checks` evaluate to "allowed".

type CheckSetArgs added in v0.32.0 

type CheckSetArgs struct {
	// Optional. The checks to apply. The ultimate result of evaluating the check set will be "allow" if and only if every check in `checks` evaluates to "allow". If `checks` is empty, the default behavior is "always allow".
	Checks CheckArrayInput `pulumi:"checks"`
	// Optional. A user-provided name for this `CheckSet`. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.
	DisplayName pulumi.StringPtrInput `pulumi:"displayName"`
	// Optional. Images exempted from this `CheckSet`. If any of the patterns match the image being evaluated, no checks in the `CheckSet` will be evaluated.
	ImageAllowlist ImageAllowlistPtrInput `pulumi:"imageAllowlist"`
	// Optional. The scope to which this `CheckSet` applies. If unset or an empty string (the default), applies to all namespaces and service accounts. See the `Scope` message documentation for details on scoping rules.
	Scope ScopePtrInput `pulumi:"scope"`
}

A conjunction of policy checks, scoped to a particular namespace or Kubernetes service account. In order for evaluation of a `CheckSet` to return "allowed" for a given image in a given Pod, one of the following conditions must be satisfied: * The image is explicitly exempted by an entry in `image_allowlist`, OR * ALL of the `checks` evaluate to "allowed".

func (CheckSetArgs) ElementType added in v0.32.0 

func (CheckSetArgs) ElementType() reflect.Type

func (CheckSetArgs) ToCheckSetOutput added in v0.32.0 

func (i CheckSetArgs) ToCheckSetOutput() CheckSetOutput

func (CheckSetArgs) ToCheckSetOutputWithContext added in v0.32.0 

func (i CheckSetArgs) ToCheckSetOutputWithContext(ctx context.Context) CheckSetOutput

type CheckSetArray added in v0.32.0 

type CheckSetArray []CheckSetInput

func (CheckSetArray) ElementType added in v0.32.0 

func (CheckSetArray) ElementType() reflect.Type

func (CheckSetArray) ToCheckSetArrayOutput added in v0.32.0 

func (i CheckSetArray) ToCheckSetArrayOutput() CheckSetArrayOutput

func (CheckSetArray) ToCheckSetArrayOutputWithContext added in v0.32.0 

func (i CheckSetArray) ToCheckSetArrayOutputWithContext(ctx context.Context) CheckSetArrayOutput

type CheckSetArrayInput added in v0.32.0 

type CheckSetArrayInput interface {
	pulumi.Input

	ToCheckSetArrayOutput() CheckSetArrayOutput
	ToCheckSetArrayOutputWithContext(context.Context) CheckSetArrayOutput
}

CheckSetArrayInput is an input type that accepts CheckSetArray and CheckSetArrayOutput values. You can construct a concrete instance of `CheckSetArrayInput` via: 

CheckSetArray{ CheckSetArgs{...} }

type CheckSetArrayOutput added in v0.32.0 

type CheckSetArrayOutput struct{ *pulumi.OutputState }

func (CheckSetArrayOutput) ElementType added in v0.32.0 

func (CheckSetArrayOutput) ElementType() reflect.Type

func (CheckSetArrayOutput) Index added in v0.32.0 

func (o CheckSetArrayOutput) Index(i pulumi.IntInput) CheckSetOutput

func (CheckSetArrayOutput) ToCheckSetArrayOutput added in v0.32.0 

func (o CheckSetArrayOutput) ToCheckSetArrayOutput() CheckSetArrayOutput

func (CheckSetArrayOutput) ToCheckSetArrayOutputWithContext added in v0.32.0 

func (o CheckSetArrayOutput) ToCheckSetArrayOutputWithContext(ctx context.Context) CheckSetArrayOutput

type CheckSetInput added in v0.32.0 

type CheckSetInput interface {
	pulumi.Input

	ToCheckSetOutput() CheckSetOutput
	ToCheckSetOutputWithContext(context.Context) CheckSetOutput
}

CheckSetInput is an input type that accepts CheckSetArgs and CheckSetOutput values. You can construct a concrete instance of `CheckSetInput` via: 

CheckSetArgs{...}

type CheckSetOutput added in v0.32.0 

type CheckSetOutput struct{ *pulumi.OutputState }

A conjunction of policy checks, scoped to a particular namespace or Kubernetes service account. In order for evaluation of a `CheckSet` to return "allowed" for a given image in a given Pod, one of the following conditions must be satisfied: * The image is explicitly exempted by an entry in `image_allowlist`, OR * ALL of the `checks` evaluate to "allowed".

func (CheckSetOutput) Checks added in v0.32.0 

func (o CheckSetOutput) Checks() CheckArrayOutput

Optional. The checks to apply. The ultimate result of evaluating the check set will be "allow" if and only if every check in `checks` evaluates to "allow". If `checks` is empty, the default behavior is "always allow".

func (CheckSetOutput) DisplayName added in v0.32.0 

func (o CheckSetOutput) DisplayName() pulumi.StringPtrOutput

Optional. A user-provided name for this `CheckSet`. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.

func (CheckSetOutput) ElementType added in v0.32.0 

func (CheckSetOutput) ElementType() reflect.Type

func (CheckSetOutput) ImageAllowlist added in v0.32.0 

func (o CheckSetOutput) ImageAllowlist() ImageAllowlistPtrOutput

Optional. Images exempted from this `CheckSet`. If any of the patterns match the image being evaluated, no checks in the `CheckSet` will be evaluated.

func (CheckSetOutput) Scope added in v0.32.0 

func (o CheckSetOutput) Scope() ScopePtrOutput

Optional. The scope to which this `CheckSet` applies. If unset or an empty string (the default), applies to all namespaces and service accounts. See the `Scope` message documentation for details on scoping rules.

func (CheckSetOutput) ToCheckSetOutput added in v0.32.0 

func (o CheckSetOutput) ToCheckSetOutput() CheckSetOutput

func (CheckSetOutput) ToCheckSetOutputWithContext added in v0.32.0 

func (o CheckSetOutput) ToCheckSetOutputWithContext(ctx context.Context) CheckSetOutput

type CheckSetResponse added in v0.32.0 

type CheckSetResponse struct {
	// Optional. The checks to apply. The ultimate result of evaluating the check set will be "allow" if and only if every check in `checks` evaluates to "allow". If `checks` is empty, the default behavior is "always allow".
	Checks []CheckResponse `pulumi:"checks"`
	// Optional. A user-provided name for this `CheckSet`. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.
	DisplayName string `pulumi:"displayName"`
	// Optional. Images exempted from this `CheckSet`. If any of the patterns match the image being evaluated, no checks in the `CheckSet` will be evaluated.
	ImageAllowlist ImageAllowlistResponse `pulumi:"imageAllowlist"`
	// Optional. The scope to which this `CheckSet` applies. If unset or an empty string (the default), applies to all namespaces and service accounts. See the `Scope` message documentation for details on scoping rules.
	Scope ScopeResponse `pulumi:"scope"`
}

A conjunction of policy checks, scoped to a particular namespace or Kubernetes service account. In order for evaluation of a `CheckSet` to return "allowed" for a given image in a given Pod, one of the following conditions must be satisfied: * The image is explicitly exempted by an entry in `image_allowlist`, OR * ALL of the `checks` evaluate to "allowed".

type CheckSetResponseArrayOutput added in v0.32.0 

type CheckSetResponseArrayOutput struct{ *pulumi.OutputState }

func (CheckSetResponseArrayOutput) ElementType added in v0.32.0 

func (CheckSetResponseArrayOutput) ElementType() reflect.Type

func (CheckSetResponseArrayOutput) Index added in v0.32.0 

func (o CheckSetResponseArrayOutput) Index(i pulumi.IntInput) CheckSetResponseOutput

func (CheckSetResponseArrayOutput) ToCheckSetResponseArrayOutput added in v0.32.0 

func (o CheckSetResponseArrayOutput) ToCheckSetResponseArrayOutput() CheckSetResponseArrayOutput

func (CheckSetResponseArrayOutput) ToCheckSetResponseArrayOutputWithContext added in v0.32.0 

func (o CheckSetResponseArrayOutput) ToCheckSetResponseArrayOutputWithContext(ctx context.Context) CheckSetResponseArrayOutput

type CheckSetResponseOutput added in v0.32.0 

type CheckSetResponseOutput struct{ *pulumi.OutputState }

A conjunction of policy checks, scoped to a particular namespace or Kubernetes service account. In order for evaluation of a `CheckSet` to return "allowed" for a given image in a given Pod, one of the following conditions must be satisfied: * The image is explicitly exempted by an entry in `image_allowlist`, OR * ALL of the `checks` evaluate to "allowed".

func (CheckSetResponseOutput) Checks added in v0.32.0 

func (o CheckSetResponseOutput) Checks() CheckResponseArrayOutput

Optional. The checks to apply. The ultimate result of evaluating the check set will be "allow" if and only if every check in `checks` evaluates to "allow". If `checks` is empty, the default behavior is "always allow".

func (CheckSetResponseOutput) DisplayName added in v0.32.0 

func (o CheckSetResponseOutput) DisplayName() pulumi.StringOutput

Optional. A user-provided name for this `CheckSet`. This field has no effect on the policy evaluation behavior except to improve readability of messages in evaluation results.

func (CheckSetResponseOutput) ElementType added in v0.32.0 

func (CheckSetResponseOutput) ElementType() reflect.Type

func (CheckSetResponseOutput) ImageAllowlist added in v0.32.0 

func (o CheckSetResponseOutput) ImageAllowlist() ImageAllowlistResponseOutput

Optional. Images exempted from this `CheckSet`. If any of the patterns match the image being evaluated, no checks in the `CheckSet` will be evaluated.

func (CheckSetResponseOutput) Scope added in v0.32.0 

func (o CheckSetResponseOutput) Scope() ScopeResponseOutput

Optional. The scope to which this `CheckSet` applies. If unset or an empty string (the default), applies to all namespaces and service accounts. See the `Scope` message documentation for details on scoping rules.

func (CheckSetResponseOutput) ToCheckSetResponseOutput added in v0.32.0 

func (o CheckSetResponseOutput) ToCheckSetResponseOutput() CheckSetResponseOutput

func (CheckSetResponseOutput) ToCheckSetResponseOutputWithContext added in v0.32.0 

func (o CheckSetResponseOutput) ToCheckSetResponseOutputWithContext(ctx context.Context) CheckSetResponseOutput

type Expr 

type Expr struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description *string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression *string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location *string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title *string `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

type ExprArgs 

type ExprArgs struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description pulumi.StringPtrInput `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression pulumi.StringPtrInput `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location pulumi.StringPtrInput `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title pulumi.StringPtrInput `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprArgs) ElementType 

func (ExprArgs) ElementType() reflect.Type

func (ExprArgs) ToExprOutput 

func (i ExprArgs) ToExprOutput() ExprOutput

func (ExprArgs) ToExprOutputWithContext 

func (i ExprArgs) ToExprOutputWithContext(ctx context.Context) ExprOutput

func (ExprArgs) ToExprPtrOutput 

func (i ExprArgs) ToExprPtrOutput() ExprPtrOutput

func (ExprArgs) ToExprPtrOutputWithContext 

func (i ExprArgs) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprInput 

type ExprInput interface {
	pulumi.Input

	ToExprOutput() ExprOutput
	ToExprOutputWithContext(context.Context) ExprOutput
}

ExprInput is an input type that accepts ExprArgs and ExprOutput values. You can construct a concrete instance of `ExprInput` via: 

ExprArgs{...}

type ExprOutput 

type ExprOutput struct{ *pulumi.OutputState }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprOutput) Description 

func (o ExprOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprOutput) ElementType 

func (ExprOutput) ElementType() reflect.Type

func (ExprOutput) Expression 

func (o ExprOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprOutput) Location 

func (o ExprOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprOutput) Title 

func (o ExprOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprOutput) ToExprOutput 

func (o ExprOutput) ToExprOutput() ExprOutput

func (ExprOutput) ToExprOutputWithContext 

func (o ExprOutput) ToExprOutputWithContext(ctx context.Context) ExprOutput

func (ExprOutput) ToExprPtrOutput 

func (o ExprOutput) ToExprPtrOutput() ExprPtrOutput

func (ExprOutput) ToExprPtrOutputWithContext 

func (o ExprOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprPtrInput 

type ExprPtrInput interface {
	pulumi.Input

	ToExprPtrOutput() ExprPtrOutput
	ToExprPtrOutputWithContext(context.Context) ExprPtrOutput
}

ExprPtrInput is an input type that accepts ExprArgs, ExprPtr and ExprPtrOutput values. You can construct a concrete instance of `ExprPtrInput` via: 

        ExprArgs{...}

or:

        nil

func ExprPtr 

func ExprPtr(v *ExprArgs) ExprPtrInput

type ExprPtrOutput 

type ExprPtrOutput struct{ *pulumi.OutputState }

func (ExprPtrOutput) Description 

func (o ExprPtrOutput) Description() pulumi.StringPtrOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprPtrOutput) Elem 

func (o ExprPtrOutput) Elem() ExprOutput

func (ExprPtrOutput) ElementType 

func (ExprPtrOutput) ElementType() reflect.Type

func (ExprPtrOutput) Expression 

func (o ExprPtrOutput) Expression() pulumi.StringPtrOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprPtrOutput) Location 

func (o ExprPtrOutput) Location() pulumi.StringPtrOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprPtrOutput) Title 

func (o ExprPtrOutput) Title() pulumi.StringPtrOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprPtrOutput) ToExprPtrOutput 

func (o ExprPtrOutput) ToExprPtrOutput() ExprPtrOutput

func (ExprPtrOutput) ToExprPtrOutputWithContext 

func (o ExprPtrOutput) ToExprPtrOutputWithContext(ctx context.Context) ExprPtrOutput

type ExprResponse 

type ExprResponse struct {
	// Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.
	Description string `pulumi:"description"`
	// Textual representation of an expression in Common Expression Language syntax.
	Expression string `pulumi:"expression"`
	// Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.
	Location string `pulumi:"location"`
	// Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.
	Title string `pulumi:"title"`
}

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

type ExprResponseOutput 

type ExprResponseOutput struct{ *pulumi.OutputState }

Represents a textual expression in the Common Expression Language (CEL) syntax. CEL is a C-like expression language. The syntax and semantics of CEL are documented at https://github.com/google/cel-spec. Example (Comparison): title: "Summary size limit" description: "Determines if a summary is less than 100 chars" expression: "document.summary.size() < 100" Example (Equality): title: "Requestor is owner" description: "Determines if requestor is the document owner" expression: "document.owner == request.auth.claims.email" Example (Logic): title: "Public documents" description: "Determine whether the document should be publicly visible" expression: "document.type != 'private' && document.type != 'internal'" Example (Data Manipulation): title: "Notification string" description: "Create a notification string with a timestamp." expression: "'New message received at ' + string(document.create_time)" The exact variables and functions that may be referenced within an expression are determined by the service that evaluates it. See the service documentation for additional information.

func (ExprResponseOutput) Description 

func (o ExprResponseOutput) Description() pulumi.StringOutput

Optional. Description of the expression. This is a longer text which describes the expression, e.g. when hovered over it in a UI.

func (ExprResponseOutput) ElementType 

func (ExprResponseOutput) ElementType() reflect.Type

func (ExprResponseOutput) Expression 

func (o ExprResponseOutput) Expression() pulumi.StringOutput

Textual representation of an expression in Common Expression Language syntax.

func (ExprResponseOutput) Location 

func (o ExprResponseOutput) Location() pulumi.StringOutput

Optional. String indicating the location of the expression for error reporting, e.g. a file name and a position in the file.

func (ExprResponseOutput) Title 

func (o ExprResponseOutput) Title() pulumi.StringOutput

Optional. Title for the expression, i.e. a short string describing its purpose. This can be used e.g. in UIs which allow to enter the expression.

func (ExprResponseOutput) ToExprResponseOutput 

func (o ExprResponseOutput) ToExprResponseOutput() ExprResponseOutput

func (ExprResponseOutput) ToExprResponseOutputWithContext 

func (o ExprResponseOutput) ToExprResponseOutputWithContext(ctx context.Context) ExprResponseOutput

type GkePolicy added in v0.32.0 

type GkePolicy struct {
	// Optional. The `CheckSet` objects to apply, scoped by namespace or namespace and service account. Exactly one `CheckSet` will be evaluated for a given Pod (unless the list is empty, in which case the behavior is "always allow"). If multiple `CheckSet` objects have scopes that match the namespace and service account of the Pod being evaluated, only the `CheckSet` with the MOST SPECIFIC scope will match. `CheckSet` objects must be listed in order of decreasing specificity, i.e. if a scope matches a given service account (which must include the namespace), it must come before a `CheckSet` with a scope matching just that namespace. This property is enforced by server-side validation. The purpose of this restriction is to ensure that if more than one `CheckSet` matches a given Pod, the `CheckSet` that will be evaluated will always be the first in the list to match (because if any other matches, it must be less specific). If `check_sets` is empty, the default behavior is to allow all images. If `check_sets` is non-empty, the last `check_sets` entry must always be a `CheckSet` with no scope set, i.e. a catchall to handle any situation not caught by the preceding `CheckSet` objects.
	CheckSets []CheckSet `pulumi:"checkSets"`
	// Optional. Images exempted from this policy. If any of the patterns match the image being evaluated, the rest of the policy will not be evaluated.
	ImageAllowlist *ImageAllowlist `pulumi:"imageAllowlist"`
}

A Binary Authorization policy for a GKE cluster. This is one type of policy that can occur as a `PlatformPolicy`.

type GkePolicyArgs added in v0.32.0 

type GkePolicyArgs struct {
	// Optional. The `CheckSet` objects to apply, scoped by namespace or namespace and service account. Exactly one `CheckSet` will be evaluated for a given Pod (unless the list is empty, in which case the behavior is "always allow"). If multiple `CheckSet` objects have scopes that match the namespace and service account of the Pod being evaluated, only the `CheckSet` with the MOST SPECIFIC scope will match. `CheckSet` objects must be listed in order of decreasing specificity, i.e. if a scope matches a given service account (which must include the namespace), it must come before a `CheckSet` with a scope matching just that namespace. This property is enforced by server-side validation. The purpose of this restriction is to ensure that if more than one `CheckSet` matches a given Pod, the `CheckSet` that will be evaluated will always be the first in the list to match (because if any other matches, it must be less specific). If `check_sets` is empty, the default behavior is to allow all images. If `check_sets` is non-empty, the last `check_sets` entry must always be a `CheckSet` with no scope set, i.e. a catchall to handle any situation not caught by the preceding `CheckSet` objects.
	CheckSets CheckSetArrayInput `pulumi:"checkSets"`
	// Optional. Images exempted from this policy. If any of the patterns match the image being evaluated, the rest of the policy will not be evaluated.
	ImageAllowlist ImageAllowlistPtrInput `pulumi:"imageAllowlist"`
}

A Binary Authorization policy for a GKE cluster. This is one type of policy that can occur as a `PlatformPolicy`.

func (GkePolicyArgs) ElementType added in v0.32.0 

func (GkePolicyArgs) ElementType() reflect.Type

func (GkePolicyArgs) ToGkePolicyOutput added in v0.32.0 

func (i GkePolicyArgs) ToGkePolicyOutput() GkePolicyOutput

func (GkePolicyArgs) ToGkePolicyOutputWithContext added in v0.32.0 

func (i GkePolicyArgs) ToGkePolicyOutputWithContext(ctx context.Context) GkePolicyOutput

func (GkePolicyArgs) ToGkePolicyPtrOutput added in v0.32.0 

func (i GkePolicyArgs) ToGkePolicyPtrOutput() GkePolicyPtrOutput

func (GkePolicyArgs) ToGkePolicyPtrOutputWithContext added in v0.32.0 

func (i GkePolicyArgs) ToGkePolicyPtrOutputWithContext(ctx context.Context) GkePolicyPtrOutput

type GkePolicyInput added in v0.32.0 

type GkePolicyInput interface {
	pulumi.Input

	ToGkePolicyOutput() GkePolicyOutput
	ToGkePolicyOutputWithContext(context.Context) GkePolicyOutput
}

GkePolicyInput is an input type that accepts GkePolicyArgs and GkePolicyOutput values. You can construct a concrete instance of `GkePolicyInput` via: 

GkePolicyArgs{...}

type GkePolicyOutput added in v0.32.0 

type GkePolicyOutput struct{ *pulumi.OutputState }

A Binary Authorization policy for a GKE cluster. This is one type of policy that can occur as a `PlatformPolicy`.

func (GkePolicyOutput) CheckSets added in v0.32.0 

func (o GkePolicyOutput) CheckSets() CheckSetArrayOutput

Optional. The `CheckSet` objects to apply, scoped by namespace or namespace and service account. Exactly one `CheckSet` will be evaluated for a given Pod (unless the list is empty, in which case the behavior is "always allow"). If multiple `CheckSet` objects have scopes that match the namespace and service account of the Pod being evaluated, only the `CheckSet` with the MOST SPECIFIC scope will match. `CheckSet` objects must be listed in order of decreasing specificity, i.e. if a scope matches a given service account (which must include the namespace), it must come before a `CheckSet` with a scope matching just that namespace. This property is enforced by server-side validation. The purpose of this restriction is to ensure that if more than one `CheckSet` matches a given Pod, the `CheckSet` that will be evaluated will always be the first in the list to match (because if any other matches, it must be less specific). If `check_sets` is empty, the default behavior is to allow all images. If `check_sets` is non-empty, the last `check_sets` entry must always be a `CheckSet` with no scope set, i.e. a catchall to handle any situation not caught by the preceding `CheckSet` objects.

func (GkePolicyOutput) ElementType added in v0.32.0 

func (GkePolicyOutput) ElementType() reflect.Type

func (GkePolicyOutput) ImageAllowlist added in v0.32.0 

func (o GkePolicyOutput) ImageAllowlist() ImageAllowlistPtrOutput

Optional. Images exempted from this policy. If any of the patterns match the image being evaluated, the rest of the policy will not be evaluated.

func (GkePolicyOutput) ToGkePolicyOutput added in v0.32.0 

func (o GkePolicyOutput) ToGkePolicyOutput() GkePolicyOutput

func (GkePolicyOutput) ToGkePolicyOutputWithContext added in v0.32.0 

func (o GkePolicyOutput) ToGkePolicyOutputWithContext(ctx context.Context) GkePolicyOutput

func (GkePolicyOutput) ToGkePolicyPtrOutput added in v0.32.0 

func (o GkePolicyOutput) ToGkePolicyPtrOutput() GkePolicyPtrOutput

func (GkePolicyOutput) ToGkePolicyPtrOutputWithContext added in v0.32.0 

func (o GkePolicyOutput) ToGkePolicyPtrOutputWithContext(ctx context.Context) GkePolicyPtrOutput

type GkePolicyPtrInput added in v0.32.0 

type GkePolicyPtrInput interface {
	pulumi.Input

	ToGkePolicyPtrOutput() GkePolicyPtrOutput
	ToGkePolicyPtrOutputWithContext(context.Context) GkePolicyPtrOutput
}

GkePolicyPtrInput is an input type that accepts GkePolicyArgs, GkePolicyPtr and GkePolicyPtrOutput values. You can construct a concrete instance of `GkePolicyPtrInput` via: 

        GkePolicyArgs{...}

or:

        nil

func GkePolicyPtr added in v0.32.0 

func GkePolicyPtr(v *GkePolicyArgs) GkePolicyPtrInput

type GkePolicyPtrOutput added in v0.32.0 

type GkePolicyPtrOutput struct{ *pulumi.OutputState }

func (GkePolicyPtrOutput) CheckSets added in v0.32.0 

func (o GkePolicyPtrOutput) CheckSets() CheckSetArrayOutput

Optional. The `CheckSet` objects to apply, scoped by namespace or namespace and service account. Exactly one `CheckSet` will be evaluated for a given Pod (unless the list is empty, in which case the behavior is "always allow"). If multiple `CheckSet` objects have scopes that match the namespace and service account of the Pod being evaluated, only the `CheckSet` with the MOST SPECIFIC scope will match. `CheckSet` objects must be listed in order of decreasing specificity, i.e. if a scope matches a given service account (which must include the namespace), it must come before a `CheckSet` with a scope matching just that namespace. This property is enforced by server-side validation. The purpose of this restriction is to ensure that if more than one `CheckSet` matches a given Pod, the `CheckSet` that will be evaluated will always be the first in the list to match (because if any other matches, it must be less specific). If `check_sets` is empty, the default behavior is to allow all images. If `check_sets` is non-empty, the last `check_sets` entry must always be a `CheckSet` with no scope set, i.e. a catchall to handle any situation not caught by the preceding `CheckSet` objects.

func (GkePolicyPtrOutput) Elem added in v0.32.0 

func (o GkePolicyPtrOutput) Elem() GkePolicyOutput

func (GkePolicyPtrOutput) ElementType added in v0.32.0 

func (GkePolicyPtrOutput) ElementType() reflect.Type

func (GkePolicyPtrOutput) ImageAllowlist added in v0.32.0 

func (o GkePolicyPtrOutput) ImageAllowlist() ImageAllowlistPtrOutput

Optional. Images exempted from this policy. If any of the patterns match the image being evaluated, the rest of the policy will not be evaluated.

func (GkePolicyPtrOutput) ToGkePolicyPtrOutput added in v0.32.0 

func (o GkePolicyPtrOutput) ToGkePolicyPtrOutput() GkePolicyPtrOutput

func (GkePolicyPtrOutput) ToGkePolicyPtrOutputWithContext added in v0.32.0 

func (o GkePolicyPtrOutput) ToGkePolicyPtrOutputWithContext(ctx context.Context) GkePolicyPtrOutput

type GkePolicyResponse added in v0.32.0 

type GkePolicyResponse struct {
	// Optional. The `CheckSet` objects to apply, scoped by namespace or namespace and service account. Exactly one `CheckSet` will be evaluated for a given Pod (unless the list is empty, in which case the behavior is "always allow"). If multiple `CheckSet` objects have scopes that match the namespace and service account of the Pod being evaluated, only the `CheckSet` with the MOST SPECIFIC scope will match. `CheckSet` objects must be listed in order of decreasing specificity, i.e. if a scope matches a given service account (which must include the namespace), it must come before a `CheckSet` with a scope matching just that namespace. This property is enforced by server-side validation. The purpose of this restriction is to ensure that if more than one `CheckSet` matches a given Pod, the `CheckSet` that will be evaluated will always be the first in the list to match (because if any other matches, it must be less specific). If `check_sets` is empty, the default behavior is to allow all images. If `check_sets` is non-empty, the last `check_sets` entry must always be a `CheckSet` with no scope set, i.e. a catchall to handle any situation not caught by the preceding `CheckSet` objects.
	CheckSets []CheckSetResponse `pulumi:"checkSets"`
	// Optional. Images exempted from this policy. If any of the patterns match the image being evaluated, the rest of the policy will not be evaluated.
	ImageAllowlist ImageAllowlistResponse `pulumi:"imageAllowlist"`
}

A Binary Authorization policy for a GKE cluster. This is one type of policy that can occur as a `PlatformPolicy`.

type GkePolicyResponseOutput added in v0.32.0 

type GkePolicyResponseOutput struct{ *pulumi.OutputState }

A Binary Authorization policy for a GKE cluster. This is one type of policy that can occur as a `PlatformPolicy`.

func (GkePolicyResponseOutput) CheckSets added in v0.32.0 

func (o GkePolicyResponseOutput) CheckSets() CheckSetResponseArrayOutput

Optional. The `CheckSet` objects to apply, scoped by namespace or namespace and service account. Exactly one `CheckSet` will be evaluated for a given Pod (unless the list is empty, in which case the behavior is "always allow"). If multiple `CheckSet` objects have scopes that match the namespace and service account of the Pod being evaluated, only the `CheckSet` with the MOST SPECIFIC scope will match. `CheckSet` objects must be listed in order of decreasing specificity, i.e. if a scope matches a given service account (which must include the namespace), it must come before a `CheckSet` with a scope matching just that namespace. This property is enforced by server-side validation. The purpose of this restriction is to ensure that if more than one `CheckSet` matches a given Pod, the `CheckSet` that will be evaluated will always be the first in the list to match (because if any other matches, it must be less specific). If `check_sets` is empty, the default behavior is to allow all images. If `check_sets` is non-empty, the last `check_sets` entry must always be a `CheckSet` with no scope set, i.e. a catchall to handle any situation not caught by the preceding `CheckSet` objects.

func (GkePolicyResponseOutput) ElementType added in v0.32.0 

func (GkePolicyResponseOutput) ElementType() reflect.Type

func (GkePolicyResponseOutput) ImageAllowlist added in v0.32.0 

func (o GkePolicyResponseOutput) ImageAllowlist() ImageAllowlistResponseOutput

Optional. Images exempted from this policy. If any of the patterns match the image being evaluated, the rest of the policy will not be evaluated.

func (GkePolicyResponseOutput) ToGkePolicyResponseOutput added in v0.32.0 

func (o GkePolicyResponseOutput) ToGkePolicyResponseOutput() GkePolicyResponseOutput

func (GkePolicyResponseOutput) ToGkePolicyResponseOutputWithContext added in v0.32.0 

func (o GkePolicyResponseOutput) ToGkePolicyResponseOutputWithContext(ctx context.Context) GkePolicyResponseOutput

type ImageAllowlist added in v0.32.0 

type ImageAllowlist struct {
	// A disjunction of image patterns to allow. If any of these patterns match, then the image is considered exempted by this allowlist.
	AllowPattern []string `pulumi:"allowPattern"`
}

Images that are exempted from normal checks based on name pattern only.

type ImageAllowlistArgs added in v0.32.0 

type ImageAllowlistArgs struct {
	// A disjunction of image patterns to allow. If any of these patterns match, then the image is considered exempted by this allowlist.
	AllowPattern pulumi.StringArrayInput `pulumi:"allowPattern"`
}

Images that are exempted from normal checks based on name pattern only.

func (ImageAllowlistArgs) ElementType added in v0.32.0 

func (ImageAllowlistArgs) ElementType() reflect.Type

func (ImageAllowlistArgs) ToImageAllowlistOutput added in v0.32.0 

func (i ImageAllowlistArgs) ToImageAllowlistOutput() ImageAllowlistOutput

func (ImageAllowlistArgs) ToImageAllowlistOutputWithContext added in v0.32.0 

func (i ImageAllowlistArgs) ToImageAllowlistOutputWithContext(ctx context.Context) ImageAllowlistOutput

func (ImageAllowlistArgs) ToImageAllowlistPtrOutput added in v0.32.0 

func (i ImageAllowlistArgs) ToImageAllowlistPtrOutput() ImageAllowlistPtrOutput

func (ImageAllowlistArgs) ToImageAllowlistPtrOutputWithContext added in v0.32.0 

func (i ImageAllowlistArgs) ToImageAllowlistPtrOutputWithContext(ctx context.Context) ImageAllowlistPtrOutput

type ImageAllowlistInput added in v0.32.0 

type ImageAllowlistInput interface {
	pulumi.Input

	ToImageAllowlistOutput() ImageAllowlistOutput
	ToImageAllowlistOutputWithContext(context.Context) ImageAllowlistOutput
}

ImageAllowlistInput is an input type that accepts ImageAllowlistArgs and ImageAllowlistOutput values. You can construct a concrete instance of `ImageAllowlistInput` via: 

ImageAllowlistArgs{...}

type ImageAllowlistOutput added in v0.32.0 

type ImageAllowlistOutput struct{ *pulumi.OutputState }

Images that are exempted from normal checks based on name pattern only.

func (ImageAllowlistOutput) AllowPattern added in v0.32.0 

func (o ImageAllowlistOutput) AllowPattern() pulumi.StringArrayOutput

A disjunction of image patterns to allow. If any of these patterns match, then the image is considered exempted by this allowlist.

func (ImageAllowlistOutput) ElementType added in v0.32.0 

func (ImageAllowlistOutput) ElementType() reflect.Type

func (ImageAllowlistOutput) ToImageAllowlistOutput added in v0.32.0 

func (o ImageAllowlistOutput) ToImageAllowlistOutput() ImageAllowlistOutput

func (ImageAllowlistOutput) ToImageAllowlistOutputWithContext added in v0.32.0 

func (o ImageAllowlistOutput) ToImageAllowlistOutputWithContext(ctx context.Context) ImageAllowlistOutput

func (ImageAllowlistOutput) ToImageAllowlistPtrOutput added in v0.32.0 

func (o ImageAllowlistOutput) ToImageAllowlistPtrOutput() ImageAllowlistPtrOutput

func (ImageAllowlistOutput) ToImageAllowlistPtrOutputWithContext added in v0.32.0 

func (o ImageAllowlistOutput) ToImageAllowlistPtrOutputWithContext(ctx context.Context) ImageAllowlistPtrOutput

type ImageAllowlistPtrInput added in v0.32.0 

type ImageAllowlistPtrInput interface {
	pulumi.Input

	ToImageAllowlistPtrOutput() ImageAllowlistPtrOutput
	ToImageAllowlistPtrOutputWithContext(context.Context) ImageAllowlistPtrOutput
}

ImageAllowlistPtrInput is an input type that accepts ImageAllowlistArgs, ImageAllowlistPtr and ImageAllowlistPtrOutput values. You can construct a concrete instance of `ImageAllowlistPtrInput` via: 

        ImageAllowlistArgs{...}

or:

        nil

func ImageAllowlistPtr added in v0.32.0 

func ImageAllowlistPtr(v *ImageAllowlistArgs) ImageAllowlistPtrInput

type ImageAllowlistPtrOutput added in v0.32.0 

type ImageAllowlistPtrOutput struct{ *pulumi.OutputState }

func (ImageAllowlistPtrOutput) AllowPattern added in v0.32.0 

func (o ImageAllowlistPtrOutput) AllowPattern() pulumi.StringArrayOutput

A disjunction of image patterns to allow. If any of these patterns match, then the image is considered exempted by this allowlist.

func (ImageAllowlistPtrOutput) Elem added in v0.32.0 

func (o ImageAllowlistPtrOutput) Elem() ImageAllowlistOutput

func (ImageAllowlistPtrOutput) ElementType added in v0.32.0 

func (ImageAllowlistPtrOutput) ElementType() reflect.Type

func (ImageAllowlistPtrOutput) ToImageAllowlistPtrOutput added in v0.32.0 

func (o ImageAllowlistPtrOutput) ToImageAllowlistPtrOutput() ImageAllowlistPtrOutput

func (ImageAllowlistPtrOutput) ToImageAllowlistPtrOutputWithContext added in v0.32.0 

func (o ImageAllowlistPtrOutput) ToImageAllowlistPtrOutputWithContext(ctx context.Context) ImageAllowlistPtrOutput

type ImageAllowlistResponse added in v0.32.0 

type ImageAllowlistResponse struct {
	// A disjunction of image patterns to allow. If any of these patterns match, then the image is considered exempted by this allowlist.
	AllowPattern []string `pulumi:"allowPattern"`
}

Images that are exempted from normal checks based on name pattern only.

type ImageAllowlistResponseOutput added in v0.32.0 

type ImageAllowlistResponseOutput struct{ *pulumi.OutputState }

Images that are exempted from normal checks based on name pattern only.

func (ImageAllowlistResponseOutput) AllowPattern added in v0.32.0 

func (o ImageAllowlistResponseOutput) AllowPattern() pulumi.StringArrayOutput

A disjunction of image patterns to allow. If any of these patterns match, then the image is considered exempted by this allowlist.

func (ImageAllowlistResponseOutput) ElementType added in v0.32.0 

func (ImageAllowlistResponseOutput) ElementType() reflect.Type

func (ImageAllowlistResponseOutput) ToImageAllowlistResponseOutput added in v0.32.0 

func (o ImageAllowlistResponseOutput) ToImageAllowlistResponseOutput() ImageAllowlistResponseOutput

func (ImageAllowlistResponseOutput) ToImageAllowlistResponseOutputWithContext added in v0.32.0 

func (o ImageAllowlistResponseOutput) ToImageAllowlistResponseOutputWithContext(ctx context.Context) ImageAllowlistResponseOutput

type ImageFreshnessCheck added in v0.32.0 

type ImageFreshnessCheck struct {
	// The max number of days that is allowed since the image was uploaded. Must be greater than zero.
	MaxUploadAgeDays int `pulumi:"maxUploadAgeDays"`
}

An image freshness check, which rejects images that were uploaded before the set number of days ago to the supported repositories.

type ImageFreshnessCheckArgs added in v0.32.0 

type ImageFreshnessCheckArgs struct {
	// The max number of days that is allowed since the image was uploaded. Must be greater than zero.
	MaxUploadAgeDays pulumi.IntInput `pulumi:"maxUploadAgeDays"`
}

An image freshness check, which rejects images that were uploaded before the set number of days ago to the supported repositories.

func (ImageFreshnessCheckArgs) ElementType added in v0.32.0 

func (ImageFreshnessCheckArgs) ElementType() reflect.Type

func (ImageFreshnessCheckArgs) ToImageFreshnessCheckOutput added in v0.32.0 

func (i ImageFreshnessCheckArgs) ToImageFreshnessCheckOutput() ImageFreshnessCheckOutput

func (ImageFreshnessCheckArgs) ToImageFreshnessCheckOutputWithContext added in v0.32.0 

func (i ImageFreshnessCheckArgs) ToImageFreshnessCheckOutputWithContext(ctx context.Context) ImageFreshnessCheckOutput

func (ImageFreshnessCheckArgs) ToImageFreshnessCheckPtrOutput added in v0.32.0 

func (i ImageFreshnessCheckArgs) ToImageFreshnessCheckPtrOutput() ImageFreshnessCheckPtrOutput

func (ImageFreshnessCheckArgs) ToImageFreshnessCheckPtrOutputWithContext added in v0.32.0 

func (i ImageFreshnessCheckArgs) ToImageFreshnessCheckPtrOutputWithContext(ctx context.Context) ImageFreshnessCheckPtrOutput

type ImageFreshnessCheckInput added in v0.32.0 

type ImageFreshnessCheckInput interface {
	pulumi.Input

	ToImageFreshnessCheckOutput() ImageFreshnessCheckOutput
	ToImageFreshnessCheckOutputWithContext(context.Context) ImageFreshnessCheckOutput
}

ImageFreshnessCheckInput is an input type that accepts ImageFreshnessCheckArgs and ImageFreshnessCheckOutput values. You can construct a concrete instance of `ImageFreshnessCheckInput` via: 

ImageFreshnessCheckArgs{...}

type ImageFreshnessCheckOutput added in v0.32.0 

type ImageFreshnessCheckOutput struct{ *pulumi.OutputState }

An image freshness check, which rejects images that were uploaded before the set number of days ago to the supported repositories.

func (ImageFreshnessCheckOutput) ElementType added in v0.32.0 

func (ImageFreshnessCheckOutput) ElementType() reflect.Type

func (ImageFreshnessCheckOutput) MaxUploadAgeDays added in v0.32.0 

func (o ImageFreshnessCheckOutput) MaxUploadAgeDays() pulumi.IntOutput

The max number of days that is allowed since the image was uploaded. Must be greater than zero.

func (ImageFreshnessCheckOutput) ToImageFreshnessCheckOutput added in v0.32.0 

func (o ImageFreshnessCheckOutput) ToImageFreshnessCheckOutput() ImageFreshnessCheckOutput

func (ImageFreshnessCheckOutput) ToImageFreshnessCheckOutputWithContext added in v0.32.0 

func (o ImageFreshnessCheckOutput) ToImageFreshnessCheckOutputWithContext(ctx context.Context) ImageFreshnessCheckOutput

func (ImageFreshnessCheckOutput) ToImageFreshnessCheckPtrOutput added in v0.32.0 

func (o ImageFreshnessCheckOutput) ToImageFreshnessCheckPtrOutput() ImageFreshnessCheckPtrOutput

func (ImageFreshnessCheckOutput) ToImageFreshnessCheckPtrOutputWithContext added in v0.32.0 

func (o ImageFreshnessCheckOutput) ToImageFreshnessCheckPtrOutputWithContext(ctx context.Context) ImageFreshnessCheckPtrOutput

type ImageFreshnessCheckPtrInput added in v0.32.0 

type ImageFreshnessCheckPtrInput interface {
	pulumi.Input

	ToImageFreshnessCheckPtrOutput() ImageFreshnessCheckPtrOutput
	ToImageFreshnessCheckPtrOutputWithContext(context.Context) ImageFreshnessCheckPtrOutput
}

ImageFreshnessCheckPtrInput is an input type that accepts ImageFreshnessCheckArgs, ImageFreshnessCheckPtr and ImageFreshnessCheckPtrOutput values. You can construct a concrete instance of `ImageFreshnessCheckPtrInput` via: 

        ImageFreshnessCheckArgs{...}

or:

        nil

func ImageFreshnessCheckPtr added in v0.32.0 

func ImageFreshnessCheckPtr(v *ImageFreshnessCheckArgs) ImageFreshnessCheckPtrInput

type ImageFreshnessCheckPtrOutput added in v0.32.0 

type ImageFreshnessCheckPtrOutput struct{ *pulumi.OutputState }

func (ImageFreshnessCheckPtrOutput) Elem added in v0.32.0 

func (o ImageFreshnessCheckPtrOutput) Elem() ImageFreshnessCheckOutput

func (ImageFreshnessCheckPtrOutput) ElementType added in v0.32.0 

func (ImageFreshnessCheckPtrOutput) ElementType() reflect.Type

func (ImageFreshnessCheckPtrOutput) MaxUploadAgeDays added in v0.32.0 

func (o ImageFreshnessCheckPtrOutput) MaxUploadAgeDays() pulumi.IntPtrOutput

The max number of days that is allowed since the image was uploaded. Must be greater than zero.

func (ImageFreshnessCheckPtrOutput) ToImageFreshnessCheckPtrOutput added in v0.32.0 

func (o ImageFreshnessCheckPtrOutput) ToImageFreshnessCheckPtrOutput() ImageFreshnessCheckPtrOutput

func (ImageFreshnessCheckPtrOutput) ToImageFreshnessCheckPtrOutputWithContext added in v0.32.0 

func (o ImageFreshnessCheckPtrOutput) ToImageFreshnessCheckPtrOutputWithContext(ctx context.Context) ImageFreshnessCheckPtrOutput

type ImageFreshnessCheckResponse added in v0.32.0 

type ImageFreshnessCheckResponse struct {
	// The max number of days that is allowed since the image was uploaded. Must be greater than zero.
	MaxUploadAgeDays int `pulumi:"maxUploadAgeDays"`
}

An image freshness check, which rejects images that were uploaded before the set number of days ago to the supported repositories.

type ImageFreshnessCheckResponseOutput added in v0.32.0 

type ImageFreshnessCheckResponseOutput struct{ *pulumi.OutputState }

An image freshness check, which rejects images that were uploaded before the set number of days ago to the supported repositories.

func (ImageFreshnessCheckResponseOutput) ElementType added in v0.32.0 

func (ImageFreshnessCheckResponseOutput) ElementType() reflect.Type

func (ImageFreshnessCheckResponseOutput) MaxUploadAgeDays added in v0.32.0 

func (o ImageFreshnessCheckResponseOutput) MaxUploadAgeDays() pulumi.IntOutput

The max number of days that is allowed since the image was uploaded. Must be greater than zero.

func (ImageFreshnessCheckResponseOutput) ToImageFreshnessCheckResponseOutput added in v0.32.0 

func (o ImageFreshnessCheckResponseOutput) ToImageFreshnessCheckResponseOutput() ImageFreshnessCheckResponseOutput

func (ImageFreshnessCheckResponseOutput) ToImageFreshnessCheckResponseOutputWithContext added in v0.32.0 

func (o ImageFreshnessCheckResponseOutput) ToImageFreshnessCheckResponseOutputWithContext(ctx context.Context) ImageFreshnessCheckResponseOutput

type LookupAttestorArgs added in v0.4.0 

type LookupAttestorArgs struct {
	AttestorId string  `pulumi:"attestorId"`
	Project    *string `pulumi:"project"`
}

type LookupAttestorIamPolicyArgs added in v0.4.0 

type LookupAttestorIamPolicyArgs struct {
	AttestorId                    string  `pulumi:"attestorId"`
	OptionsRequestedPolicyVersion *int    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       *string `pulumi:"project"`
}

type LookupAttestorIamPolicyOutputArgs added in v0.8.0 

type LookupAttestorIamPolicyOutputArgs struct {
	AttestorId                    pulumi.StringInput    `pulumi:"attestorId"`
	OptionsRequestedPolicyVersion pulumi.IntPtrInput    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupAttestorIamPolicyOutputArgs) ElementType added in v0.8.0 

func (LookupAttestorIamPolicyOutputArgs) ElementType() reflect.Type

type LookupAttestorIamPolicyResult added in v0.4.0 

type LookupAttestorIamPolicyResult struct {
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings []BindingResponse `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag string `pulumi:"etag"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int `pulumi:"version"`
}

func LookupAttestorIamPolicy added in v0.4.0 

func LookupAttestorIamPolicy(ctx *pulumi.Context, args *LookupAttestorIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupAttestorIamPolicyResult, error)

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

type LookupAttestorIamPolicyResultOutput added in v0.8.0 

type LookupAttestorIamPolicyResultOutput struct{ *pulumi.OutputState }

func LookupAttestorIamPolicyOutput added in v0.8.0 

func LookupAttestorIamPolicyOutput(ctx *pulumi.Context, args LookupAttestorIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupAttestorIamPolicyResultOutput

func (LookupAttestorIamPolicyResultOutput) Bindings added in v0.8.0 

func (o LookupAttestorIamPolicyResultOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (LookupAttestorIamPolicyResultOutput) ElementType added in v0.8.0 

func (LookupAttestorIamPolicyResultOutput) ElementType() reflect.Type

func (LookupAttestorIamPolicyResultOutput) Etag added in v0.8.0 

func (o LookupAttestorIamPolicyResultOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (LookupAttestorIamPolicyResultOutput) ToLookupAttestorIamPolicyResultOutput added in v0.8.0 

func (o LookupAttestorIamPolicyResultOutput) ToLookupAttestorIamPolicyResultOutput() LookupAttestorIamPolicyResultOutput

func (LookupAttestorIamPolicyResultOutput) ToLookupAttestorIamPolicyResultOutputWithContext added in v0.8.0 

func (o LookupAttestorIamPolicyResultOutput) ToLookupAttestorIamPolicyResultOutputWithContext(ctx context.Context) LookupAttestorIamPolicyResultOutput

func (LookupAttestorIamPolicyResultOutput) Version added in v0.8.0 

func (o LookupAttestorIamPolicyResultOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type LookupAttestorOutputArgs added in v0.8.0 

type LookupAttestorOutputArgs struct {
	AttestorId pulumi.StringInput    `pulumi:"attestorId"`
	Project    pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupAttestorOutputArgs) ElementType added in v0.8.0 

func (LookupAttestorOutputArgs) ElementType() reflect.Type

type LookupAttestorResult added in v0.4.0 

type LookupAttestorResult struct {
	// Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
	Description string `pulumi:"description"`
	// Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
	Etag string `pulumi:"etag"`
	// The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.
	Name string `pulumi:"name"`
	// Time when the attestor was last updated.
	UpdateTime string `pulumi:"updateTime"`
	// This specifies how an attestation will be read, and how it will be used during policy enforcement.
	UserOwnedGrafeasNote UserOwnedGrafeasNoteResponse `pulumi:"userOwnedGrafeasNote"`
}

func LookupAttestor added in v0.4.0 

func LookupAttestor(ctx *pulumi.Context, args *LookupAttestorArgs, opts ...pulumi.InvokeOption) (*LookupAttestorResult, error)

Gets an attestor. Returns `NOT_FOUND` if the attestor does not exist.

type LookupAttestorResultOutput added in v0.8.0 

type LookupAttestorResultOutput struct{ *pulumi.OutputState }

func LookupAttestorOutput added in v0.8.0 

func LookupAttestorOutput(ctx *pulumi.Context, args LookupAttestorOutputArgs, opts ...pulumi.InvokeOption) LookupAttestorResultOutput

func (LookupAttestorResultOutput) Description added in v0.8.0 

func (o LookupAttestorResultOutput) Description() pulumi.StringOutput

Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

func (LookupAttestorResultOutput) ElementType added in v0.8.0 

func (LookupAttestorResultOutput) ElementType() reflect.Type

func (LookupAttestorResultOutput) Etag added in v0.16.0 

func (o LookupAttestorResultOutput) Etag() pulumi.StringOutput

Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.

func (LookupAttestorResultOutput) Name added in v0.8.0 

func (o LookupAttestorResultOutput) Name() pulumi.StringOutput

The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.

func (LookupAttestorResultOutput) ToLookupAttestorResultOutput added in v0.8.0 

func (o LookupAttestorResultOutput) ToLookupAttestorResultOutput() LookupAttestorResultOutput

func (LookupAttestorResultOutput) ToLookupAttestorResultOutputWithContext added in v0.8.0 

func (o LookupAttestorResultOutput) ToLookupAttestorResultOutputWithContext(ctx context.Context) LookupAttestorResultOutput

func (LookupAttestorResultOutput) UpdateTime added in v0.8.0 

func (o LookupAttestorResultOutput) UpdateTime() pulumi.StringOutput

Time when the attestor was last updated.

func (LookupAttestorResultOutput) UserOwnedGrafeasNote added in v0.8.0 

func (o LookupAttestorResultOutput) UserOwnedGrafeasNote() UserOwnedGrafeasNoteResponseOutput

This specifies how an attestation will be read, and how it will be used during policy enforcement.

type LookupPolicyArgs added in v0.32.0 

type LookupPolicyArgs struct {
	PlatformId string  `pulumi:"platformId"`
	PolicyId   string  `pulumi:"policyId"`
	Project    *string `pulumi:"project"`
}

type LookupPolicyIamPolicyArgs added in v0.4.0 

type LookupPolicyIamPolicyArgs struct {
	OptionsRequestedPolicyVersion *int    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       *string `pulumi:"project"`
}

type LookupPolicyIamPolicyOutputArgs added in v0.8.0 

type LookupPolicyIamPolicyOutputArgs struct {
	OptionsRequestedPolicyVersion pulumi.IntPtrInput    `pulumi:"optionsRequestedPolicyVersion"`
	Project                       pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupPolicyIamPolicyOutputArgs) ElementType added in v0.8.0 

func (LookupPolicyIamPolicyOutputArgs) ElementType() reflect.Type

type LookupPolicyIamPolicyResult added in v0.4.0 

type LookupPolicyIamPolicyResult struct {
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings []BindingResponse `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag string `pulumi:"etag"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version int `pulumi:"version"`
}

func LookupPolicyIamPolicy added in v0.4.0 

func LookupPolicyIamPolicy(ctx *pulumi.Context, args *LookupPolicyIamPolicyArgs, opts ...pulumi.InvokeOption) (*LookupPolicyIamPolicyResult, error)

Gets the access control policy for a resource. Returns an empty policy if the resource exists and does not have a policy set.

type LookupPolicyIamPolicyResultOutput added in v0.8.0 

type LookupPolicyIamPolicyResultOutput struct{ *pulumi.OutputState }

func LookupPolicyIamPolicyOutput added in v0.8.0 

func LookupPolicyIamPolicyOutput(ctx *pulumi.Context, args LookupPolicyIamPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupPolicyIamPolicyResultOutput

func (LookupPolicyIamPolicyResultOutput) Bindings added in v0.8.0 

func (o LookupPolicyIamPolicyResultOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (LookupPolicyIamPolicyResultOutput) ElementType added in v0.8.0 

func (LookupPolicyIamPolicyResultOutput) ElementType() reflect.Type

func (LookupPolicyIamPolicyResultOutput) Etag added in v0.8.0 

func (o LookupPolicyIamPolicyResultOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (LookupPolicyIamPolicyResultOutput) ToLookupPolicyIamPolicyResultOutput added in v0.8.0 

func (o LookupPolicyIamPolicyResultOutput) ToLookupPolicyIamPolicyResultOutput() LookupPolicyIamPolicyResultOutput

func (LookupPolicyIamPolicyResultOutput) ToLookupPolicyIamPolicyResultOutputWithContext added in v0.8.0 

func (o LookupPolicyIamPolicyResultOutput) ToLookupPolicyIamPolicyResultOutputWithContext(ctx context.Context) LookupPolicyIamPolicyResultOutput

func (LookupPolicyIamPolicyResultOutput) Version added in v0.8.0 

func (o LookupPolicyIamPolicyResultOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type LookupPolicyOutputArgs added in v0.32.0 

type LookupPolicyOutputArgs struct {
	PlatformId pulumi.StringInput    `pulumi:"platformId"`
	PolicyId   pulumi.StringInput    `pulumi:"policyId"`
	Project    pulumi.StringPtrInput `pulumi:"project"`
}

func (LookupPolicyOutputArgs) ElementType added in v0.32.0 

func (LookupPolicyOutputArgs) ElementType() reflect.Type

type LookupPolicyResult added in v0.32.0 

type LookupPolicyResult struct {
	// Optional. A description comment about the policy.
	Description string `pulumi:"description"`
	// Optional. GKE platform-specific policy.
	GkePolicy GkePolicyResponse `pulumi:"gkePolicy"`
	// The relative resource name of the Binary Authorization platform policy, in the form of `projects/*/platforms/*/policies/*`.
	Name string `pulumi:"name"`
	// Time when the policy was last updated.
	UpdateTime string `pulumi:"updateTime"`
}

func LookupPolicy added in v0.32.0 

func LookupPolicy(ctx *pulumi.Context, args *LookupPolicyArgs, opts ...pulumi.InvokeOption) (*LookupPolicyResult, error)

Gets a platform policy. Returns `NOT_FOUND` if the policy doesn't exist.

type LookupPolicyResultOutput added in v0.32.0 

type LookupPolicyResultOutput struct{ *pulumi.OutputState }

func LookupPolicyOutput added in v0.32.0 

func LookupPolicyOutput(ctx *pulumi.Context, args LookupPolicyOutputArgs, opts ...pulumi.InvokeOption) LookupPolicyResultOutput

func (LookupPolicyResultOutput) Description added in v0.32.0 

func (o LookupPolicyResultOutput) Description() pulumi.StringOutput

Optional. A description comment about the policy.

func (LookupPolicyResultOutput) ElementType added in v0.32.0 

func (LookupPolicyResultOutput) ElementType() reflect.Type

func (LookupPolicyResultOutput) GkePolicy added in v0.32.0 

func (o LookupPolicyResultOutput) GkePolicy() GkePolicyResponseOutput

Optional. GKE platform-specific policy.

func (LookupPolicyResultOutput) Name added in v0.32.0 

func (o LookupPolicyResultOutput) Name() pulumi.StringOutput

The relative resource name of the Binary Authorization platform policy, in the form of `projects/*/platforms/*/policies/*`.

func (LookupPolicyResultOutput) ToLookupPolicyResultOutput added in v0.32.0 

func (o LookupPolicyResultOutput) ToLookupPolicyResultOutput() LookupPolicyResultOutput

func (LookupPolicyResultOutput) ToLookupPolicyResultOutputWithContext added in v0.32.0 

func (o LookupPolicyResultOutput) ToLookupPolicyResultOutputWithContext(ctx context.Context) LookupPolicyResultOutput

func (LookupPolicyResultOutput) UpdateTime added in v0.32.0 

func (o LookupPolicyResultOutput) UpdateTime() pulumi.StringOutput

Time when the policy was last updated.

type PkixPublicKey 

type PkixPublicKey struct {
	// Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If `key_id` is left blank and this `PkixPublicKey` is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this `PkixPublicKey` is used in the context of a wrapper that has its own notion of key ID (e.g. `AttestorPublicKey`), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
	KeyId *string `pulumi:"keyId"`
	// A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
	PublicKeyPem *string `pulumi:"publicKeyPem"`
	// The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).
	SignatureAlgorithm *PkixPublicKeySignatureAlgorithm `pulumi:"signatureAlgorithm"`
}

A public key in the PkixPublicKey [format](https://tools.ietf.org/html/rfc5280#section-4.1.2.7). Public keys of this type are typically textually encoded using the PEM format.

type PkixPublicKeyArgs 

type PkixPublicKeyArgs struct {
	// Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If `key_id` is left blank and this `PkixPublicKey` is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this `PkixPublicKey` is used in the context of a wrapper that has its own notion of key ID (e.g. `AttestorPublicKey`), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
	KeyId pulumi.StringPtrInput `pulumi:"keyId"`
	// A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
	PublicKeyPem pulumi.StringPtrInput `pulumi:"publicKeyPem"`
	// The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).
	SignatureAlgorithm PkixPublicKeySignatureAlgorithmPtrInput `pulumi:"signatureAlgorithm"`
}

A public key in the PkixPublicKey [format](https://tools.ietf.org/html/rfc5280#section-4.1.2.7). Public keys of this type are typically textually encoded using the PEM format.

func (PkixPublicKeyArgs) ElementType 

func (PkixPublicKeyArgs) ElementType() reflect.Type

func (PkixPublicKeyArgs) ToPkixPublicKeyOutput 

func (i PkixPublicKeyArgs) ToPkixPublicKeyOutput() PkixPublicKeyOutput

func (PkixPublicKeyArgs) ToPkixPublicKeyOutputWithContext 

func (i PkixPublicKeyArgs) ToPkixPublicKeyOutputWithContext(ctx context.Context) PkixPublicKeyOutput

func (PkixPublicKeyArgs) ToPkixPublicKeyPtrOutput 

func (i PkixPublicKeyArgs) ToPkixPublicKeyPtrOutput() PkixPublicKeyPtrOutput

func (PkixPublicKeyArgs) ToPkixPublicKeyPtrOutputWithContext 

func (i PkixPublicKeyArgs) ToPkixPublicKeyPtrOutputWithContext(ctx context.Context) PkixPublicKeyPtrOutput

type PkixPublicKeyArray added in v0.32.0 

type PkixPublicKeyArray []PkixPublicKeyInput

func (PkixPublicKeyArray) ElementType added in v0.32.0 

func (PkixPublicKeyArray) ElementType() reflect.Type

func (PkixPublicKeyArray) ToPkixPublicKeyArrayOutput added in v0.32.0 

func (i PkixPublicKeyArray) ToPkixPublicKeyArrayOutput() PkixPublicKeyArrayOutput

func (PkixPublicKeyArray) ToPkixPublicKeyArrayOutputWithContext added in v0.32.0 

func (i PkixPublicKeyArray) ToPkixPublicKeyArrayOutputWithContext(ctx context.Context) PkixPublicKeyArrayOutput

type PkixPublicKeyArrayInput added in v0.32.0 

type PkixPublicKeyArrayInput interface {
	pulumi.Input

	ToPkixPublicKeyArrayOutput() PkixPublicKeyArrayOutput
	ToPkixPublicKeyArrayOutputWithContext(context.Context) PkixPublicKeyArrayOutput
}

PkixPublicKeyArrayInput is an input type that accepts PkixPublicKeyArray and PkixPublicKeyArrayOutput values. You can construct a concrete instance of `PkixPublicKeyArrayInput` via: 

PkixPublicKeyArray{ PkixPublicKeyArgs{...} }

type PkixPublicKeyArrayOutput added in v0.32.0 

type PkixPublicKeyArrayOutput struct{ *pulumi.OutputState }

func (PkixPublicKeyArrayOutput) ElementType added in v0.32.0 

func (PkixPublicKeyArrayOutput) ElementType() reflect.Type

func (PkixPublicKeyArrayOutput) Index added in v0.32.0 

func (o PkixPublicKeyArrayOutput) Index(i pulumi.IntInput) PkixPublicKeyOutput

func (PkixPublicKeyArrayOutput) ToPkixPublicKeyArrayOutput added in v0.32.0 

func (o PkixPublicKeyArrayOutput) ToPkixPublicKeyArrayOutput() PkixPublicKeyArrayOutput

func (PkixPublicKeyArrayOutput) ToPkixPublicKeyArrayOutputWithContext added in v0.32.0 

func (o PkixPublicKeyArrayOutput) ToPkixPublicKeyArrayOutputWithContext(ctx context.Context) PkixPublicKeyArrayOutput

type PkixPublicKeyInput 

type PkixPublicKeyInput interface {
	pulumi.Input

	ToPkixPublicKeyOutput() PkixPublicKeyOutput
	ToPkixPublicKeyOutputWithContext(context.Context) PkixPublicKeyOutput
}

PkixPublicKeyInput is an input type that accepts PkixPublicKeyArgs and PkixPublicKeyOutput values. You can construct a concrete instance of `PkixPublicKeyInput` via: 

PkixPublicKeyArgs{...}

type PkixPublicKeyOutput 

type PkixPublicKeyOutput struct{ *pulumi.OutputState }

A public key in the PkixPublicKey [format](https://tools.ietf.org/html/rfc5280#section-4.1.2.7). Public keys of this type are typically textually encoded using the PEM format.

func (PkixPublicKeyOutput) ElementType 

func (PkixPublicKeyOutput) ElementType() reflect.Type

func (PkixPublicKeyOutput) KeyId added in v0.32.0 

func (o PkixPublicKeyOutput) KeyId() pulumi.StringPtrOutput

Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If `key_id` is left blank and this `PkixPublicKey` is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this `PkixPublicKey` is used in the context of a wrapper that has its own notion of key ID (e.g. `AttestorPublicKey`), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.

func (PkixPublicKeyOutput) PublicKeyPem 

func (o PkixPublicKeyOutput) PublicKeyPem() pulumi.StringPtrOutput

A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

func (PkixPublicKeyOutput) SignatureAlgorithm 

func (o PkixPublicKeyOutput) SignatureAlgorithm() PkixPublicKeySignatureAlgorithmPtrOutput

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).

func (PkixPublicKeyOutput) ToPkixPublicKeyOutput 

func (o PkixPublicKeyOutput) ToPkixPublicKeyOutput() PkixPublicKeyOutput

func (PkixPublicKeyOutput) ToPkixPublicKeyOutputWithContext 

func (o PkixPublicKeyOutput) ToPkixPublicKeyOutputWithContext(ctx context.Context) PkixPublicKeyOutput

func (PkixPublicKeyOutput) ToPkixPublicKeyPtrOutput 

func (o PkixPublicKeyOutput) ToPkixPublicKeyPtrOutput() PkixPublicKeyPtrOutput

func (PkixPublicKeyOutput) ToPkixPublicKeyPtrOutputWithContext 

func (o PkixPublicKeyOutput) ToPkixPublicKeyPtrOutputWithContext(ctx context.Context) PkixPublicKeyPtrOutput

type PkixPublicKeyPtrInput 

type PkixPublicKeyPtrInput interface {
	pulumi.Input

	ToPkixPublicKeyPtrOutput() PkixPublicKeyPtrOutput
	ToPkixPublicKeyPtrOutputWithContext(context.Context) PkixPublicKeyPtrOutput
}

PkixPublicKeyPtrInput is an input type that accepts PkixPublicKeyArgs, PkixPublicKeyPtr and PkixPublicKeyPtrOutput values. You can construct a concrete instance of `PkixPublicKeyPtrInput` via: 

        PkixPublicKeyArgs{...}

or:

        nil

func PkixPublicKeyPtr 

func PkixPublicKeyPtr(v *PkixPublicKeyArgs) PkixPublicKeyPtrInput

type PkixPublicKeyPtrOutput 

type PkixPublicKeyPtrOutput struct{ *pulumi.OutputState }

func (PkixPublicKeyPtrOutput) Elem 

func (o PkixPublicKeyPtrOutput) Elem() PkixPublicKeyOutput

func (PkixPublicKeyPtrOutput) ElementType 

func (PkixPublicKeyPtrOutput) ElementType() reflect.Type

func (PkixPublicKeyPtrOutput) KeyId added in v0.32.0 

func (o PkixPublicKeyPtrOutput) KeyId() pulumi.StringPtrOutput

Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If `key_id` is left blank and this `PkixPublicKey` is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this `PkixPublicKey` is used in the context of a wrapper that has its own notion of key ID (e.g. `AttestorPublicKey`), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.

func (PkixPublicKeyPtrOutput) PublicKeyPem 

func (o PkixPublicKeyPtrOutput) PublicKeyPem() pulumi.StringPtrOutput

A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

func (PkixPublicKeyPtrOutput) SignatureAlgorithm 

func (o PkixPublicKeyPtrOutput) SignatureAlgorithm() PkixPublicKeySignatureAlgorithmPtrOutput

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).

func (PkixPublicKeyPtrOutput) ToPkixPublicKeyPtrOutput 

func (o PkixPublicKeyPtrOutput) ToPkixPublicKeyPtrOutput() PkixPublicKeyPtrOutput

func (PkixPublicKeyPtrOutput) ToPkixPublicKeyPtrOutputWithContext 

func (o PkixPublicKeyPtrOutput) ToPkixPublicKeyPtrOutputWithContext(ctx context.Context) PkixPublicKeyPtrOutput

type PkixPublicKeyResponse 

type PkixPublicKeyResponse struct {
	// Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If `key_id` is left blank and this `PkixPublicKey` is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this `PkixPublicKey` is used in the context of a wrapper that has its own notion of key ID (e.g. `AttestorPublicKey`), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
	KeyId string `pulumi:"keyId"`
	// A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
	PublicKeyPem string `pulumi:"publicKeyPem"`
	// The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).
	SignatureAlgorithm string `pulumi:"signatureAlgorithm"`
}

A public key in the PkixPublicKey [format](https://tools.ietf.org/html/rfc5280#section-4.1.2.7). Public keys of this type are typically textually encoded using the PEM format.

type PkixPublicKeyResponseArrayOutput added in v0.32.0 

type PkixPublicKeyResponseArrayOutput struct{ *pulumi.OutputState }

func (PkixPublicKeyResponseArrayOutput) ElementType added in v0.32.0 

func (PkixPublicKeyResponseArrayOutput) ElementType() reflect.Type

func (PkixPublicKeyResponseArrayOutput) Index added in v0.32.0 

func (o PkixPublicKeyResponseArrayOutput) Index(i pulumi.IntInput) PkixPublicKeyResponseOutput

func (PkixPublicKeyResponseArrayOutput) ToPkixPublicKeyResponseArrayOutput added in v0.32.0 

func (o PkixPublicKeyResponseArrayOutput) ToPkixPublicKeyResponseArrayOutput() PkixPublicKeyResponseArrayOutput

func (PkixPublicKeyResponseArrayOutput) ToPkixPublicKeyResponseArrayOutputWithContext added in v0.32.0 

func (o PkixPublicKeyResponseArrayOutput) ToPkixPublicKeyResponseArrayOutputWithContext(ctx context.Context) PkixPublicKeyResponseArrayOutput

type PkixPublicKeyResponseOutput 

type PkixPublicKeyResponseOutput struct{ *pulumi.OutputState }

A public key in the PkixPublicKey [format](https://tools.ietf.org/html/rfc5280#section-4.1.2.7). Public keys of this type are typically textually encoded using the PEM format.

func (PkixPublicKeyResponseOutput) ElementType 

func (PkixPublicKeyResponseOutput) ElementType() reflect.Type

func (PkixPublicKeyResponseOutput) KeyId added in v0.32.0 

func (o PkixPublicKeyResponseOutput) KeyId() pulumi.StringOutput

Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. This may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If `key_id` is left blank and this `PkixPublicKey` is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this `PkixPublicKey` is used in the context of a wrapper that has its own notion of key ID (e.g. `AttestorPublicKey`), then this field can either: * Match that value exactly. * Or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.

func (PkixPublicKeyResponseOutput) PublicKeyPem 

func (o PkixPublicKeyResponseOutput) PublicKeyPem() pulumi.StringOutput

A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13

func (PkixPublicKeyResponseOutput) SignatureAlgorithm 

func (o PkixPublicKeyResponseOutput) SignatureAlgorithm() pulumi.StringOutput

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).

func (PkixPublicKeyResponseOutput) ToPkixPublicKeyResponseOutput 

func (o PkixPublicKeyResponseOutput) ToPkixPublicKeyResponseOutput() PkixPublicKeyResponseOutput

func (PkixPublicKeyResponseOutput) ToPkixPublicKeyResponseOutputWithContext 

func (o PkixPublicKeyResponseOutput) ToPkixPublicKeyResponseOutputWithContext(ctx context.Context) PkixPublicKeyResponseOutput

type PkixPublicKeySet added in v0.32.0 

type PkixPublicKeySet struct {
	// `pkix_public_keys` must have at least one entry.
	PkixPublicKeys []PkixPublicKey `pulumi:"pkixPublicKeys"`
}

A bundle of PKIX public keys, used to authenticate attestation signatures. Generally, a signature is considered to be authenticated by a `PkixPublicKeySet` if any of the public keys verify it (i.e. it is an "OR" of the keys).

type PkixPublicKeySetArgs added in v0.32.0 

type PkixPublicKeySetArgs struct {
	// `pkix_public_keys` must have at least one entry.
	PkixPublicKeys PkixPublicKeyArrayInput `pulumi:"pkixPublicKeys"`
}

A bundle of PKIX public keys, used to authenticate attestation signatures. Generally, a signature is considered to be authenticated by a `PkixPublicKeySet` if any of the public keys verify it (i.e. it is an "OR" of the keys).

func (PkixPublicKeySetArgs) ElementType added in v0.32.0 

func (PkixPublicKeySetArgs) ElementType() reflect.Type

func (PkixPublicKeySetArgs) ToPkixPublicKeySetOutput added in v0.32.0 

func (i PkixPublicKeySetArgs) ToPkixPublicKeySetOutput() PkixPublicKeySetOutput

func (PkixPublicKeySetArgs) ToPkixPublicKeySetOutputWithContext added in v0.32.0 

func (i PkixPublicKeySetArgs) ToPkixPublicKeySetOutputWithContext(ctx context.Context) PkixPublicKeySetOutput

func (PkixPublicKeySetArgs) ToPkixPublicKeySetPtrOutput added in v0.32.0 

func (i PkixPublicKeySetArgs) ToPkixPublicKeySetPtrOutput() PkixPublicKeySetPtrOutput

func (PkixPublicKeySetArgs) ToPkixPublicKeySetPtrOutputWithContext added in v0.32.0 

func (i PkixPublicKeySetArgs) ToPkixPublicKeySetPtrOutputWithContext(ctx context.Context) PkixPublicKeySetPtrOutput

type PkixPublicKeySetInput added in v0.32.0 

type PkixPublicKeySetInput interface {
	pulumi.Input

	ToPkixPublicKeySetOutput() PkixPublicKeySetOutput
	ToPkixPublicKeySetOutputWithContext(context.Context) PkixPublicKeySetOutput
}

PkixPublicKeySetInput is an input type that accepts PkixPublicKeySetArgs and PkixPublicKeySetOutput values. You can construct a concrete instance of `PkixPublicKeySetInput` via: 

PkixPublicKeySetArgs{...}

type PkixPublicKeySetOutput added in v0.32.0 

type PkixPublicKeySetOutput struct{ *pulumi.OutputState }

A bundle of PKIX public keys, used to authenticate attestation signatures. Generally, a signature is considered to be authenticated by a `PkixPublicKeySet` if any of the public keys verify it (i.e. it is an "OR" of the keys).

func (PkixPublicKeySetOutput) ElementType added in v0.32.0 

func (PkixPublicKeySetOutput) ElementType() reflect.Type

func (PkixPublicKeySetOutput) PkixPublicKeys added in v0.32.0 

func (o PkixPublicKeySetOutput) PkixPublicKeys() PkixPublicKeyArrayOutput

`pkix_public_keys` must have at least one entry.

func (PkixPublicKeySetOutput) ToPkixPublicKeySetOutput added in v0.32.0 

func (o PkixPublicKeySetOutput) ToPkixPublicKeySetOutput() PkixPublicKeySetOutput

func (PkixPublicKeySetOutput) ToPkixPublicKeySetOutputWithContext added in v0.32.0 

func (o PkixPublicKeySetOutput) ToPkixPublicKeySetOutputWithContext(ctx context.Context) PkixPublicKeySetOutput

func (PkixPublicKeySetOutput) ToPkixPublicKeySetPtrOutput added in v0.32.0 

func (o PkixPublicKeySetOutput) ToPkixPublicKeySetPtrOutput() PkixPublicKeySetPtrOutput

func (PkixPublicKeySetOutput) ToPkixPublicKeySetPtrOutputWithContext added in v0.32.0 

func (o PkixPublicKeySetOutput) ToPkixPublicKeySetPtrOutputWithContext(ctx context.Context) PkixPublicKeySetPtrOutput

type PkixPublicKeySetPtrInput added in v0.32.0 

type PkixPublicKeySetPtrInput interface {
	pulumi.Input

	ToPkixPublicKeySetPtrOutput() PkixPublicKeySetPtrOutput
	ToPkixPublicKeySetPtrOutputWithContext(context.Context) PkixPublicKeySetPtrOutput
}

PkixPublicKeySetPtrInput is an input type that accepts PkixPublicKeySetArgs, PkixPublicKeySetPtr and PkixPublicKeySetPtrOutput values. You can construct a concrete instance of `PkixPublicKeySetPtrInput` via: 

        PkixPublicKeySetArgs{...}

or:

        nil

func PkixPublicKeySetPtr added in v0.32.0 

func PkixPublicKeySetPtr(v *PkixPublicKeySetArgs) PkixPublicKeySetPtrInput

type PkixPublicKeySetPtrOutput added in v0.32.0 

type PkixPublicKeySetPtrOutput struct{ *pulumi.OutputState }

func (PkixPublicKeySetPtrOutput) Elem added in v0.32.0 

func (o PkixPublicKeySetPtrOutput) Elem() PkixPublicKeySetOutput

func (PkixPublicKeySetPtrOutput) ElementType added in v0.32.0 

func (PkixPublicKeySetPtrOutput) ElementType() reflect.Type

func (PkixPublicKeySetPtrOutput) PkixPublicKeys added in v0.32.0 

func (o PkixPublicKeySetPtrOutput) PkixPublicKeys() PkixPublicKeyArrayOutput

`pkix_public_keys` must have at least one entry.

func (PkixPublicKeySetPtrOutput) ToPkixPublicKeySetPtrOutput added in v0.32.0 

func (o PkixPublicKeySetPtrOutput) ToPkixPublicKeySetPtrOutput() PkixPublicKeySetPtrOutput

func (PkixPublicKeySetPtrOutput) ToPkixPublicKeySetPtrOutputWithContext added in v0.32.0 

func (o PkixPublicKeySetPtrOutput) ToPkixPublicKeySetPtrOutputWithContext(ctx context.Context) PkixPublicKeySetPtrOutput

type PkixPublicKeySetResponse added in v0.32.0 

type PkixPublicKeySetResponse struct {
	// `pkix_public_keys` must have at least one entry.
	PkixPublicKeys []PkixPublicKeyResponse `pulumi:"pkixPublicKeys"`
}

A bundle of PKIX public keys, used to authenticate attestation signatures. Generally, a signature is considered to be authenticated by a `PkixPublicKeySet` if any of the public keys verify it (i.e. it is an "OR" of the keys).

type PkixPublicKeySetResponseOutput added in v0.32.0 

type PkixPublicKeySetResponseOutput struct{ *pulumi.OutputState }

A bundle of PKIX public keys, used to authenticate attestation signatures. Generally, a signature is considered to be authenticated by a `PkixPublicKeySet` if any of the public keys verify it (i.e. it is an "OR" of the keys).

func (PkixPublicKeySetResponseOutput) ElementType added in v0.32.0 

func (PkixPublicKeySetResponseOutput) ElementType() reflect.Type

func (PkixPublicKeySetResponseOutput) PkixPublicKeys added in v0.32.0 

func (o PkixPublicKeySetResponseOutput) PkixPublicKeys() PkixPublicKeyResponseArrayOutput

`pkix_public_keys` must have at least one entry.

func (PkixPublicKeySetResponseOutput) ToPkixPublicKeySetResponseOutput added in v0.32.0 

func (o PkixPublicKeySetResponseOutput) ToPkixPublicKeySetResponseOutput() PkixPublicKeySetResponseOutput

func (PkixPublicKeySetResponseOutput) ToPkixPublicKeySetResponseOutputWithContext added in v0.32.0 

func (o PkixPublicKeySetResponseOutput) ToPkixPublicKeySetResponseOutputWithContext(ctx context.Context) PkixPublicKeySetResponseOutput

type PkixPublicKeySignatureAlgorithm added in v0.4.0 

type PkixPublicKeySignatureAlgorithm string

The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in `public_key_pem` (i.e. this algorithm must match that of the public key).

func (PkixPublicKeySignatureAlgorithm) ElementType added in v0.4.0 

func (PkixPublicKeySignatureAlgorithm) ElementType() reflect.Type

func (PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmOutput added in v0.6.0 

func (e PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmOutput() PkixPublicKeySignatureAlgorithmOutput

func (PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmOutputWithContext added in v0.6.0 

func (e PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmOutputWithContext(ctx context.Context) PkixPublicKeySignatureAlgorithmOutput

func (PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmPtrOutput added in v0.6.0 

func (e PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmPtrOutput() PkixPublicKeySignatureAlgorithmPtrOutput

func (PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext added in v0.6.0 

func (e PkixPublicKeySignatureAlgorithm) ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext(ctx context.Context) PkixPublicKeySignatureAlgorithmPtrOutput

func (PkixPublicKeySignatureAlgorithm) ToStringOutput added in v0.4.0 

func (e PkixPublicKeySignatureAlgorithm) ToStringOutput() pulumi.StringOutput

func (PkixPublicKeySignatureAlgorithm) ToStringOutputWithContext added in v0.4.0 

func (e PkixPublicKeySignatureAlgorithm) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (PkixPublicKeySignatureAlgorithm) ToStringPtrOutput added in v0.4.0 

func (e PkixPublicKeySignatureAlgorithm) ToStringPtrOutput() pulumi.StringPtrOutput

func (PkixPublicKeySignatureAlgorithm) ToStringPtrOutputWithContext added in v0.4.0 

func (e PkixPublicKeySignatureAlgorithm) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type PkixPublicKeySignatureAlgorithmInput added in v0.6.0 

type PkixPublicKeySignatureAlgorithmInput interface {
	pulumi.Input

	ToPkixPublicKeySignatureAlgorithmOutput() PkixPublicKeySignatureAlgorithmOutput
	ToPkixPublicKeySignatureAlgorithmOutputWithContext(context.Context) PkixPublicKeySignatureAlgorithmOutput
}

PkixPublicKeySignatureAlgorithmInput is an input type that accepts PkixPublicKeySignatureAlgorithmArgs and PkixPublicKeySignatureAlgorithmOutput values. You can construct a concrete instance of `PkixPublicKeySignatureAlgorithmInput` via: 

PkixPublicKeySignatureAlgorithmArgs{...}

type PkixPublicKeySignatureAlgorithmOutput added in v0.6.0 

type PkixPublicKeySignatureAlgorithmOutput struct{ *pulumi.OutputState }

func (PkixPublicKeySignatureAlgorithmOutput) ElementType added in v0.6.0 

func (PkixPublicKeySignatureAlgorithmOutput) ElementType() reflect.Type

func (PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmOutput added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmOutput() PkixPublicKeySignatureAlgorithmOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmOutputWithContext added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmOutputWithContext(ctx context.Context) PkixPublicKeySignatureAlgorithmOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmPtrOutput added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmPtrOutput() PkixPublicKeySignatureAlgorithmPtrOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext(ctx context.Context) PkixPublicKeySignatureAlgorithmPtrOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToStringOutput added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToStringOutput() pulumi.StringOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToStringOutputWithContext added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToStringPtrOutput added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (PkixPublicKeySignatureAlgorithmOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type PkixPublicKeySignatureAlgorithmPtrInput added in v0.6.0 

type PkixPublicKeySignatureAlgorithmPtrInput interface {
	pulumi.Input

	ToPkixPublicKeySignatureAlgorithmPtrOutput() PkixPublicKeySignatureAlgorithmPtrOutput
	ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext(context.Context) PkixPublicKeySignatureAlgorithmPtrOutput
}

func PkixPublicKeySignatureAlgorithmPtr added in v0.6.0 

func PkixPublicKeySignatureAlgorithmPtr(v string) PkixPublicKeySignatureAlgorithmPtrInput

type PkixPublicKeySignatureAlgorithmPtrOutput added in v0.6.0 

type PkixPublicKeySignatureAlgorithmPtrOutput struct{ *pulumi.OutputState }

func (PkixPublicKeySignatureAlgorithmPtrOutput) Elem added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmPtrOutput) Elem() PkixPublicKeySignatureAlgorithmOutput

func (PkixPublicKeySignatureAlgorithmPtrOutput) ElementType added in v0.6.0 

func (PkixPublicKeySignatureAlgorithmPtrOutput) ElementType() reflect.Type

func (PkixPublicKeySignatureAlgorithmPtrOutput) ToPkixPublicKeySignatureAlgorithmPtrOutput added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmPtrOutput) ToPkixPublicKeySignatureAlgorithmPtrOutput() PkixPublicKeySignatureAlgorithmPtrOutput

func (PkixPublicKeySignatureAlgorithmPtrOutput) ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmPtrOutput) ToPkixPublicKeySignatureAlgorithmPtrOutputWithContext(ctx context.Context) PkixPublicKeySignatureAlgorithmPtrOutput

func (PkixPublicKeySignatureAlgorithmPtrOutput) ToStringPtrOutput added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (PkixPublicKeySignatureAlgorithmPtrOutput) ToStringPtrOutputWithContext added in v0.6.0 

func (o PkixPublicKeySignatureAlgorithmPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

type Policy added in v0.32.0 

type Policy struct {
	pulumi.CustomResourceState

	// Optional. A description comment about the policy.
	Description pulumi.StringOutput `pulumi:"description"`
	// Optional. GKE platform-specific policy.
	GkePolicy GkePolicyResponseOutput `pulumi:"gkePolicy"`
	// The relative resource name of the Binary Authorization platform policy, in the form of `projects/*/platforms/*/policies/*`.
	Name       pulumi.StringOutput `pulumi:"name"`
	PlatformId pulumi.StringOutput `pulumi:"platformId"`
	// Required. The platform policy ID.
	PolicyId pulumi.StringOutput `pulumi:"policyId"`
	Project  pulumi.StringOutput `pulumi:"project"`
	// Time when the policy was last updated.
	UpdateTime pulumi.StringOutput `pulumi:"updateTime"`
}

Creates a platform policy, and returns a copy of it. Returns `NOT_FOUND` if the project or platform doesn't exist, `INVALID_ARGUMENT` if the request is malformed, `ALREADY_EXISTS` if the policy already exists, and `INVALID_ARGUMENT` if the policy contains a platform-specific policy that does not match the platform value specified in the URL. Auto-naming is currently not supported for this resource.

func GetPolicy added in v0.32.0 

func GetPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyState, opts ...pulumi.ResourceOption) (*Policy, error)

GetPolicy gets an existing Policy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicy added in v0.32.0 

func NewPolicy(ctx *pulumi.Context,
	name string, args *PolicyArgs, opts ...pulumi.ResourceOption) (*Policy, error)

NewPolicy registers a new resource with the given unique name, arguments, and options.

func (*Policy) ElementType added in v0.32.0 

func (*Policy) ElementType() reflect.Type

func (*Policy) ToPolicyOutput added in v0.32.0 

func (i *Policy) ToPolicyOutput() PolicyOutput

func (*Policy) ToPolicyOutputWithContext added in v0.32.0 

func (i *Policy) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

type PolicyArgs added in v0.32.0 

type PolicyArgs struct {
	// Optional. A description comment about the policy.
	Description pulumi.StringPtrInput
	// Optional. GKE platform-specific policy.
	GkePolicy  GkePolicyPtrInput
	PlatformId pulumi.StringInput
	// Required. The platform policy ID.
	PolicyId pulumi.StringInput
	Project  pulumi.StringPtrInput
}

The set of arguments for constructing a Policy resource.

func (PolicyArgs) ElementType added in v0.32.0 

func (PolicyArgs) ElementType() reflect.Type

type PolicyIamBinding added in v0.26.0 

type PolicyIamBinding struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetPolicyIamBinding added in v0.26.0 

func GetPolicyIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyIamBindingState, opts ...pulumi.ResourceOption) (*PolicyIamBinding, error)

GetPolicyIamBinding gets an existing PolicyIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicyIamBinding added in v0.26.0 

func NewPolicyIamBinding(ctx *pulumi.Context,
	name string, args *PolicyIamBindingArgs, opts ...pulumi.ResourceOption) (*PolicyIamBinding, error)

NewPolicyIamBinding registers a new resource with the given unique name, arguments, and options.

func (*PolicyIamBinding) ElementType added in v0.26.0 

func (*PolicyIamBinding) ElementType() reflect.Type

func (*PolicyIamBinding) ToPolicyIamBindingOutput added in v0.26.0 

func (i *PolicyIamBinding) ToPolicyIamBindingOutput() PolicyIamBindingOutput

func (*PolicyIamBinding) ToPolicyIamBindingOutputWithContext added in v0.26.0 

func (i *PolicyIamBinding) ToPolicyIamBindingOutputWithContext(ctx context.Context) PolicyIamBindingOutput

type PolicyIamBindingArgs added in v0.26.0 

type PolicyIamBindingArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identities that will be granted the privilege in role. Each entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Members pulumi.StringArrayInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied. Only one `IamBinding` can be used per role.
	Role pulumi.StringInput
}

The set of arguments for constructing a PolicyIamBinding resource.

func (PolicyIamBindingArgs) ElementType added in v0.26.0 

func (PolicyIamBindingArgs) ElementType() reflect.Type

type PolicyIamBindingInput added in v0.26.0 

type PolicyIamBindingInput interface {
	pulumi.Input

	ToPolicyIamBindingOutput() PolicyIamBindingOutput
	ToPolicyIamBindingOutputWithContext(ctx context.Context) PolicyIamBindingOutput
}

type PolicyIamBindingOutput added in v0.26.0 

type PolicyIamBindingOutput struct{ *pulumi.OutputState }

func (PolicyIamBindingOutput) Condition added in v0.26.0 

func (o PolicyIamBindingOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (PolicyIamBindingOutput) ElementType added in v0.26.0 

func (PolicyIamBindingOutput) ElementType() reflect.Type

func (PolicyIamBindingOutput) Etag added in v0.26.0 

func (o PolicyIamBindingOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (PolicyIamBindingOutput) Members added in v0.26.0 

func (o PolicyIamBindingOutput) Members() pulumi.StringArrayOutput

Identities that will be granted the privilege in role. Each entry can have one of the following values:

  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (PolicyIamBindingOutput) Name added in v0.26.0 

func (o PolicyIamBindingOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (PolicyIamBindingOutput) Project added in v0.26.0 

func (o PolicyIamBindingOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (PolicyIamBindingOutput) Role added in v0.26.0 

func (o PolicyIamBindingOutput) Role() pulumi.StringOutput

The role that should be applied. Only one `IamBinding` can be used per role.

func (PolicyIamBindingOutput) ToPolicyIamBindingOutput added in v0.26.0 

func (o PolicyIamBindingOutput) ToPolicyIamBindingOutput() PolicyIamBindingOutput

func (PolicyIamBindingOutput) ToPolicyIamBindingOutputWithContext added in v0.26.0 

func (o PolicyIamBindingOutput) ToPolicyIamBindingOutputWithContext(ctx context.Context) PolicyIamBindingOutput

type PolicyIamBindingState added in v0.26.0 

type PolicyIamBindingState struct {
}

func (PolicyIamBindingState) ElementType added in v0.26.0 

func (PolicyIamBindingState) ElementType() reflect.Type

type PolicyIamMember added in v0.26.0 

type PolicyIamMember struct {
	pulumi.CustomResourceState

	// An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.
	Condition iam.ConditionPtrOutput `pulumi:"condition"`
	// The etag of the resource's IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringOutput `pulumi:"member"`
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringOutput `pulumi:"name"`
	// The project in which the resource belongs. If it is not provided, a default will be supplied.
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied.
	Role pulumi.StringOutput `pulumi:"role"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors.

func GetPolicyIamMember added in v0.26.0 

func GetPolicyIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyIamMemberState, opts ...pulumi.ResourceOption) (*PolicyIamMember, error)

GetPolicyIamMember gets an existing PolicyIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicyIamMember added in v0.26.0 

func NewPolicyIamMember(ctx *pulumi.Context,
	name string, args *PolicyIamMemberArgs, opts ...pulumi.ResourceOption) (*PolicyIamMember, error)

NewPolicyIamMember registers a new resource with the given unique name, arguments, and options.

func (*PolicyIamMember) ElementType added in v0.26.0 

func (*PolicyIamMember) ElementType() reflect.Type

func (*PolicyIamMember) ToPolicyIamMemberOutput added in v0.26.0 

func (i *PolicyIamMember) ToPolicyIamMemberOutput() PolicyIamMemberOutput

func (*PolicyIamMember) ToPolicyIamMemberOutputWithContext added in v0.26.0 

func (i *PolicyIamMember) ToPolicyIamMemberOutputWithContext(ctx context.Context) PolicyIamMemberOutput

type PolicyIamMemberArgs added in v0.26.0 

type PolicyIamMemberArgs struct {
	// An IAM Condition for a given binding.
	Condition iam.ConditionPtrInput
	// Identity that will be granted the privilege in role. The entry can have one of the following values:
	//
	//  * user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	//  * serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	//  * group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
	//  * domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	Member pulumi.StringInput
	// The name of the resource to manage IAM policies for.
	Name pulumi.StringInput
	// The role that should be applied.
	Role pulumi.StringInput
}

The set of arguments for constructing a PolicyIamMember resource.

func (PolicyIamMemberArgs) ElementType added in v0.26.0 

func (PolicyIamMemberArgs) ElementType() reflect.Type

type PolicyIamMemberInput added in v0.26.0 

type PolicyIamMemberInput interface {
	pulumi.Input

	ToPolicyIamMemberOutput() PolicyIamMemberOutput
	ToPolicyIamMemberOutputWithContext(ctx context.Context) PolicyIamMemberOutput
}

type PolicyIamMemberOutput added in v0.26.0 

type PolicyIamMemberOutput struct{ *pulumi.OutputState }

func (PolicyIamMemberOutput) Condition added in v0.26.0 

func (o PolicyIamMemberOutput) Condition() iam.ConditionPtrOutput

An IAM Condition for a given binding. See https://cloud.google.com/iam/docs/conditions-overview for additional details.

func (PolicyIamMemberOutput) ElementType added in v0.26.0 

func (PolicyIamMemberOutput) ElementType() reflect.Type

func (PolicyIamMemberOutput) Etag added in v0.26.0 

func (o PolicyIamMemberOutput) Etag() pulumi.StringOutput

The etag of the resource's IAM policy.

func (PolicyIamMemberOutput) Member added in v0.26.0 

func (o PolicyIamMemberOutput) Member() pulumi.StringOutput

Identity that will be granted the privilege in role. The entry can have one of the following values:

  • user:{emailid}: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
  • serviceAccount:{emailid}: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • group:{emailid}: An email address that represents a Google group. For example, admins@example.com.
  • domain:{domain}: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.

func (PolicyIamMemberOutput) Name added in v0.26.0 

func (o PolicyIamMemberOutput) Name() pulumi.StringOutput

The name of the resource to manage IAM policies for.

func (PolicyIamMemberOutput) Project added in v0.26.0 

func (o PolicyIamMemberOutput) Project() pulumi.StringOutput

The project in which the resource belongs. If it is not provided, a default will be supplied.

func (PolicyIamMemberOutput) Role added in v0.26.0 

func (o PolicyIamMemberOutput) Role() pulumi.StringOutput

The role that should be applied.

func (PolicyIamMemberOutput) ToPolicyIamMemberOutput added in v0.26.0 

func (o PolicyIamMemberOutput) ToPolicyIamMemberOutput() PolicyIamMemberOutput

func (PolicyIamMemberOutput) ToPolicyIamMemberOutputWithContext added in v0.26.0 

func (o PolicyIamMemberOutput) ToPolicyIamMemberOutputWithContext(ctx context.Context) PolicyIamMemberOutput

type PolicyIamMemberState added in v0.26.0 

type PolicyIamMemberState struct {
}

func (PolicyIamMemberState) ElementType added in v0.26.0 

func (PolicyIamMemberState) ElementType() reflect.Type

type PolicyIamPolicy 

type PolicyIamPolicy struct {
	pulumi.CustomResourceState

	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingResponseArrayOutput `pulumi:"bindings"`
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag    pulumi.StringOutput `pulumi:"etag"`
	Project pulumi.StringOutput `pulumi:"project"`
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntOutput `pulumi:"version"`
}

Sets the access control policy on the specified resource. Replaces any existing policy. Can return `NOT_FOUND`, `INVALID_ARGUMENT`, and `PERMISSION_DENIED` errors. Note - this resource's API doesn't support deletion. When deleted, the resource will persist on Google Cloud even though it will be deleted from Pulumi state.

func GetPolicyIamPolicy 

func GetPolicyIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *PolicyIamPolicyState, opts ...pulumi.ResourceOption) (*PolicyIamPolicy, error)

GetPolicyIamPolicy gets an existing PolicyIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewPolicyIamPolicy 

func NewPolicyIamPolicy(ctx *pulumi.Context,
	name string, args *PolicyIamPolicyArgs, opts ...pulumi.ResourceOption) (*PolicyIamPolicy, error)

NewPolicyIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*PolicyIamPolicy) ElementType 

func (*PolicyIamPolicy) ElementType() reflect.Type

func (*PolicyIamPolicy) ToPolicyIamPolicyOutput 

func (i *PolicyIamPolicy) ToPolicyIamPolicyOutput() PolicyIamPolicyOutput

func (*PolicyIamPolicy) ToPolicyIamPolicyOutputWithContext 

func (i *PolicyIamPolicy) ToPolicyIamPolicyOutputWithContext(ctx context.Context) PolicyIamPolicyOutput

type PolicyIamPolicyArgs 

type PolicyIamPolicyArgs struct {
	// Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.
	Bindings BindingArrayInput
	// `etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.
	Etag    pulumi.StringPtrInput
	Project pulumi.StringPtrInput
	// Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).
	Version pulumi.IntPtrInput
}

The set of arguments for constructing a PolicyIamPolicy resource.

func (PolicyIamPolicyArgs) ElementType 

func (PolicyIamPolicyArgs) ElementType() reflect.Type

type PolicyIamPolicyInput 

type PolicyIamPolicyInput interface {
	pulumi.Input

	ToPolicyIamPolicyOutput() PolicyIamPolicyOutput
	ToPolicyIamPolicyOutputWithContext(ctx context.Context) PolicyIamPolicyOutput
}

type PolicyIamPolicyOutput 

type PolicyIamPolicyOutput struct{ *pulumi.OutputState }

func (PolicyIamPolicyOutput) Bindings added in v0.19.0 

func (o PolicyIamPolicyOutput) Bindings() BindingResponseArrayOutput

Associates a list of `members`, or principals, with a `role`. Optionally, may specify a `condition` that determines how and when the `bindings` are applied. Each of the `bindings` must contain at least one principal. The `bindings` in a `Policy` can refer to up to 1,500 principals; up to 250 of these principals can be Google groups. Each occurrence of a principal counts towards these limits. For example, if the `bindings` grant 50 different roles to `user:alice@example.com`, and not to any other principal, then you can add another 1,450 principals to the `bindings` in the `Policy`.

func (PolicyIamPolicyOutput) ElementType 

func (PolicyIamPolicyOutput) ElementType() reflect.Type

func (PolicyIamPolicyOutput) Etag added in v0.19.0 

func (o PolicyIamPolicyOutput) Etag() pulumi.StringOutput

`etag` is used for optimistic concurrency control as a way to help prevent simultaneous updates of a policy from overwriting each other. It is strongly suggested that systems make use of the `etag` in the read-modify-write cycle to perform policy updates in order to avoid race conditions: An `etag` is returned in the response to `getIamPolicy`, and systems are expected to put that etag in the request to `setIamPolicy` to ensure that their change will be applied to the same version of the policy. **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost.

func (PolicyIamPolicyOutput) Project added in v0.21.0 

func (o PolicyIamPolicyOutput) Project() pulumi.StringOutput

func (PolicyIamPolicyOutput) ToPolicyIamPolicyOutput 

func (o PolicyIamPolicyOutput) ToPolicyIamPolicyOutput() PolicyIamPolicyOutput

func (PolicyIamPolicyOutput) ToPolicyIamPolicyOutputWithContext 

func (o PolicyIamPolicyOutput) ToPolicyIamPolicyOutputWithContext(ctx context.Context) PolicyIamPolicyOutput

func (PolicyIamPolicyOutput) Version added in v0.19.0 

func (o PolicyIamPolicyOutput) Version() pulumi.IntOutput

Specifies the format of the policy. Valid values are `0`, `1`, and `3`. Requests that specify an invalid value are rejected. Any operation that affects conditional role bindings must specify version `3`. This requirement applies to the following operations: * Getting a policy that includes a conditional role binding * Adding a conditional role binding to a policy * Changing a conditional role binding in a policy * Removing any role binding, with or without a condition, from a policy that includes conditions **Important:** If you use IAM Conditions, you must include the `etag` field whenever you call `setIamPolicy`. If you omit this field, then IAM allows you to overwrite a version `3` policy with a version `1` policy, and all of the conditions in the version `3` policy are lost. If a policy does not include any conditions, operations on that policy may specify any valid version or leave the field unset. To learn which resources support conditions in their IAM policies, see the [IAM documentation](https://cloud.google.com/iam/help/conditions/resource-policies).

type PolicyIamPolicyState 

type PolicyIamPolicyState struct {
}

func (PolicyIamPolicyState) ElementType 

func (PolicyIamPolicyState) ElementType() reflect.Type

type PolicyInput added in v0.32.0 

type PolicyInput interface {
	pulumi.Input

	ToPolicyOutput() PolicyOutput
	ToPolicyOutputWithContext(ctx context.Context) PolicyOutput
}

type PolicyOutput added in v0.32.0 

type PolicyOutput struct{ *pulumi.OutputState }

func (PolicyOutput) Description added in v0.32.0 

func (o PolicyOutput) Description() pulumi.StringOutput

Optional. A description comment about the policy.

func (PolicyOutput) ElementType added in v0.32.0 

func (PolicyOutput) ElementType() reflect.Type

func (PolicyOutput) GkePolicy added in v0.32.0 

func (o PolicyOutput) GkePolicy() GkePolicyResponseOutput

Optional. GKE platform-specific policy.

func (PolicyOutput) Name added in v0.32.0 

func (o PolicyOutput) Name() pulumi.StringOutput

The relative resource name of the Binary Authorization platform policy, in the form of `projects/*/platforms/*/policies/*`.

func (PolicyOutput) PlatformId added in v0.32.0 

func (o PolicyOutput) PlatformId() pulumi.StringOutput

func (PolicyOutput) PolicyId added in v0.32.0 

func (o PolicyOutput) PolicyId() pulumi.StringOutput

Required. The platform policy ID.

func (PolicyOutput) Project added in v0.32.0 

func (o PolicyOutput) Project() pulumi.StringOutput

func (PolicyOutput) ToPolicyOutput added in v0.32.0 

func (o PolicyOutput) ToPolicyOutput() PolicyOutput

func (PolicyOutput) ToPolicyOutputWithContext added in v0.32.0 

func (o PolicyOutput) ToPolicyOutputWithContext(ctx context.Context) PolicyOutput

func (PolicyOutput) UpdateTime added in v0.32.0 

func (o PolicyOutput) UpdateTime() pulumi.StringOutput

Time when the policy was last updated.

type PolicyState added in v0.32.0 

type PolicyState struct {
}

func (PolicyState) ElementType added in v0.32.0 

func (PolicyState) ElementType() reflect.Type

type Scope added in v0.32.0 

type Scope struct {
	// Optional. Matches all Kubernetes service accounts in the provided namespace, unless a more specific `kubernetes_service_account` scope already matched.
	KubernetesNamespace *string `pulumi:"kubernetesNamespace"`
	// Optional. Matches a single Kubernetes service account, e.g. `my-namespace:my-service-account`. `kubernetes_service_account` scope is always more specific than `kubernetes_namespace` scope for the same namespace.
	KubernetesServiceAccount *string `pulumi:"kubernetesServiceAccount"`
}

A scope specifier for `CheckSet` objects.

type ScopeArgs added in v0.32.0 

type ScopeArgs struct {
	// Optional. Matches all Kubernetes service accounts in the provided namespace, unless a more specific `kubernetes_service_account` scope already matched.
	KubernetesNamespace pulumi.StringPtrInput `pulumi:"kubernetesNamespace"`
	// Optional. Matches a single Kubernetes service account, e.g. `my-namespace:my-service-account`. `kubernetes_service_account` scope is always more specific than `kubernetes_namespace` scope for the same namespace.
	KubernetesServiceAccount pulumi.StringPtrInput `pulumi:"kubernetesServiceAccount"`
}

A scope specifier for `CheckSet` objects.

func (ScopeArgs) ElementType added in v0.32.0 

func (ScopeArgs) ElementType() reflect.Type

func (ScopeArgs) ToScopeOutput added in v0.32.0 

func (i ScopeArgs) ToScopeOutput() ScopeOutput

func (ScopeArgs) ToScopeOutputWithContext added in v0.32.0 

func (i ScopeArgs) ToScopeOutputWithContext(ctx context.Context) ScopeOutput

func (ScopeArgs) ToScopePtrOutput added in v0.32.0 

func (i ScopeArgs) ToScopePtrOutput() ScopePtrOutput

func (ScopeArgs) ToScopePtrOutputWithContext added in v0.32.0 

func (i ScopeArgs) ToScopePtrOutputWithContext(ctx context.Context) ScopePtrOutput

type ScopeInput added in v0.32.0 

type ScopeInput interface {
	pulumi.Input

	ToScopeOutput() ScopeOutput
	ToScopeOutputWithContext(context.Context) ScopeOutput
}

ScopeInput is an input type that accepts ScopeArgs and ScopeOutput values. You can construct a concrete instance of `ScopeInput` via: 

ScopeArgs{...}

type ScopeOutput added in v0.32.0 

type ScopeOutput struct{ *pulumi.OutputState }

A scope specifier for `CheckSet` objects.

func (ScopeOutput) ElementType added in v0.32.0 

func (ScopeOutput) ElementType() reflect.Type

func (ScopeOutput) KubernetesNamespace added in v0.32.0 

func (o ScopeOutput) KubernetesNamespace() pulumi.StringPtrOutput

Optional. Matches all Kubernetes service accounts in the provided namespace, unless a more specific `kubernetes_service_account` scope already matched.

func (ScopeOutput) KubernetesServiceAccount added in v0.32.0 

func (o ScopeOutput) KubernetesServiceAccount() pulumi.StringPtrOutput

Optional. Matches a single Kubernetes service account, e.g. `my-namespace:my-service-account`. `kubernetes_service_account` scope is always more specific than `kubernetes_namespace` scope for the same namespace.

func (ScopeOutput) ToScopeOutput added in v0.32.0 

func (o ScopeOutput) ToScopeOutput() ScopeOutput

func (ScopeOutput) ToScopeOutputWithContext added in v0.32.0 

func (o ScopeOutput) ToScopeOutputWithContext(ctx context.Context) ScopeOutput

func (ScopeOutput) ToScopePtrOutput added in v0.32.0 

func (o ScopeOutput) ToScopePtrOutput() ScopePtrOutput

func (ScopeOutput) ToScopePtrOutputWithContext added in v0.32.0 

func (o ScopeOutput) ToScopePtrOutputWithContext(ctx context.Context) ScopePtrOutput

type ScopePtrInput added in v0.32.0 

type ScopePtrInput interface {
	pulumi.Input

	ToScopePtrOutput() ScopePtrOutput
	ToScopePtrOutputWithContext(context.Context) ScopePtrOutput
}

ScopePtrInput is an input type that accepts ScopeArgs, ScopePtr and ScopePtrOutput values. You can construct a concrete instance of `ScopePtrInput` via: 

        ScopeArgs{...}

or:

        nil

func ScopePtr added in v0.32.0 

func ScopePtr(v *ScopeArgs) ScopePtrInput

type ScopePtrOutput added in v0.32.0 

type ScopePtrOutput struct{ *pulumi.OutputState }

func (ScopePtrOutput) Elem added in v0.32.0 

func (o ScopePtrOutput) Elem() ScopeOutput

func (ScopePtrOutput) ElementType added in v0.32.0 

func (ScopePtrOutput) ElementType() reflect.Type

func (ScopePtrOutput) KubernetesNamespace added in v0.32.0 

func (o ScopePtrOutput) KubernetesNamespace() pulumi.StringPtrOutput

Optional. Matches all Kubernetes service accounts in the provided namespace, unless a more specific `kubernetes_service_account` scope already matched.

func (ScopePtrOutput) KubernetesServiceAccount added in v0.32.0 

func (o ScopePtrOutput) KubernetesServiceAccount() pulumi.StringPtrOutput

Optional. Matches a single Kubernetes service account, e.g. `my-namespace:my-service-account`. `kubernetes_service_account` scope is always more specific than `kubernetes_namespace` scope for the same namespace.

func (ScopePtrOutput) ToScopePtrOutput added in v0.32.0 

func (o ScopePtrOutput) ToScopePtrOutput() ScopePtrOutput

func (ScopePtrOutput) ToScopePtrOutputWithContext added in v0.32.0 

func (o ScopePtrOutput) ToScopePtrOutputWithContext(ctx context.Context) ScopePtrOutput

type ScopeResponse added in v0.32.0 

type ScopeResponse struct {
	// Optional. Matches all Kubernetes service accounts in the provided namespace, unless a more specific `kubernetes_service_account` scope already matched.
	KubernetesNamespace string `pulumi:"kubernetesNamespace"`
	// Optional. Matches a single Kubernetes service account, e.g. `my-namespace:my-service-account`. `kubernetes_service_account` scope is always more specific than `kubernetes_namespace` scope for the same namespace.
	KubernetesServiceAccount string `pulumi:"kubernetesServiceAccount"`
}

A scope specifier for `CheckSet` objects.

type ScopeResponseOutput added in v0.32.0 

type ScopeResponseOutput struct{ *pulumi.OutputState }

A scope specifier for `CheckSet` objects.

func (ScopeResponseOutput) ElementType added in v0.32.0 

func (ScopeResponseOutput) ElementType() reflect.Type

func (ScopeResponseOutput) KubernetesNamespace added in v0.32.0 

func (o ScopeResponseOutput) KubernetesNamespace() pulumi.StringOutput

Optional. Matches all Kubernetes service accounts in the provided namespace, unless a more specific `kubernetes_service_account` scope already matched.

func (ScopeResponseOutput) KubernetesServiceAccount added in v0.32.0 

func (o ScopeResponseOutput) KubernetesServiceAccount() pulumi.StringOutput

Optional. Matches a single Kubernetes service account, e.g. `my-namespace:my-service-account`. `kubernetes_service_account` scope is always more specific than `kubernetes_namespace` scope for the same namespace.

func (ScopeResponseOutput) ToScopeResponseOutput added in v0.32.0 

func (o ScopeResponseOutput) ToScopeResponseOutput() ScopeResponseOutput

func (ScopeResponseOutput) ToScopeResponseOutputWithContext added in v0.32.0 

func (o ScopeResponseOutput) ToScopeResponseOutputWithContext(ctx context.Context) ScopeResponseOutput

type SimpleSigningAttestationCheck added in v0.32.0 

type SimpleSigningAttestationCheck struct {
	// The authenticators required by this check to verify an attestation. Typically this is one or more PKIX public keys for signature verification. Only one authenticator needs to consider an attestation verified in order for an attestation to be considered fully authenticated. In otherwords, this list of authenticators is an "OR" of the authenticator results. At least one authenticator is required.
	AttestationAuthenticators []AttestationAuthenticator `pulumi:"attestationAuthenticators"`
	// Optional. The projects where attestations are stored as Container Analysis Occurrences. Only one attestation needs to successfully verify an image for this check to pass, so a single verified attestation found in any of `container_analysis_attestation_projects` is sufficient for the check to pass. When fetching Occurrences from Container Analysis, only 'AttestationOccurrence' kinds are considered. In the future, additional Occurrence kinds may be added to the query.
	ContainerAnalysisAttestationProjects []string `pulumi:"containerAnalysisAttestationProjects"`
}

Require a signed [DSSE](https://github.com/secure-systems-lab/dsse) attestation with type SimpleSigning.

type SimpleSigningAttestationCheckArgs added in v0.32.0 

type SimpleSigningAttestationCheckArgs struct {
	// The authenticators required by this check to verify an attestation. Typically this is one or more PKIX public keys for signature verification. Only one authenticator needs to consider an attestation verified in order for an attestation to be considered fully authenticated. In otherwords, this list of authenticators is an "OR" of the authenticator results. At least one authenticator is required.
	AttestationAuthenticators AttestationAuthenticatorArrayInput `pulumi:"attestationAuthenticators"`
	// Optional. The projects where attestations are stored as Container Analysis Occurrences. Only one attestation needs to successfully verify an image for this check to pass, so a single verified attestation found in any of `container_analysis_attestation_projects` is sufficient for the check to pass. When fetching Occurrences from Container Analysis, only 'AttestationOccurrence' kinds are considered. In the future, additional Occurrence kinds may be added to the query.
	ContainerAnalysisAttestationProjects pulumi.StringArrayInput `pulumi:"containerAnalysisAttestationProjects"`
}

Require a signed [DSSE](https://github.com/secure-systems-lab/dsse) attestation with type SimpleSigning.

func (SimpleSigningAttestationCheckArgs) ElementType added in v0.32.0 

func (SimpleSigningAttestationCheckArgs) ElementType() reflect.Type

func (SimpleSigningAttestationCheckArgs) ToSimpleSigningAttestationCheckOutput added in v0.32.0 

func (i SimpleSigningAttestationCheckArgs) ToSimpleSigningAttestationCheckOutput() SimpleSigningAttestationCheckOutput

func (SimpleSigningAttestationCheckArgs) ToSimpleSigningAttestationCheckOutputWithContext added in v0.32.0 

func (i SimpleSigningAttestationCheckArgs) ToSimpleSigningAttestationCheckOutputWithContext(ctx context.Context) SimpleSigningAttestationCheckOutput

func (SimpleSigningAttestationCheckArgs) ToSimpleSigningAttestationCheckPtrOutput added in v0.32.0 

func (i SimpleSigningAttestationCheckArgs) ToSimpleSigningAttestationCheckPtrOutput() SimpleSigningAttestationCheckPtrOutput

func (SimpleSigningAttestationCheckArgs) ToSimpleSigningAttestationCheckPtrOutputWithContext added in v0.32.0 

func (i SimpleSigningAttestationCheckArgs) ToSimpleSigningAttestationCheckPtrOutputWithContext(ctx context.Context) SimpleSigningAttestationCheckPtrOutput

type SimpleSigningAttestationCheckInput added in v0.32.0 

type SimpleSigningAttestationCheckInput interface {
	pulumi.Input

	ToSimpleSigningAttestationCheckOutput() SimpleSigningAttestationCheckOutput
	ToSimpleSigningAttestationCheckOutputWithContext(context.Context) SimpleSigningAttestationCheckOutput
}

SimpleSigningAttestationCheckInput is an input type that accepts SimpleSigningAttestationCheckArgs and SimpleSigningAttestationCheckOutput values. You can construct a concrete instance of `SimpleSigningAttestationCheckInput` via: 

SimpleSigningAttestationCheckArgs{...}

type SimpleSigningAttestationCheckOutput added in v0.32.0 

type SimpleSigningAttestationCheckOutput struct{ *pulumi.OutputState }

Require a signed [DSSE](https://github.com/secure-systems-lab/dsse) attestation with type SimpleSigning.

func (SimpleSigningAttestationCheckOutput) AttestationAuthenticators added in v0.32.0 

func (o SimpleSigningAttestationCheckOutput) AttestationAuthenticators() AttestationAuthenticatorArrayOutput

The authenticators required by this check to verify an attestation. Typically this is one or more PKIX public keys for signature verification. Only one authenticator needs to consider an attestation verified in order for an attestation to be considered fully authenticated. In otherwords, this list of authenticators is an "OR" of the authenticator results. At least one authenticator is required.

func (SimpleSigningAttestationCheckOutput) ContainerAnalysisAttestationProjects added in v0.32.0 

func (o SimpleSigningAttestationCheckOutput) ContainerAnalysisAttestationProjects() pulumi.StringArrayOutput

Optional. The projects where attestations are stored as Container Analysis Occurrences. Only one attestation needs to successfully verify an image for this check to pass, so a single verified attestation found in any of `container_analysis_attestation_projects` is sufficient for the check to pass. When fetching Occurrences from Container Analysis, only 'AttestationOccurrence' kinds are considered. In the future, additional Occurrence kinds may be added to the query.

func (SimpleSigningAttestationCheckOutput) ElementType added in v0.32.0 

func (SimpleSigningAttestationCheckOutput) ElementType() reflect.Type

func (SimpleSigningAttestationCheckOutput) ToSimpleSigningAttestationCheckOutput added in v0.32.0 

func (o SimpleSigningAttestationCheckOutput) ToSimpleSigningAttestationCheckOutput() SimpleSigningAttestationCheckOutput

func (SimpleSigningAttestationCheckOutput) ToSimpleSigningAttestationCheckOutputWithContext added in v0.32.0 

func (o SimpleSigningAttestationCheckOutput) ToSimpleSigningAttestationCheckOutputWithContext(ctx context.Context) SimpleSigningAttestationCheckOutput

func (SimpleSigningAttestationCheckOutput) ToSimpleSigningAttestationCheckPtrOutput added in v0.32.0 

func (o SimpleSigningAttestationCheckOutput) ToSimpleSigningAttestationCheckPtrOutput() SimpleSigningAttestationCheckPtrOutput

func (SimpleSigningAttestationCheckOutput) ToSimpleSigningAttestationCheckPtrOutputWithContext added in v0.32.0 

func (o SimpleSigningAttestationCheckOutput) ToSimpleSigningAttestationCheckPtrOutputWithContext(ctx context.Context) SimpleSigningAttestationCheckPtrOutput

type SimpleSigningAttestationCheckPtrInput added in v0.32.0 

type SimpleSigningAttestationCheckPtrInput interface {
	pulumi.Input

	ToSimpleSigningAttestationCheckPtrOutput() SimpleSigningAttestationCheckPtrOutput
	ToSimpleSigningAttestationCheckPtrOutputWithContext(context.Context) SimpleSigningAttestationCheckPtrOutput
}

SimpleSigningAttestationCheckPtrInput is an input type that accepts SimpleSigningAttestationCheckArgs, SimpleSigningAttestationCheckPtr and SimpleSigningAttestationCheckPtrOutput values. You can construct a concrete instance of `SimpleSigningAttestationCheckPtrInput` via: 

        SimpleSigningAttestationCheckArgs{...}

or:

        nil

func SimpleSigningAttestationCheckPtr added in v0.32.0 

func SimpleSigningAttestationCheckPtr(v *SimpleSigningAttestationCheckArgs) SimpleSigningAttestationCheckPtrInput

type SimpleSigningAttestationCheckPtrOutput added in v0.32.0 

type SimpleSigningAttestationCheckPtrOutput struct{ *pulumi.OutputState }

func (SimpleSigningAttestationCheckPtrOutput) AttestationAuthenticators added in v0.32.0 

func (o SimpleSigningAttestationCheckPtrOutput) AttestationAuthenticators() AttestationAuthenticatorArrayOutput

The authenticators required by this check to verify an attestation. Typically this is one or more PKIX public keys for signature verification. Only one authenticator needs to consider an attestation verified in order for an attestation to be considered fully authenticated. In otherwords, this list of authenticators is an "OR" of the authenticator results. At least one authenticator is required.

func (SimpleSigningAttestationCheckPtrOutput) ContainerAnalysisAttestationProjects added in v0.32.0 

func (o SimpleSigningAttestationCheckPtrOutput) ContainerAnalysisAttestationProjects() pulumi.StringArrayOutput

Optional. The projects where attestations are stored as Container Analysis Occurrences. Only one attestation needs to successfully verify an image for this check to pass, so a single verified attestation found in any of `container_analysis_attestation_projects` is sufficient for the check to pass. When fetching Occurrences from Container Analysis, only 'AttestationOccurrence' kinds are considered. In the future, additional Occurrence kinds may be added to the query.

func (SimpleSigningAttestationCheckPtrOutput) Elem added in v0.32.0 

func (o SimpleSigningAttestationCheckPtrOutput) Elem() SimpleSigningAttestationCheckOutput

func (SimpleSigningAttestationCheckPtrOutput) ElementType added in v0.32.0 

func (SimpleSigningAttestationCheckPtrOutput) ElementType() reflect.Type

func (SimpleSigningAttestationCheckPtrOutput) ToSimpleSigningAttestationCheckPtrOutput added in v0.32.0 

func (o SimpleSigningAttestationCheckPtrOutput) ToSimpleSigningAttestationCheckPtrOutput() SimpleSigningAttestationCheckPtrOutput

func (SimpleSigningAttestationCheckPtrOutput) ToSimpleSigningAttestationCheckPtrOutputWithContext added in v0.32.0 

func (o SimpleSigningAttestationCheckPtrOutput) ToSimpleSigningAttestationCheckPtrOutputWithContext(ctx context.Context) SimpleSigningAttestationCheckPtrOutput

type SimpleSigningAttestationCheckResponse added in v0.32.0 

type SimpleSigningAttestationCheckResponse struct {
	// The authenticators required by this check to verify an attestation. Typically this is one or more PKIX public keys for signature verification. Only one authenticator needs to consider an attestation verified in order for an attestation to be considered fully authenticated. In otherwords, this list of authenticators is an "OR" of the authenticator results. At least one authenticator is required.
	AttestationAuthenticators []AttestationAuthenticatorResponse `pulumi:"attestationAuthenticators"`
	// Optional. The projects where attestations are stored as Container Analysis Occurrences. Only one attestation needs to successfully verify an image for this check to pass, so a single verified attestation found in any of `container_analysis_attestation_projects` is sufficient for the check to pass. When fetching Occurrences from Container Analysis, only 'AttestationOccurrence' kinds are considered. In the future, additional Occurrence kinds may be added to the query.
	ContainerAnalysisAttestationProjects []string `pulumi:"containerAnalysisAttestationProjects"`
}

Require a signed [DSSE](https://github.com/secure-systems-lab/dsse) attestation with type SimpleSigning.

type SimpleSigningAttestationCheckResponseOutput added in v0.32.0 

type SimpleSigningAttestationCheckResponseOutput struct{ *pulumi.OutputState }

Require a signed [DSSE](https://github.com/secure-systems-lab/dsse) attestation with type SimpleSigning.

func (SimpleSigningAttestationCheckResponseOutput) AttestationAuthenticators added in v0.32.0 

func (o SimpleSigningAttestationCheckResponseOutput) AttestationAuthenticators() AttestationAuthenticatorResponseArrayOutput

The authenticators required by this check to verify an attestation. Typically this is one or more PKIX public keys for signature verification. Only one authenticator needs to consider an attestation verified in order for an attestation to be considered fully authenticated. In otherwords, this list of authenticators is an "OR" of the authenticator results. At least one authenticator is required.

func (SimpleSigningAttestationCheckResponseOutput) ContainerAnalysisAttestationProjects added in v0.32.0 

func (o SimpleSigningAttestationCheckResponseOutput) ContainerAnalysisAttestationProjects() pulumi.StringArrayOutput

Optional. The projects where attestations are stored as Container Analysis Occurrences. Only one attestation needs to successfully verify an image for this check to pass, so a single verified attestation found in any of `container_analysis_attestation_projects` is sufficient for the check to pass. When fetching Occurrences from Container Analysis, only 'AttestationOccurrence' kinds are considered. In the future, additional Occurrence kinds may be added to the query.

func (SimpleSigningAttestationCheckResponseOutput) ElementType added in v0.32.0 

func (SimpleSigningAttestationCheckResponseOutput) ElementType() reflect.Type

func (SimpleSigningAttestationCheckResponseOutput) ToSimpleSigningAttestationCheckResponseOutput added in v0.32.0 

func (o SimpleSigningAttestationCheckResponseOutput) ToSimpleSigningAttestationCheckResponseOutput() SimpleSigningAttestationCheckResponseOutput

func (SimpleSigningAttestationCheckResponseOutput) ToSimpleSigningAttestationCheckResponseOutputWithContext added in v0.32.0 

func (o SimpleSigningAttestationCheckResponseOutput) ToSimpleSigningAttestationCheckResponseOutputWithContext(ctx context.Context) SimpleSigningAttestationCheckResponseOutput

type SlsaCheck added in v0.32.0 

type SlsaCheck struct {
	// Specifies a list of verification rules for the SLSA attestations. An image is considered compliant with the SlsaCheck if any of the rules are satisfied.
	Rules []VerificationRule `pulumi:"rules"`
}

A SLSA provenance attestation check, which ensures that images are built by a trusted builder using source code from its trusted repositories only.

type SlsaCheckArgs added in v0.32.0 

type SlsaCheckArgs struct {
	// Specifies a list of verification rules for the SLSA attestations. An image is considered compliant with the SlsaCheck if any of the rules are satisfied.
	Rules VerificationRuleArrayInput `pulumi:"rules"`
}

A SLSA provenance attestation check, which ensures that images are built by a trusted builder using source code from its trusted repositories only.

func (SlsaCheckArgs) ElementType added in v0.32.0 

func (SlsaCheckArgs) ElementType() reflect.Type

func (SlsaCheckArgs) ToSlsaCheckOutput added in v0.32.0 

func (i SlsaCheckArgs) ToSlsaCheckOutput() SlsaCheckOutput

func (SlsaCheckArgs) ToSlsaCheckOutputWithContext added in v0.32.0 

func (i SlsaCheckArgs) ToSlsaCheckOutputWithContext(ctx context.Context) SlsaCheckOutput

func (SlsaCheckArgs) ToSlsaCheckPtrOutput added in v0.32.0 

func (i SlsaCheckArgs) ToSlsaCheckPtrOutput() SlsaCheckPtrOutput

func (SlsaCheckArgs) ToSlsaCheckPtrOutputWithContext added in v0.32.0 

func (i SlsaCheckArgs) ToSlsaCheckPtrOutputWithContext(ctx context.Context) SlsaCheckPtrOutput

type SlsaCheckInput added in v0.32.0 

type SlsaCheckInput interface {
	pulumi.Input

	ToSlsaCheckOutput() SlsaCheckOutput
	ToSlsaCheckOutputWithContext(context.Context) SlsaCheckOutput
}

SlsaCheckInput is an input type that accepts SlsaCheckArgs and SlsaCheckOutput values. You can construct a concrete instance of `SlsaCheckInput` via: 

SlsaCheckArgs{...}

type SlsaCheckOutput added in v0.32.0 

type SlsaCheckOutput struct{ *pulumi.OutputState }

A SLSA provenance attestation check, which ensures that images are built by a trusted builder using source code from its trusted repositories only.

func (SlsaCheckOutput) ElementType added in v0.32.0 

func (SlsaCheckOutput) ElementType() reflect.Type

func (SlsaCheckOutput) Rules added in v0.32.0 

func (o SlsaCheckOutput) Rules() VerificationRuleArrayOutput

Specifies a list of verification rules for the SLSA attestations. An image is considered compliant with the SlsaCheck if any of the rules are satisfied.

func (SlsaCheckOutput) ToSlsaCheckOutput added in v0.32.0 

func (o SlsaCheckOutput) ToSlsaCheckOutput() SlsaCheckOutput

func (SlsaCheckOutput) ToSlsaCheckOutputWithContext added in v0.32.0 

func (o SlsaCheckOutput) ToSlsaCheckOutputWithContext(ctx context.Context) SlsaCheckOutput

func (SlsaCheckOutput) ToSlsaCheckPtrOutput added in v0.32.0 

func (o SlsaCheckOutput) ToSlsaCheckPtrOutput() SlsaCheckPtrOutput

func (SlsaCheckOutput) ToSlsaCheckPtrOutputWithContext added in v0.32.0 

func (o SlsaCheckOutput) ToSlsaCheckPtrOutputWithContext(ctx context.Context) SlsaCheckPtrOutput

type SlsaCheckPtrInput added in v0.32.0 

type SlsaCheckPtrInput interface {
	pulumi.Input

	ToSlsaCheckPtrOutput() SlsaCheckPtrOutput
	ToSlsaCheckPtrOutputWithContext(context.Context) SlsaCheckPtrOutput
}

SlsaCheckPtrInput is an input type that accepts SlsaCheckArgs, SlsaCheckPtr and SlsaCheckPtrOutput values. You can construct a concrete instance of `SlsaCheckPtrInput` via: 

        SlsaCheckArgs{...}

or:

        nil

func SlsaCheckPtr added in v0.32.0 

func SlsaCheckPtr(v *SlsaCheckArgs) SlsaCheckPtrInput

type SlsaCheckPtrOutput added in v0.32.0 

type SlsaCheckPtrOutput struct{ *pulumi.OutputState }

func (SlsaCheckPtrOutput) Elem added in v0.32.0 

func (o SlsaCheckPtrOutput) Elem() SlsaCheckOutput

func (SlsaCheckPtrOutput) ElementType added in v0.32.0 

func (SlsaCheckPtrOutput) ElementType() reflect.Type

func (SlsaCheckPtrOutput) Rules added in v0.32.0 

func (o SlsaCheckPtrOutput) Rules() VerificationRuleArrayOutput

Specifies a list of verification rules for the SLSA attestations. An image is considered compliant with the SlsaCheck if any of the rules are satisfied.

func (SlsaCheckPtrOutput) ToSlsaCheckPtrOutput added in v0.32.0 

func (o SlsaCheckPtrOutput) ToSlsaCheckPtrOutput() SlsaCheckPtrOutput

func (SlsaCheckPtrOutput) ToSlsaCheckPtrOutputWithContext added in v0.32.0 

func (o SlsaCheckPtrOutput) ToSlsaCheckPtrOutputWithContext(ctx context.Context) SlsaCheckPtrOutput

type SlsaCheckResponse added in v0.32.0 

type SlsaCheckResponse struct {
	// Specifies a list of verification rules for the SLSA attestations. An image is considered compliant with the SlsaCheck if any of the rules are satisfied.
	Rules []VerificationRuleResponse `pulumi:"rules"`
}

A SLSA provenance attestation check, which ensures that images are built by a trusted builder using source code from its trusted repositories only.

type SlsaCheckResponseOutput added in v0.32.0 

type SlsaCheckResponseOutput struct{ *pulumi.OutputState }

A SLSA provenance attestation check, which ensures that images are built by a trusted builder using source code from its trusted repositories only.

func (SlsaCheckResponseOutput) ElementType added in v0.32.0 

func (SlsaCheckResponseOutput) ElementType() reflect.Type

func (SlsaCheckResponseOutput) Rules added in v0.32.0 

func (o SlsaCheckResponseOutput) Rules() VerificationRuleResponseArrayOutput

Specifies a list of verification rules for the SLSA attestations. An image is considered compliant with the SlsaCheck if any of the rules are satisfied.

func (SlsaCheckResponseOutput) ToSlsaCheckResponseOutput added in v0.32.0 

func (o SlsaCheckResponseOutput) ToSlsaCheckResponseOutput() SlsaCheckResponseOutput

func (SlsaCheckResponseOutput) ToSlsaCheckResponseOutputWithContext added in v0.32.0 

func (o SlsaCheckResponseOutput) ToSlsaCheckResponseOutputWithContext(ctx context.Context) SlsaCheckResponseOutput

type TrustedDirectoryCheck added in v0.32.0 

type TrustedDirectoryCheck struct {
	// List of trusted directory patterns. A pattern is in the form "registry/path/to/directory". The registry domain part is defined as two or more dot-separated words, e.g., `us.pkg.dev`, or `gcr.io`. Additionally, `*` can be used in three ways as wildcards: 1. leading `*` to match varying prefixes in registry subdomain (useful for location prefixes); 2. trailing `*` after registry/ to match varying endings; 3. trailing `**` after registry/ to match "/" as well. For example: -- `gcr.io/my-project/my-repo` is valid to match a single directory -- `*-docker.pkg.dev/my-project/my-repo` or `*.gcr.io/my-project` are valid to match varying prefixes -- `gcr.io/my-project/*` will match all direct directories in `my-project` -- `gcr.io/my-project/**` would match all directories in `my-project` -- `gcr.i*` is not allowed since the registry is not completely specified -- `sub*domain.gcr.io/nginx` is not valid because only leading `*` or trailing `*` are allowed. -- `*pkg.dev/my-project/my-repo` is not valid because leading `*` can only match subdomain -- `**-docker.pkg.dev` is not valid because one leading `*` is allowed, and that it cannot match `/`
	TrustedDirPatterns []string `pulumi:"trustedDirPatterns"`
}

A trusted directory check, which rejects images that do not come from the set of user-configured trusted directories.

type TrustedDirectoryCheckArgs added in v0.32.0 

type TrustedDirectoryCheckArgs struct {
	// List of trusted directory patterns. A pattern is in the form "registry/path/to/directory". The registry domain part is defined as two or more dot-separated words, e.g., `us.pkg.dev`, or `gcr.io`. Additionally, `*` can be used in three ways as wildcards: 1. leading `*` to match varying prefixes in registry subdomain (useful for location prefixes); 2. trailing `*` after registry/ to match varying endings; 3. trailing `**` after registry/ to match "/" as well. For example: -- `gcr.io/my-project/my-repo` is valid to match a single directory -- `*-docker.pkg.dev/my-project/my-repo` or `*.gcr.io/my-project` are valid to match varying prefixes -- `gcr.io/my-project/*` will match all direct directories in `my-project` -- `gcr.io/my-project/**` would match all directories in `my-project` -- `gcr.i*` is not allowed since the registry is not completely specified -- `sub*domain.gcr.io/nginx` is not valid because only leading `*` or trailing `*` are allowed. -- `*pkg.dev/my-project/my-repo` is not valid because leading `*` can only match subdomain -- `**-docker.pkg.dev` is not valid because one leading `*` is allowed, and that it cannot match `/`
	TrustedDirPatterns pulumi.StringArrayInput `pulumi:"trustedDirPatterns"`
}

A trusted directory check, which rejects images that do not come from the set of user-configured trusted directories.

func (TrustedDirectoryCheckArgs) ElementType added in v0.32.0 

func (TrustedDirectoryCheckArgs) ElementType() reflect.Type

func (TrustedDirectoryCheckArgs) ToTrustedDirectoryCheckOutput added in v0.32.0 

func (i TrustedDirectoryCheckArgs) ToTrustedDirectoryCheckOutput() TrustedDirectoryCheckOutput

func (TrustedDirectoryCheckArgs) ToTrustedDirectoryCheckOutputWithContext added in v0.32.0 

func (i TrustedDirectoryCheckArgs) ToTrustedDirectoryCheckOutputWithContext(ctx context.Context) TrustedDirectoryCheckOutput

func (TrustedDirectoryCheckArgs) ToTrustedDirectoryCheckPtrOutput added in v0.32.0 

func (i TrustedDirectoryCheckArgs) ToTrustedDirectoryCheckPtrOutput() TrustedDirectoryCheckPtrOutput

func (TrustedDirectoryCheckArgs) ToTrustedDirectoryCheckPtrOutputWithContext added in v0.32.0 

func (i TrustedDirectoryCheckArgs) ToTrustedDirectoryCheckPtrOutputWithContext(ctx context.Context) TrustedDirectoryCheckPtrOutput

type TrustedDirectoryCheckInput added in v0.32.0 

type TrustedDirectoryCheckInput interface {
	pulumi.Input

	ToTrustedDirectoryCheckOutput() TrustedDirectoryCheckOutput
	ToTrustedDirectoryCheckOutputWithContext(context.Context) TrustedDirectoryCheckOutput
}

TrustedDirectoryCheckInput is an input type that accepts TrustedDirectoryCheckArgs and TrustedDirectoryCheckOutput values. You can construct a concrete instance of `TrustedDirectoryCheckInput` via: 

TrustedDirectoryCheckArgs{...}

type TrustedDirectoryCheckOutput added in v0.32.0 

type TrustedDirectoryCheckOutput struct{ *pulumi.OutputState }

A trusted directory check, which rejects images that do not come from the set of user-configured trusted directories.

func (TrustedDirectoryCheckOutput) ElementType added in v0.32.0 

func (TrustedDirectoryCheckOutput) ElementType() reflect.Type

func (TrustedDirectoryCheckOutput) ToTrustedDirectoryCheckOutput added in v0.32.0 

func (o TrustedDirectoryCheckOutput) ToTrustedDirectoryCheckOutput() TrustedDirectoryCheckOutput

func (TrustedDirectoryCheckOutput) ToTrustedDirectoryCheckOutputWithContext added in v0.32.0 

func (o TrustedDirectoryCheckOutput) ToTrustedDirectoryCheckOutputWithContext(ctx context.Context) TrustedDirectoryCheckOutput

func (TrustedDirectoryCheckOutput) ToTrustedDirectoryCheckPtrOutput added in v0.32.0 

func (o TrustedDirectoryCheckOutput) ToTrustedDirectoryCheckPtrOutput() TrustedDirectoryCheckPtrOutput

func (TrustedDirectoryCheckOutput) ToTrustedDirectoryCheckPtrOutputWithContext added in v0.32.0 

func (o TrustedDirectoryCheckOutput) ToTrustedDirectoryCheckPtrOutputWithContext(ctx context.Context) TrustedDirectoryCheckPtrOutput

func (TrustedDirectoryCheckOutput) TrustedDirPatterns added in v0.32.0 

func (o TrustedDirectoryCheckOutput) TrustedDirPatterns() pulumi.StringArrayOutput

List of trusted directory patterns. A pattern is in the form "registry/path/to/directory". The registry domain part is defined as two or more dot-separated words, e.g., `us.pkg.dev`, or `gcr.io`. Additionally, `*` can be used in three ways as wildcards: 1. leading `*` to match varying prefixes in registry subdomain (useful for location prefixes); 2. trailing `*` after registry/ to match varying endings; 3. trailing `**` after registry/ to match "/" as well. For example: -- `gcr.io/my-project/my-repo` is valid to match a single directory -- `*-docker.pkg.dev/my-project/my-repo` or `*.gcr.io/my-project` are valid to match varying prefixes -- `gcr.io/my-project/*` will match all direct directories in `my-project` -- `gcr.io/my-project/**` would match all directories in `my-project` -- `gcr.i*` is not allowed since the registry is not completely specified -- `sub*domain.gcr.io/nginx` is not valid because only leading `*` or trailing `*` are allowed. -- `*pkg.dev/my-project/my-repo` is not valid because leading `*` can only match subdomain -- `**-docker.pkg.dev` is not valid because one leading `*` is allowed, and that it cannot match `/`

type TrustedDirectoryCheckPtrInput added in v0.32.0 

type TrustedDirectoryCheckPtrInput interface {
	pulumi.Input

	ToTrustedDirectoryCheckPtrOutput() TrustedDirectoryCheckPtrOutput
	ToTrustedDirectoryCheckPtrOutputWithContext(context.Context) TrustedDirectoryCheckPtrOutput
}

TrustedDirectoryCheckPtrInput is an input type that accepts TrustedDirectoryCheckArgs, TrustedDirectoryCheckPtr and TrustedDirectoryCheckPtrOutput values. You can construct a concrete instance of `TrustedDirectoryCheckPtrInput` via: 

        TrustedDirectoryCheckArgs{...}

or:

        nil

func TrustedDirectoryCheckPtr added in v0.32.0 

func TrustedDirectoryCheckPtr(v *TrustedDirectoryCheckArgs) TrustedDirectoryCheckPtrInput

type TrustedDirectoryCheckPtrOutput added in v0.32.0 

type TrustedDirectoryCheckPtrOutput struct{ *pulumi.OutputState }

func (TrustedDirectoryCheckPtrOutput) Elem added in v0.32.0 

func (o TrustedDirectoryCheckPtrOutput) Elem() TrustedDirectoryCheckOutput

func (TrustedDirectoryCheckPtrOutput) ElementType added in v0.32.0 

func (TrustedDirectoryCheckPtrOutput) ElementType() reflect.Type

func (TrustedDirectoryCheckPtrOutput) ToTrustedDirectoryCheckPtrOutput added in v0.32.0 

func (o TrustedDirectoryCheckPtrOutput) ToTrustedDirectoryCheckPtrOutput() TrustedDirectoryCheckPtrOutput

func (TrustedDirectoryCheckPtrOutput) ToTrustedDirectoryCheckPtrOutputWithContext added in v0.32.0 

func (o TrustedDirectoryCheckPtrOutput) ToTrustedDirectoryCheckPtrOutputWithContext(ctx context.Context) TrustedDirectoryCheckPtrOutput

func (TrustedDirectoryCheckPtrOutput) TrustedDirPatterns added in v0.32.0 

func (o TrustedDirectoryCheckPtrOutput) TrustedDirPatterns() pulumi.StringArrayOutput

List of trusted directory patterns. A pattern is in the form "registry/path/to/directory". The registry domain part is defined as two or more dot-separated words, e.g., `us.pkg.dev`, or `gcr.io`. Additionally, `*` can be used in three ways as wildcards: 1. leading `*` to match varying prefixes in registry subdomain (useful for location prefixes); 2. trailing `*` after registry/ to match varying endings; 3. trailing `**` after registry/ to match "/" as well. For example: -- `gcr.io/my-project/my-repo` is valid to match a single directory -- `*-docker.pkg.dev/my-project/my-repo` or `*.gcr.io/my-project` are valid to match varying prefixes -- `gcr.io/my-project/*` will match all direct directories in `my-project` -- `gcr.io/my-project/**` would match all directories in `my-project` -- `gcr.i*` is not allowed since the registry is not completely specified -- `sub*domain.gcr.io/nginx` is not valid because only leading `*` or trailing `*` are allowed. -- `*pkg.dev/my-project/my-repo` is not valid because leading `*` can only match subdomain -- `**-docker.pkg.dev` is not valid because one leading `*` is allowed, and that it cannot match `/`

type TrustedDirectoryCheckResponse added in v0.32.0 

type TrustedDirectoryCheckResponse struct {
	// List of trusted directory patterns. A pattern is in the form "registry/path/to/directory". The registry domain part is defined as two or more dot-separated words, e.g., `us.pkg.dev`, or `gcr.io`. Additionally, `*` can be used in three ways as wildcards: 1. leading `*` to match varying prefixes in registry subdomain (useful for location prefixes); 2. trailing `*` after registry/ to match varying endings; 3. trailing `**` after registry/ to match "/" as well. For example: -- `gcr.io/my-project/my-repo` is valid to match a single directory -- `*-docker.pkg.dev/my-project/my-repo` or `*.gcr.io/my-project` are valid to match varying prefixes -- `gcr.io/my-project/*` will match all direct directories in `my-project` -- `gcr.io/my-project/**` would match all directories in `my-project` -- `gcr.i*` is not allowed since the registry is not completely specified -- `sub*domain.gcr.io/nginx` is not valid because only leading `*` or trailing `*` are allowed. -- `*pkg.dev/my-project/my-repo` is not valid because leading `*` can only match subdomain -- `**-docker.pkg.dev` is not valid because one leading `*` is allowed, and that it cannot match `/`
	TrustedDirPatterns []string `pulumi:"trustedDirPatterns"`
}

A trusted directory check, which rejects images that do not come from the set of user-configured trusted directories.

type TrustedDirectoryCheckResponseOutput added in v0.32.0 

type TrustedDirectoryCheckResponseOutput struct{ *pulumi.OutputState }

A trusted directory check, which rejects images that do not come from the set of user-configured trusted directories.

func (TrustedDirectoryCheckResponseOutput) ElementType added in v0.32.0 

func (TrustedDirectoryCheckResponseOutput) ElementType() reflect.Type

func (TrustedDirectoryCheckResponseOutput) ToTrustedDirectoryCheckResponseOutput added in v0.32.0 

func (o TrustedDirectoryCheckResponseOutput) ToTrustedDirectoryCheckResponseOutput() TrustedDirectoryCheckResponseOutput

func (TrustedDirectoryCheckResponseOutput) ToTrustedDirectoryCheckResponseOutputWithContext added in v0.32.0 

func (o TrustedDirectoryCheckResponseOutput) ToTrustedDirectoryCheckResponseOutputWithContext(ctx context.Context) TrustedDirectoryCheckResponseOutput

func (TrustedDirectoryCheckResponseOutput) TrustedDirPatterns added in v0.32.0 

func (o TrustedDirectoryCheckResponseOutput) TrustedDirPatterns() pulumi.StringArrayOutput

List of trusted directory patterns. A pattern is in the form "registry/path/to/directory". The registry domain part is defined as two or more dot-separated words, e.g., `us.pkg.dev`, or `gcr.io`. Additionally, `*` can be used in three ways as wildcards: 1. leading `*` to match varying prefixes in registry subdomain (useful for location prefixes); 2. trailing `*` after registry/ to match varying endings; 3. trailing `**` after registry/ to match "/" as well. For example: -- `gcr.io/my-project/my-repo` is valid to match a single directory -- `*-docker.pkg.dev/my-project/my-repo` or `*.gcr.io/my-project` are valid to match varying prefixes -- `gcr.io/my-project/*` will match all direct directories in `my-project` -- `gcr.io/my-project/**` would match all directories in `my-project` -- `gcr.i*` is not allowed since the registry is not completely specified -- `sub*domain.gcr.io/nginx` is not valid because only leading `*` or trailing `*` are allowed. -- `*pkg.dev/my-project/my-repo` is not valid because leading `*` can only match subdomain -- `**-docker.pkg.dev` is not valid because one leading `*` is allowed, and that it cannot match `/`

type UserOwnedGrafeasNote 

type UserOwnedGrafeasNote struct {
	// The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
	NoteReference string `pulumi:"noteReference"`
	// Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
	PublicKeys []AttestorPublicKey `pulumi:"publicKeys"`
}

An user owned Grafeas note references a Grafeas Attestation.Authority Note created by the user.

type UserOwnedGrafeasNoteArgs 

type UserOwnedGrafeasNoteArgs struct {
	// The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
	NoteReference pulumi.StringInput `pulumi:"noteReference"`
	// Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
	PublicKeys AttestorPublicKeyArrayInput `pulumi:"publicKeys"`
}

An user owned Grafeas note references a Grafeas Attestation.Authority Note created by the user.

func (UserOwnedGrafeasNoteArgs) ElementType 

func (UserOwnedGrafeasNoteArgs) ElementType() reflect.Type

func (UserOwnedGrafeasNoteArgs) ToUserOwnedGrafeasNoteOutput 

func (i UserOwnedGrafeasNoteArgs) ToUserOwnedGrafeasNoteOutput() UserOwnedGrafeasNoteOutput

func (UserOwnedGrafeasNoteArgs) ToUserOwnedGrafeasNoteOutputWithContext 

func (i UserOwnedGrafeasNoteArgs) ToUserOwnedGrafeasNoteOutputWithContext(ctx context.Context) UserOwnedGrafeasNoteOutput

func (UserOwnedGrafeasNoteArgs) ToUserOwnedGrafeasNotePtrOutput 

func (i UserOwnedGrafeasNoteArgs) ToUserOwnedGrafeasNotePtrOutput() UserOwnedGrafeasNotePtrOutput

func (UserOwnedGrafeasNoteArgs) ToUserOwnedGrafeasNotePtrOutputWithContext 

func (i UserOwnedGrafeasNoteArgs) ToUserOwnedGrafeasNotePtrOutputWithContext(ctx context.Context) UserOwnedGrafeasNotePtrOutput

type UserOwnedGrafeasNoteInput 

type UserOwnedGrafeasNoteInput interface {
	pulumi.Input

	ToUserOwnedGrafeasNoteOutput() UserOwnedGrafeasNoteOutput
	ToUserOwnedGrafeasNoteOutputWithContext(context.Context) UserOwnedGrafeasNoteOutput
}

UserOwnedGrafeasNoteInput is an input type that accepts UserOwnedGrafeasNoteArgs and UserOwnedGrafeasNoteOutput values. You can construct a concrete instance of `UserOwnedGrafeasNoteInput` via: 

UserOwnedGrafeasNoteArgs{...}

type UserOwnedGrafeasNoteOutput 

type UserOwnedGrafeasNoteOutput struct{ *pulumi.OutputState }

An user owned Grafeas note references a Grafeas Attestation.Authority Note created by the user.

func (UserOwnedGrafeasNoteOutput) ElementType 

func (UserOwnedGrafeasNoteOutput) ElementType() reflect.Type

func (UserOwnedGrafeasNoteOutput) NoteReference 

func (o UserOwnedGrafeasNoteOutput) NoteReference() pulumi.StringOutput

The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.

func (UserOwnedGrafeasNoteOutput) PublicKeys 

func (o UserOwnedGrafeasNoteOutput) PublicKeys() AttestorPublicKeyArrayOutput

Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

func (UserOwnedGrafeasNoteOutput) ToUserOwnedGrafeasNoteOutput 

func (o UserOwnedGrafeasNoteOutput) ToUserOwnedGrafeasNoteOutput() UserOwnedGrafeasNoteOutput

func (UserOwnedGrafeasNoteOutput) ToUserOwnedGrafeasNoteOutputWithContext 

func (o UserOwnedGrafeasNoteOutput) ToUserOwnedGrafeasNoteOutputWithContext(ctx context.Context) UserOwnedGrafeasNoteOutput

func (UserOwnedGrafeasNoteOutput) ToUserOwnedGrafeasNotePtrOutput 

func (o UserOwnedGrafeasNoteOutput) ToUserOwnedGrafeasNotePtrOutput() UserOwnedGrafeasNotePtrOutput

func (UserOwnedGrafeasNoteOutput) ToUserOwnedGrafeasNotePtrOutputWithContext 

func (o UserOwnedGrafeasNoteOutput) ToUserOwnedGrafeasNotePtrOutputWithContext(ctx context.Context) UserOwnedGrafeasNotePtrOutput

type UserOwnedGrafeasNotePtrInput 

type UserOwnedGrafeasNotePtrInput interface {
	pulumi.Input

	ToUserOwnedGrafeasNotePtrOutput() UserOwnedGrafeasNotePtrOutput
	ToUserOwnedGrafeasNotePtrOutputWithContext(context.Context) UserOwnedGrafeasNotePtrOutput
}

UserOwnedGrafeasNotePtrInput is an input type that accepts UserOwnedGrafeasNoteArgs, UserOwnedGrafeasNotePtr and UserOwnedGrafeasNotePtrOutput values. You can construct a concrete instance of `UserOwnedGrafeasNotePtrInput` via: 

        UserOwnedGrafeasNoteArgs{...}

or:

        nil

func UserOwnedGrafeasNotePtr 

func UserOwnedGrafeasNotePtr(v *UserOwnedGrafeasNoteArgs) UserOwnedGrafeasNotePtrInput

type UserOwnedGrafeasNotePtrOutput 

type UserOwnedGrafeasNotePtrOutput struct{ *pulumi.OutputState }

func (UserOwnedGrafeasNotePtrOutput) Elem 

func (o UserOwnedGrafeasNotePtrOutput) Elem() UserOwnedGrafeasNoteOutput

func (UserOwnedGrafeasNotePtrOutput) ElementType 

func (UserOwnedGrafeasNotePtrOutput) ElementType() reflect.Type

func (UserOwnedGrafeasNotePtrOutput) NoteReference 

func (o UserOwnedGrafeasNotePtrOutput) NoteReference() pulumi.StringPtrOutput

The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.

func (UserOwnedGrafeasNotePtrOutput) PublicKeys 

func (o UserOwnedGrafeasNotePtrOutput) PublicKeys() AttestorPublicKeyArrayOutput

Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

func (UserOwnedGrafeasNotePtrOutput) ToUserOwnedGrafeasNotePtrOutput 

func (o UserOwnedGrafeasNotePtrOutput) ToUserOwnedGrafeasNotePtrOutput() UserOwnedGrafeasNotePtrOutput

func (UserOwnedGrafeasNotePtrOutput) ToUserOwnedGrafeasNotePtrOutputWithContext 

func (o UserOwnedGrafeasNotePtrOutput) ToUserOwnedGrafeasNotePtrOutputWithContext(ctx context.Context) UserOwnedGrafeasNotePtrOutput

type UserOwnedGrafeasNoteResponse 

type UserOwnedGrafeasNoteResponse struct {
	// This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (`containeranalysis.notes.occurrences.viewer`). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
	DelegationServiceAccountEmail string `pulumi:"delegationServiceAccountEmail"`
	// The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
	NoteReference string `pulumi:"noteReference"`
	// Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
	PublicKeys []AttestorPublicKeyResponse `pulumi:"publicKeys"`
}

An user owned Grafeas note references a Grafeas Attestation.Authority Note created by the user.

type UserOwnedGrafeasNoteResponseOutput 

type UserOwnedGrafeasNoteResponseOutput struct{ *pulumi.OutputState }

An user owned Grafeas note references a Grafeas Attestation.Authority Note created by the user.

func (UserOwnedGrafeasNoteResponseOutput) DelegationServiceAccountEmail 

func (o UserOwnedGrafeasNoteResponseOutput) DelegationServiceAccountEmail() pulumi.StringOutput

This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (`containeranalysis.notes.occurrences.viewer`). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.

func (UserOwnedGrafeasNoteResponseOutput) ElementType 

func (UserOwnedGrafeasNoteResponseOutput) ElementType() reflect.Type

func (UserOwnedGrafeasNoteResponseOutput) NoteReference 

func (o UserOwnedGrafeasNoteResponseOutput) NoteReference() pulumi.StringOutput

The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: `projects/*/notes/*`. This field may not be updated. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.

func (UserOwnedGrafeasNoteResponseOutput) PublicKeys 

func (o UserOwnedGrafeasNoteResponseOutput) PublicKeys() AttestorPublicKeyResponseArrayOutput

Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.

func (UserOwnedGrafeasNoteResponseOutput) ToUserOwnedGrafeasNoteResponseOutput 

func (o UserOwnedGrafeasNoteResponseOutput) ToUserOwnedGrafeasNoteResponseOutput() UserOwnedGrafeasNoteResponseOutput

func (UserOwnedGrafeasNoteResponseOutput) ToUserOwnedGrafeasNoteResponseOutputWithContext 

func (o UserOwnedGrafeasNoteResponseOutput) ToUserOwnedGrafeasNoteResponseOutputWithContext(ctx context.Context) UserOwnedGrafeasNoteResponseOutput

type VerificationRule added in v0.32.0 

type VerificationRule struct {
	// Specifies where to fetch the provenances attestations generated by the builder (group).
	AttestationSource *AttestationSource `pulumi:"attestationSource"`
	// If true, require the image to be built from a top-level configuration. `trusted_source_repo_patterns` specifies the repositories containing this configuration.
	ConfigBasedBuildRequired *bool `pulumi:"configBasedBuildRequired"`
	// Each verification rule is used for evaluation against provenances generated by a specific builder (group). For some of the builders, such as the Google Cloud Build, users don't need to explicitly specify their roots of trust in the policy since the evaluation service can automatically fetch them based on the builder (group).
	TrustedBuilder *VerificationRuleTrustedBuilder `pulumi:"trustedBuilder"`
	// List of trusted source code repository URL patterns. These patterns match the full repository URL without its scheme (e.g. `https://`). The patterns must not include schemes. For example, the pattern `source.cloud.google.com/my-project/my-repo-name` matches the following URLs: - `source.cloud.google.com/my-project/my-repo-name` - `git+ssh://source.cloud.google.com/my-project/my-repo-name` - `https://source.cloud.google.com/my-project/my-repo-name` A pattern matches a URL either exactly or with `*` wildcards. `*` can be used in only two ways: 1. trailing `*` after hosturi/ to match varying endings; 2. trailing `**` after hosturi/ to match `/` as well. `*` and `**` can only be used as wildcards and can only occur at the end of the pattern after a `/`. (So it's not possible to match a URL that contains literal `*`.) For example: - `github.com/my-project/my-repo` is valid to match a single repo - `github.com/my-project/*` will match all direct repos in `my-project` - `github.com/**` matches all repos in GitHub
	TrustedSourceRepoPatterns []string `pulumi:"trustedSourceRepoPatterns"`
}

Specifies verification rules for evaluating the SLSA attestations including: which builders to trust, where to fetch the SLSA attestations generated by those builders, and other builder-specific evaluation rules such as which source repositories are trusted. An image is considered verified by the rule if any of the fetched SLSA attestations is verified.

type VerificationRuleArgs added in v0.32.0 

type VerificationRuleArgs struct {
	// Specifies where to fetch the provenances attestations generated by the builder (group).
	AttestationSource AttestationSourcePtrInput `pulumi:"attestationSource"`
	// If true, require the image to be built from a top-level configuration. `trusted_source_repo_patterns` specifies the repositories containing this configuration.
	ConfigBasedBuildRequired pulumi.BoolPtrInput `pulumi:"configBasedBuildRequired"`
	// Each verification rule is used for evaluation against provenances generated by a specific builder (group). For some of the builders, such as the Google Cloud Build, users don't need to explicitly specify their roots of trust in the policy since the evaluation service can automatically fetch them based on the builder (group).
	TrustedBuilder VerificationRuleTrustedBuilderPtrInput `pulumi:"trustedBuilder"`
	// List of trusted source code repository URL patterns. These patterns match the full repository URL without its scheme (e.g. `https://`). The patterns must not include schemes. For example, the pattern `source.cloud.google.com/my-project/my-repo-name` matches the following URLs: - `source.cloud.google.com/my-project/my-repo-name` - `git+ssh://source.cloud.google.com/my-project/my-repo-name` - `https://source.cloud.google.com/my-project/my-repo-name` A pattern matches a URL either exactly or with `*` wildcards. `*` can be used in only two ways: 1. trailing `*` after hosturi/ to match varying endings; 2. trailing `**` after hosturi/ to match `/` as well. `*` and `**` can only be used as wildcards and can only occur at the end of the pattern after a `/`. (So it's not possible to match a URL that contains literal `*`.) For example: - `github.com/my-project/my-repo` is valid to match a single repo - `github.com/my-project/*` will match all direct repos in `my-project` - `github.com/**` matches all repos in GitHub
	TrustedSourceRepoPatterns pulumi.StringArrayInput `pulumi:"trustedSourceRepoPatterns"`
}

Specifies verification rules for evaluating the SLSA attestations including: which builders to trust, where to fetch the SLSA attestations generated by those builders, and other builder-specific evaluation rules such as which source repositories are trusted. An image is considered verified by the rule if any of the fetched SLSA attestations is verified.

func (VerificationRuleArgs) ElementType added in v0.32.0 

func (VerificationRuleArgs) ElementType() reflect.Type

func (VerificationRuleArgs) ToVerificationRuleOutput added in v0.32.0 

func (i VerificationRuleArgs) ToVerificationRuleOutput() VerificationRuleOutput

func (VerificationRuleArgs) ToVerificationRuleOutputWithContext added in v0.32.0 

func (i VerificationRuleArgs) ToVerificationRuleOutputWithContext(ctx context.Context) VerificationRuleOutput

type VerificationRuleArray added in v0.32.0 

type VerificationRuleArray []VerificationRuleInput

func (VerificationRuleArray) ElementType added in v0.32.0 

func (VerificationRuleArray) ElementType() reflect.Type

func (VerificationRuleArray) ToVerificationRuleArrayOutput added in v0.32.0 

func (i VerificationRuleArray) ToVerificationRuleArrayOutput() VerificationRuleArrayOutput

func (VerificationRuleArray) ToVerificationRuleArrayOutputWithContext added in v0.32.0 

func (i VerificationRuleArray) ToVerificationRuleArrayOutputWithContext(ctx context.Context) VerificationRuleArrayOutput

type VerificationRuleArrayInput added in v0.32.0 

type VerificationRuleArrayInput interface {
	pulumi.Input

	ToVerificationRuleArrayOutput() VerificationRuleArrayOutput
	ToVerificationRuleArrayOutputWithContext(context.Context) VerificationRuleArrayOutput
}

VerificationRuleArrayInput is an input type that accepts VerificationRuleArray and VerificationRuleArrayOutput values. You can construct a concrete instance of `VerificationRuleArrayInput` via: 

VerificationRuleArray{ VerificationRuleArgs{...} }

type VerificationRuleArrayOutput added in v0.32.0 

type VerificationRuleArrayOutput struct{ *pulumi.OutputState }

func (VerificationRuleArrayOutput) ElementType added in v0.32.0 

func (VerificationRuleArrayOutput) ElementType() reflect.Type

func (VerificationRuleArrayOutput) Index added in v0.32.0 

func (o VerificationRuleArrayOutput) Index(i pulumi.IntInput) VerificationRuleOutput

func (VerificationRuleArrayOutput) ToVerificationRuleArrayOutput added in v0.32.0 

func (o VerificationRuleArrayOutput) ToVerificationRuleArrayOutput() VerificationRuleArrayOutput

func (VerificationRuleArrayOutput) ToVerificationRuleArrayOutputWithContext added in v0.32.0 

func (o VerificationRuleArrayOutput) ToVerificationRuleArrayOutputWithContext(ctx context.Context) VerificationRuleArrayOutput

type VerificationRuleInput added in v0.32.0 

type VerificationRuleInput interface {
	pulumi.Input

	ToVerificationRuleOutput() VerificationRuleOutput
	ToVerificationRuleOutputWithContext(context.Context) VerificationRuleOutput
}

VerificationRuleInput is an input type that accepts VerificationRuleArgs and VerificationRuleOutput values. You can construct a concrete instance of `VerificationRuleInput` via: 

VerificationRuleArgs{...}

type VerificationRuleOutput added in v0.32.0 

type VerificationRuleOutput struct{ *pulumi.OutputState }

Specifies verification rules for evaluating the SLSA attestations including: which builders to trust, where to fetch the SLSA attestations generated by those builders, and other builder-specific evaluation rules such as which source repositories are trusted. An image is considered verified by the rule if any of the fetched SLSA attestations is verified.

func (VerificationRuleOutput) AttestationSource added in v0.32.0 

func (o VerificationRuleOutput) AttestationSource() AttestationSourcePtrOutput

Specifies where to fetch the provenances attestations generated by the builder (group).

func (VerificationRuleOutput) ConfigBasedBuildRequired added in v0.32.0 

func (o VerificationRuleOutput) ConfigBasedBuildRequired() pulumi.BoolPtrOutput

If true, require the image to be built from a top-level configuration. `trusted_source_repo_patterns` specifies the repositories containing this configuration.

func (VerificationRuleOutput) ElementType added in v0.32.0 

func (VerificationRuleOutput) ElementType() reflect.Type

func (VerificationRuleOutput) ToVerificationRuleOutput added in v0.32.0 

func (o VerificationRuleOutput) ToVerificationRuleOutput() VerificationRuleOutput

func (VerificationRuleOutput) ToVerificationRuleOutputWithContext added in v0.32.0 

func (o VerificationRuleOutput) ToVerificationRuleOutputWithContext(ctx context.Context) VerificationRuleOutput

func (VerificationRuleOutput) TrustedBuilder added in v0.32.0 

func (o VerificationRuleOutput) TrustedBuilder() VerificationRuleTrustedBuilderPtrOutput

Each verification rule is used for evaluation against provenances generated by a specific builder (group). For some of the builders, such as the Google Cloud Build, users don't need to explicitly specify their roots of trust in the policy since the evaluation service can automatically fetch them based on the builder (group).

func (VerificationRuleOutput) TrustedSourceRepoPatterns added in v0.32.0 

func (o VerificationRuleOutput) TrustedSourceRepoPatterns() pulumi.StringArrayOutput

List of trusted source code repository URL patterns. These patterns match the full repository URL without its scheme (e.g. `https://`). The patterns must not include schemes. For example, the pattern `source.cloud.google.com/my-project/my-repo-name` matches the following URLs: - `source.cloud.google.com/my-project/my-repo-name` - `git+ssh://source.cloud.google.com/my-project/my-repo-name` - `https://source.cloud.google.com/my-project/my-repo-name` A pattern matches a URL either exactly or with `*` wildcards. `*` can be used in only two ways: 1. trailing `*` after hosturi/ to match varying endings; 2. trailing `**` after hosturi/ to match `/` as well. `*` and `**` can only be used as wildcards and can only occur at the end of the pattern after a `/`. (So it's not possible to match a URL that contains literal `*`.) For example: - `github.com/my-project/my-repo` is valid to match a single repo - `github.com/my-project/*` will match all direct repos in `my-project` - `github.com/**` matches all repos in GitHub

type VerificationRuleResponse added in v0.32.0 

type VerificationRuleResponse struct {
	// Specifies where to fetch the provenances attestations generated by the builder (group).
	AttestationSource AttestationSourceResponse `pulumi:"attestationSource"`
	// If true, require the image to be built from a top-level configuration. `trusted_source_repo_patterns` specifies the repositories containing this configuration.
	ConfigBasedBuildRequired bool `pulumi:"configBasedBuildRequired"`
	// Each verification rule is used for evaluation against provenances generated by a specific builder (group). For some of the builders, such as the Google Cloud Build, users don't need to explicitly specify their roots of trust in the policy since the evaluation service can automatically fetch them based on the builder (group).
	TrustedBuilder string `pulumi:"trustedBuilder"`
	// List of trusted source code repository URL patterns. These patterns match the full repository URL without its scheme (e.g. `https://`). The patterns must not include schemes. For example, the pattern `source.cloud.google.com/my-project/my-repo-name` matches the following URLs: - `source.cloud.google.com/my-project/my-repo-name` - `git+ssh://source.cloud.google.com/my-project/my-repo-name` - `https://source.cloud.google.com/my-project/my-repo-name` A pattern matches a URL either exactly or with `*` wildcards. `*` can be used in only two ways: 1. trailing `*` after hosturi/ to match varying endings; 2. trailing `**` after hosturi/ to match `/` as well. `*` and `**` can only be used as wildcards and can only occur at the end of the pattern after a `/`. (So it's not possible to match a URL that contains literal `*`.) For example: - `github.com/my-project/my-repo` is valid to match a single repo - `github.com/my-project/*` will match all direct repos in `my-project` - `github.com/**` matches all repos in GitHub
	TrustedSourceRepoPatterns []string `pulumi:"trustedSourceRepoPatterns"`
}

Specifies verification rules for evaluating the SLSA attestations including: which builders to trust, where to fetch the SLSA attestations generated by those builders, and other builder-specific evaluation rules such as which source repositories are trusted. An image is considered verified by the rule if any of the fetched SLSA attestations is verified.

type VerificationRuleResponseArrayOutput added in v0.32.0 

type VerificationRuleResponseArrayOutput struct{ *pulumi.OutputState }

func (VerificationRuleResponseArrayOutput) ElementType added in v0.32.0 

func (VerificationRuleResponseArrayOutput) ElementType() reflect.Type

func (VerificationRuleResponseArrayOutput) Index added in v0.32.0 

func (o VerificationRuleResponseArrayOutput) Index(i pulumi.IntInput) VerificationRuleResponseOutput

func (VerificationRuleResponseArrayOutput) ToVerificationRuleResponseArrayOutput added in v0.32.0 

func (o VerificationRuleResponseArrayOutput) ToVerificationRuleResponseArrayOutput() VerificationRuleResponseArrayOutput

func (VerificationRuleResponseArrayOutput) ToVerificationRuleResponseArrayOutputWithContext added in v0.32.0 

func (o VerificationRuleResponseArrayOutput) ToVerificationRuleResponseArrayOutputWithContext(ctx context.Context) VerificationRuleResponseArrayOutput

type VerificationRuleResponseOutput added in v0.32.0 

type VerificationRuleResponseOutput struct{ *pulumi.OutputState }

Specifies verification rules for evaluating the SLSA attestations including: which builders to trust, where to fetch the SLSA attestations generated by those builders, and other builder-specific evaluation rules such as which source repositories are trusted. An image is considered verified by the rule if any of the fetched SLSA attestations is verified.

func (VerificationRuleResponseOutput) AttestationSource added in v0.32.0 

func (o VerificationRuleResponseOutput) AttestationSource() AttestationSourceResponseOutput

Specifies where to fetch the provenances attestations generated by the builder (group).

func (VerificationRuleResponseOutput) ConfigBasedBuildRequired added in v0.32.0 

func (o VerificationRuleResponseOutput) ConfigBasedBuildRequired() pulumi.BoolOutput

If true, require the image to be built from a top-level configuration. `trusted_source_repo_patterns` specifies the repositories containing this configuration.

func (VerificationRuleResponseOutput) ElementType added in v0.32.0 

func (VerificationRuleResponseOutput) ElementType() reflect.Type

func (VerificationRuleResponseOutput) ToVerificationRuleResponseOutput added in v0.32.0 

func (o VerificationRuleResponseOutput) ToVerificationRuleResponseOutput() VerificationRuleResponseOutput

func (VerificationRuleResponseOutput) ToVerificationRuleResponseOutputWithContext added in v0.32.0 

func (o VerificationRuleResponseOutput) ToVerificationRuleResponseOutputWithContext(ctx context.Context) VerificationRuleResponseOutput

func (VerificationRuleResponseOutput) TrustedBuilder added in v0.32.0 

func (o VerificationRuleResponseOutput) TrustedBuilder() pulumi.StringOutput

Each verification rule is used for evaluation against provenances generated by a specific builder (group). For some of the builders, such as the Google Cloud Build, users don't need to explicitly specify their roots of trust in the policy since the evaluation service can automatically fetch them based on the builder (group).

func (VerificationRuleResponseOutput) TrustedSourceRepoPatterns added in v0.32.0 

func (o VerificationRuleResponseOutput) TrustedSourceRepoPatterns() pulumi.StringArrayOutput

List of trusted source code repository URL patterns. These patterns match the full repository URL without its scheme (e.g. `https://`). The patterns must not include schemes. For example, the pattern `source.cloud.google.com/my-project/my-repo-name` matches the following URLs: - `source.cloud.google.com/my-project/my-repo-name` - `git+ssh://source.cloud.google.com/my-project/my-repo-name` - `https://source.cloud.google.com/my-project/my-repo-name` A pattern matches a URL either exactly or with `*` wildcards. `*` can be used in only two ways: 1. trailing `*` after hosturi/ to match varying endings; 2. trailing `**` after hosturi/ to match `/` as well. `*` and `**` can only be used as wildcards and can only occur at the end of the pattern after a `/`. (So it's not possible to match a URL that contains literal `*`.) For example: - `github.com/my-project/my-repo` is valid to match a single repo - `github.com/my-project/*` will match all direct repos in `my-project` - `github.com/**` matches all repos in GitHub

type VerificationRuleTrustedBuilder added in v0.32.0 

type VerificationRuleTrustedBuilder string

Each verification rule is used for evaluation against provenances generated by a specific builder (group). For some of the builders, such as the Google Cloud Build, users don't need to explicitly specify their roots of trust in the policy since the evaluation service can automatically fetch them based on the builder (group).

func (VerificationRuleTrustedBuilder) ElementType added in v0.32.0 

func (VerificationRuleTrustedBuilder) ElementType() reflect.Type

func (VerificationRuleTrustedBuilder) ToStringOutput added in v0.32.0 

func (e VerificationRuleTrustedBuilder) ToStringOutput() pulumi.StringOutput

func (VerificationRuleTrustedBuilder) ToStringOutputWithContext added in v0.32.0 

func (e VerificationRuleTrustedBuilder) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (VerificationRuleTrustedBuilder) ToStringPtrOutput added in v0.32.0 

func (e VerificationRuleTrustedBuilder) ToStringPtrOutput() pulumi.StringPtrOutput

func (VerificationRuleTrustedBuilder) ToStringPtrOutputWithContext added in v0.32.0 

func (e VerificationRuleTrustedBuilder) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (VerificationRuleTrustedBuilder) ToVerificationRuleTrustedBuilderOutput added in v0.32.0 

func (e VerificationRuleTrustedBuilder) ToVerificationRuleTrustedBuilderOutput() VerificationRuleTrustedBuilderOutput

func (VerificationRuleTrustedBuilder) ToVerificationRuleTrustedBuilderOutputWithContext added in v0.32.0 

func (e VerificationRuleTrustedBuilder) ToVerificationRuleTrustedBuilderOutputWithContext(ctx context.Context) VerificationRuleTrustedBuilderOutput

func (VerificationRuleTrustedBuilder) ToVerificationRuleTrustedBuilderPtrOutput added in v0.32.0 

func (e VerificationRuleTrustedBuilder) ToVerificationRuleTrustedBuilderPtrOutput() VerificationRuleTrustedBuilderPtrOutput

func (VerificationRuleTrustedBuilder) ToVerificationRuleTrustedBuilderPtrOutputWithContext added in v0.32.0 

func (e VerificationRuleTrustedBuilder) ToVerificationRuleTrustedBuilderPtrOutputWithContext(ctx context.Context) VerificationRuleTrustedBuilderPtrOutput

type VerificationRuleTrustedBuilderInput added in v0.32.0 

type VerificationRuleTrustedBuilderInput interface {
	pulumi.Input

	ToVerificationRuleTrustedBuilderOutput() VerificationRuleTrustedBuilderOutput
	ToVerificationRuleTrustedBuilderOutputWithContext(context.Context) VerificationRuleTrustedBuilderOutput
}

VerificationRuleTrustedBuilderInput is an input type that accepts VerificationRuleTrustedBuilderArgs and VerificationRuleTrustedBuilderOutput values. You can construct a concrete instance of `VerificationRuleTrustedBuilderInput` via: 

VerificationRuleTrustedBuilderArgs{...}

type VerificationRuleTrustedBuilderOutput added in v0.32.0 

type VerificationRuleTrustedBuilderOutput struct{ *pulumi.OutputState }

func (VerificationRuleTrustedBuilderOutput) ElementType added in v0.32.0 

func (VerificationRuleTrustedBuilderOutput) ElementType() reflect.Type

func (VerificationRuleTrustedBuilderOutput) ToStringOutput added in v0.32.0 

func (o VerificationRuleTrustedBuilderOutput) ToStringOutput() pulumi.StringOutput

func (VerificationRuleTrustedBuilderOutput) ToStringOutputWithContext added in v0.32.0 

func (o VerificationRuleTrustedBuilderOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (VerificationRuleTrustedBuilderOutput) ToStringPtrOutput added in v0.32.0 

func (o VerificationRuleTrustedBuilderOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (VerificationRuleTrustedBuilderOutput) ToStringPtrOutputWithContext added in v0.32.0 

func (o VerificationRuleTrustedBuilderOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (VerificationRuleTrustedBuilderOutput) ToVerificationRuleTrustedBuilderOutput added in v0.32.0 

func (o VerificationRuleTrustedBuilderOutput) ToVerificationRuleTrustedBuilderOutput() VerificationRuleTrustedBuilderOutput

func (VerificationRuleTrustedBuilderOutput) ToVerificationRuleTrustedBuilderOutputWithContext added in v0.32.0 

func (o VerificationRuleTrustedBuilderOutput) ToVerificationRuleTrustedBuilderOutputWithContext(ctx context.Context) VerificationRuleTrustedBuilderOutput

func (VerificationRuleTrustedBuilderOutput) ToVerificationRuleTrustedBuilderPtrOutput added in v0.32.0 

func (o VerificationRuleTrustedBuilderOutput) ToVerificationRuleTrustedBuilderPtrOutput() VerificationRuleTrustedBuilderPtrOutput

func (VerificationRuleTrustedBuilderOutput) ToVerificationRuleTrustedBuilderPtrOutputWithContext added in v0.32.0 

func (o VerificationRuleTrustedBuilderOutput) ToVerificationRuleTrustedBuilderPtrOutputWithContext(ctx context.Context) VerificationRuleTrustedBuilderPtrOutput

type VerificationRuleTrustedBuilderPtrInput added in v0.32.0 

type VerificationRuleTrustedBuilderPtrInput interface {
	pulumi.Input

	ToVerificationRuleTrustedBuilderPtrOutput() VerificationRuleTrustedBuilderPtrOutput
	ToVerificationRuleTrustedBuilderPtrOutputWithContext(context.Context) VerificationRuleTrustedBuilderPtrOutput
}

func VerificationRuleTrustedBuilderPtr added in v0.32.0 

func VerificationRuleTrustedBuilderPtr(v string) VerificationRuleTrustedBuilderPtrInput

type VerificationRuleTrustedBuilderPtrOutput added in v0.32.0 

type VerificationRuleTrustedBuilderPtrOutput struct{ *pulumi.OutputState }

func (VerificationRuleTrustedBuilderPtrOutput) Elem added in v0.32.0 

func (o VerificationRuleTrustedBuilderPtrOutput) Elem() VerificationRuleTrustedBuilderOutput

func (VerificationRuleTrustedBuilderPtrOutput) ElementType added in v0.32.0 

func (VerificationRuleTrustedBuilderPtrOutput) ElementType() reflect.Type

func (VerificationRuleTrustedBuilderPtrOutput) ToStringPtrOutput added in v0.32.0 

func (o VerificationRuleTrustedBuilderPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (VerificationRuleTrustedBuilderPtrOutput) ToStringPtrOutputWithContext added in v0.32.0 

func (o VerificationRuleTrustedBuilderPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (VerificationRuleTrustedBuilderPtrOutput) ToVerificationRuleTrustedBuilderPtrOutput added in v0.32.0 

func (o VerificationRuleTrustedBuilderPtrOutput) ToVerificationRuleTrustedBuilderPtrOutput() VerificationRuleTrustedBuilderPtrOutput

func (VerificationRuleTrustedBuilderPtrOutput) ToVerificationRuleTrustedBuilderPtrOutputWithContext added in v0.32.0 

func (o VerificationRuleTrustedBuilderPtrOutput) ToVerificationRuleTrustedBuilderPtrOutputWithContext(ctx context.Context) VerificationRuleTrustedBuilderPtrOutput

type VulnerabilityCheck added in v0.32.0 

type VulnerabilityCheck struct {
	// Optional. A list of specific CVEs to ignore even if the vulnerability level violates `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will allow vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.
	AllowedCves []string `pulumi:"allowedCves"`
	// Optional. A list of specific CVEs to always raise warnings about even if the vulnerability level meets `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will block vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.
	BlockedCves []string `pulumi:"blockedCves"`
	// Optional. The projects where vulnerabilities are stored as Container Analysis Occurrences. Each project is expressed in the resource format of `projects/[PROJECT_ID]`, e.g., `projects/my-gcp-project`. An attempt will be made for each project to fetch vulnerabilities, and all valid vulnerabilities will be used to check against the vulnerability policy. If no valid scan is found in all projects configured here, an error will be returned for the check.
	ContainerAnalysisVulnerabilityProjects []string `pulumi:"containerAnalysisVulnerabilityProjects"`
	// The threshold for severity for which a fix is currently available. This field is required and must be set.
	MaximumFixableSeverity VulnerabilityCheckMaximumFixableSeverity `pulumi:"maximumFixableSeverity"`
	// The threshold for severity for which a fix isn't currently available. This field is required and must be set.
	MaximumUnfixableSeverity VulnerabilityCheckMaximumUnfixableSeverity `pulumi:"maximumUnfixableSeverity"`
}

An image vulnerability check, which rejects images that violate the configured vulnerability rules.

type VulnerabilityCheckArgs added in v0.32.0 

type VulnerabilityCheckArgs struct {
	// Optional. A list of specific CVEs to ignore even if the vulnerability level violates `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will allow vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.
	AllowedCves pulumi.StringArrayInput `pulumi:"allowedCves"`
	// Optional. A list of specific CVEs to always raise warnings about even if the vulnerability level meets `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will block vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.
	BlockedCves pulumi.StringArrayInput `pulumi:"blockedCves"`
	// Optional. The projects where vulnerabilities are stored as Container Analysis Occurrences. Each project is expressed in the resource format of `projects/[PROJECT_ID]`, e.g., `projects/my-gcp-project`. An attempt will be made for each project to fetch vulnerabilities, and all valid vulnerabilities will be used to check against the vulnerability policy. If no valid scan is found in all projects configured here, an error will be returned for the check.
	ContainerAnalysisVulnerabilityProjects pulumi.StringArrayInput `pulumi:"containerAnalysisVulnerabilityProjects"`
	// The threshold for severity for which a fix is currently available. This field is required and must be set.
	MaximumFixableSeverity VulnerabilityCheckMaximumFixableSeverityInput `pulumi:"maximumFixableSeverity"`
	// The threshold for severity for which a fix isn't currently available. This field is required and must be set.
	MaximumUnfixableSeverity VulnerabilityCheckMaximumUnfixableSeverityInput `pulumi:"maximumUnfixableSeverity"`
}

An image vulnerability check, which rejects images that violate the configured vulnerability rules.

func (VulnerabilityCheckArgs) ElementType added in v0.32.0 

func (VulnerabilityCheckArgs) ElementType() reflect.Type

func (VulnerabilityCheckArgs) ToVulnerabilityCheckOutput added in v0.32.0 

func (i VulnerabilityCheckArgs) ToVulnerabilityCheckOutput() VulnerabilityCheckOutput

func (VulnerabilityCheckArgs) ToVulnerabilityCheckOutputWithContext added in v0.32.0 

func (i VulnerabilityCheckArgs) ToVulnerabilityCheckOutputWithContext(ctx context.Context) VulnerabilityCheckOutput

func (VulnerabilityCheckArgs) ToVulnerabilityCheckPtrOutput added in v0.32.0 

func (i VulnerabilityCheckArgs) ToVulnerabilityCheckPtrOutput() VulnerabilityCheckPtrOutput

func (VulnerabilityCheckArgs) ToVulnerabilityCheckPtrOutputWithContext added in v0.32.0 

func (i VulnerabilityCheckArgs) ToVulnerabilityCheckPtrOutputWithContext(ctx context.Context) VulnerabilityCheckPtrOutput

type VulnerabilityCheckInput added in v0.32.0 

type VulnerabilityCheckInput interface {
	pulumi.Input

	ToVulnerabilityCheckOutput() VulnerabilityCheckOutput
	ToVulnerabilityCheckOutputWithContext(context.Context) VulnerabilityCheckOutput
}

VulnerabilityCheckInput is an input type that accepts VulnerabilityCheckArgs and VulnerabilityCheckOutput values. You can construct a concrete instance of `VulnerabilityCheckInput` via: 

VulnerabilityCheckArgs{...}

type VulnerabilityCheckMaximumFixableSeverity added in v0.32.0 

type VulnerabilityCheckMaximumFixableSeverity string

Required. The threshold for severity for which a fix is currently available. This field is required and must be set.

func (VulnerabilityCheckMaximumFixableSeverity) ElementType added in v0.32.0 

func (VulnerabilityCheckMaximumFixableSeverity) ElementType() reflect.Type

func (VulnerabilityCheckMaximumFixableSeverity) ToStringOutput added in v0.32.0 

func (e VulnerabilityCheckMaximumFixableSeverity) ToStringOutput() pulumi.StringOutput

func (VulnerabilityCheckMaximumFixableSeverity) ToStringOutputWithContext added in v0.32.0 

func (e VulnerabilityCheckMaximumFixableSeverity) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (VulnerabilityCheckMaximumFixableSeverity) ToStringPtrOutput added in v0.32.0 

func (e VulnerabilityCheckMaximumFixableSeverity) ToStringPtrOutput() pulumi.StringPtrOutput

func (VulnerabilityCheckMaximumFixableSeverity) ToStringPtrOutputWithContext added in v0.32.0 

func (e VulnerabilityCheckMaximumFixableSeverity) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (VulnerabilityCheckMaximumFixableSeverity) ToVulnerabilityCheckMaximumFixableSeverityOutput added in v0.32.0 

func (e VulnerabilityCheckMaximumFixableSeverity) ToVulnerabilityCheckMaximumFixableSeverityOutput() VulnerabilityCheckMaximumFixableSeverityOutput

func (VulnerabilityCheckMaximumFixableSeverity) ToVulnerabilityCheckMaximumFixableSeverityOutputWithContext added in v0.32.0 

func (e VulnerabilityCheckMaximumFixableSeverity) ToVulnerabilityCheckMaximumFixableSeverityOutputWithContext(ctx context.Context) VulnerabilityCheckMaximumFixableSeverityOutput

func (VulnerabilityCheckMaximumFixableSeverity) ToVulnerabilityCheckMaximumFixableSeverityPtrOutput added in v0.32.0 

func (e VulnerabilityCheckMaximumFixableSeverity) ToVulnerabilityCheckMaximumFixableSeverityPtrOutput() VulnerabilityCheckMaximumFixableSeverityPtrOutput

func (VulnerabilityCheckMaximumFixableSeverity) ToVulnerabilityCheckMaximumFixableSeverityPtrOutputWithContext added in v0.32.0 

func (e VulnerabilityCheckMaximumFixableSeverity) ToVulnerabilityCheckMaximumFixableSeverityPtrOutputWithContext(ctx context.Context) VulnerabilityCheckMaximumFixableSeverityPtrOutput

type VulnerabilityCheckMaximumFixableSeverityInput added in v0.32.0 

type VulnerabilityCheckMaximumFixableSeverityInput interface {
	pulumi.Input

	ToVulnerabilityCheckMaximumFixableSeverityOutput() VulnerabilityCheckMaximumFixableSeverityOutput
	ToVulnerabilityCheckMaximumFixableSeverityOutputWithContext(context.Context) VulnerabilityCheckMaximumFixableSeverityOutput
}

VulnerabilityCheckMaximumFixableSeverityInput is an input type that accepts VulnerabilityCheckMaximumFixableSeverityArgs and VulnerabilityCheckMaximumFixableSeverityOutput values. You can construct a concrete instance of `VulnerabilityCheckMaximumFixableSeverityInput` via: 

VulnerabilityCheckMaximumFixableSeverityArgs{...}

type VulnerabilityCheckMaximumFixableSeverityOutput added in v0.32.0 

type VulnerabilityCheckMaximumFixableSeverityOutput struct{ *pulumi.OutputState }

func (VulnerabilityCheckMaximumFixableSeverityOutput) ElementType added in v0.32.0 

func (VulnerabilityCheckMaximumFixableSeverityOutput) ElementType() reflect.Type

func (VulnerabilityCheckMaximumFixableSeverityOutput) ToStringOutput added in v0.32.0 

func (o VulnerabilityCheckMaximumFixableSeverityOutput) ToStringOutput() pulumi.StringOutput

func (VulnerabilityCheckMaximumFixableSeverityOutput) ToStringOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckMaximumFixableSeverityOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (VulnerabilityCheckMaximumFixableSeverityOutput) ToStringPtrOutput added in v0.32.0 

func (o VulnerabilityCheckMaximumFixableSeverityOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (VulnerabilityCheckMaximumFixableSeverityOutput) ToStringPtrOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckMaximumFixableSeverityOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (VulnerabilityCheckMaximumFixableSeverityOutput) ToVulnerabilityCheckMaximumFixableSeverityOutput added in v0.32.0 

func (o VulnerabilityCheckMaximumFixableSeverityOutput) ToVulnerabilityCheckMaximumFixableSeverityOutput() VulnerabilityCheckMaximumFixableSeverityOutput

func (VulnerabilityCheckMaximumFixableSeverityOutput) ToVulnerabilityCheckMaximumFixableSeverityOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckMaximumFixableSeverityOutput) ToVulnerabilityCheckMaximumFixableSeverityOutputWithContext(ctx context.Context) VulnerabilityCheckMaximumFixableSeverityOutput

func (VulnerabilityCheckMaximumFixableSeverityOutput) ToVulnerabilityCheckMaximumFixableSeverityPtrOutput added in v0.32.0 

func (o VulnerabilityCheckMaximumFixableSeverityOutput) ToVulnerabilityCheckMaximumFixableSeverityPtrOutput() VulnerabilityCheckMaximumFixableSeverityPtrOutput

func (VulnerabilityCheckMaximumFixableSeverityOutput) ToVulnerabilityCheckMaximumFixableSeverityPtrOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckMaximumFixableSeverityOutput) ToVulnerabilityCheckMaximumFixableSeverityPtrOutputWithContext(ctx context.Context) VulnerabilityCheckMaximumFixableSeverityPtrOutput

type VulnerabilityCheckMaximumFixableSeverityPtrInput added in v0.32.0 

type VulnerabilityCheckMaximumFixableSeverityPtrInput interface {
	pulumi.Input

	ToVulnerabilityCheckMaximumFixableSeverityPtrOutput() VulnerabilityCheckMaximumFixableSeverityPtrOutput
	ToVulnerabilityCheckMaximumFixableSeverityPtrOutputWithContext(context.Context) VulnerabilityCheckMaximumFixableSeverityPtrOutput
}

func VulnerabilityCheckMaximumFixableSeverityPtr added in v0.32.0 

func VulnerabilityCheckMaximumFixableSeverityPtr(v string) VulnerabilityCheckMaximumFixableSeverityPtrInput

type VulnerabilityCheckMaximumFixableSeverityPtrOutput added in v0.32.0 

type VulnerabilityCheckMaximumFixableSeverityPtrOutput struct{ *pulumi.OutputState }

func (VulnerabilityCheckMaximumFixableSeverityPtrOutput) Elem added in v0.32.0 

func (o VulnerabilityCheckMaximumFixableSeverityPtrOutput) Elem() VulnerabilityCheckMaximumFixableSeverityOutput

func (VulnerabilityCheckMaximumFixableSeverityPtrOutput) ElementType added in v0.32.0 

func (VulnerabilityCheckMaximumFixableSeverityPtrOutput) ElementType() reflect.Type

func (VulnerabilityCheckMaximumFixableSeverityPtrOutput) ToStringPtrOutput added in v0.32.0 

func (o VulnerabilityCheckMaximumFixableSeverityPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (VulnerabilityCheckMaximumFixableSeverityPtrOutput) ToStringPtrOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckMaximumFixableSeverityPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (VulnerabilityCheckMaximumFixableSeverityPtrOutput) ToVulnerabilityCheckMaximumFixableSeverityPtrOutput added in v0.32.0 

func (o VulnerabilityCheckMaximumFixableSeverityPtrOutput) ToVulnerabilityCheckMaximumFixableSeverityPtrOutput() VulnerabilityCheckMaximumFixableSeverityPtrOutput

func (VulnerabilityCheckMaximumFixableSeverityPtrOutput) ToVulnerabilityCheckMaximumFixableSeverityPtrOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckMaximumFixableSeverityPtrOutput) ToVulnerabilityCheckMaximumFixableSeverityPtrOutputWithContext(ctx context.Context) VulnerabilityCheckMaximumFixableSeverityPtrOutput

type VulnerabilityCheckMaximumUnfixableSeverity added in v0.32.0 

type VulnerabilityCheckMaximumUnfixableSeverity string

Required. The threshold for severity for which a fix isn't currently available. This field is required and must be set.

func (VulnerabilityCheckMaximumUnfixableSeverity) ElementType added in v0.32.0 

func (VulnerabilityCheckMaximumUnfixableSeverity) ElementType() reflect.Type

func (VulnerabilityCheckMaximumUnfixableSeverity) ToStringOutput added in v0.32.0 

func (e VulnerabilityCheckMaximumUnfixableSeverity) ToStringOutput() pulumi.StringOutput

func (VulnerabilityCheckMaximumUnfixableSeverity) ToStringOutputWithContext added in v0.32.0 

func (e VulnerabilityCheckMaximumUnfixableSeverity) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (VulnerabilityCheckMaximumUnfixableSeverity) ToStringPtrOutput added in v0.32.0 

func (e VulnerabilityCheckMaximumUnfixableSeverity) ToStringPtrOutput() pulumi.StringPtrOutput

func (VulnerabilityCheckMaximumUnfixableSeverity) ToStringPtrOutputWithContext added in v0.32.0 

func (e VulnerabilityCheckMaximumUnfixableSeverity) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (VulnerabilityCheckMaximumUnfixableSeverity) ToVulnerabilityCheckMaximumUnfixableSeverityOutput added in v0.32.0 

func (e VulnerabilityCheckMaximumUnfixableSeverity) ToVulnerabilityCheckMaximumUnfixableSeverityOutput() VulnerabilityCheckMaximumUnfixableSeverityOutput

func (VulnerabilityCheckMaximumUnfixableSeverity) ToVulnerabilityCheckMaximumUnfixableSeverityOutputWithContext added in v0.32.0 

func (e VulnerabilityCheckMaximumUnfixableSeverity) ToVulnerabilityCheckMaximumUnfixableSeverityOutputWithContext(ctx context.Context) VulnerabilityCheckMaximumUnfixableSeverityOutput

func (VulnerabilityCheckMaximumUnfixableSeverity) ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutput added in v0.32.0 

func (e VulnerabilityCheckMaximumUnfixableSeverity) ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutput() VulnerabilityCheckMaximumUnfixableSeverityPtrOutput

func (VulnerabilityCheckMaximumUnfixableSeverity) ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutputWithContext added in v0.32.0 

func (e VulnerabilityCheckMaximumUnfixableSeverity) ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutputWithContext(ctx context.Context) VulnerabilityCheckMaximumUnfixableSeverityPtrOutput

type VulnerabilityCheckMaximumUnfixableSeverityInput added in v0.32.0 

type VulnerabilityCheckMaximumUnfixableSeverityInput interface {
	pulumi.Input

	ToVulnerabilityCheckMaximumUnfixableSeverityOutput() VulnerabilityCheckMaximumUnfixableSeverityOutput
	ToVulnerabilityCheckMaximumUnfixableSeverityOutputWithContext(context.Context) VulnerabilityCheckMaximumUnfixableSeverityOutput
}

VulnerabilityCheckMaximumUnfixableSeverityInput is an input type that accepts VulnerabilityCheckMaximumUnfixableSeverityArgs and VulnerabilityCheckMaximumUnfixableSeverityOutput values. You can construct a concrete instance of `VulnerabilityCheckMaximumUnfixableSeverityInput` via: 

VulnerabilityCheckMaximumUnfixableSeverityArgs{...}

type VulnerabilityCheckMaximumUnfixableSeverityOutput added in v0.32.0 

type VulnerabilityCheckMaximumUnfixableSeverityOutput struct{ *pulumi.OutputState }

func (VulnerabilityCheckMaximumUnfixableSeverityOutput) ElementType added in v0.32.0 

func (VulnerabilityCheckMaximumUnfixableSeverityOutput) ElementType() reflect.Type

func (VulnerabilityCheckMaximumUnfixableSeverityOutput) ToStringOutput added in v0.32.0 

func (o VulnerabilityCheckMaximumUnfixableSeverityOutput) ToStringOutput() pulumi.StringOutput

func (VulnerabilityCheckMaximumUnfixableSeverityOutput) ToStringOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckMaximumUnfixableSeverityOutput) ToStringOutputWithContext(ctx context.Context) pulumi.StringOutput

func (VulnerabilityCheckMaximumUnfixableSeverityOutput) ToStringPtrOutput added in v0.32.0 

func (o VulnerabilityCheckMaximumUnfixableSeverityOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (VulnerabilityCheckMaximumUnfixableSeverityOutput) ToStringPtrOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckMaximumUnfixableSeverityOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (VulnerabilityCheckMaximumUnfixableSeverityOutput) ToVulnerabilityCheckMaximumUnfixableSeverityOutput added in v0.32.0 

func (o VulnerabilityCheckMaximumUnfixableSeverityOutput) ToVulnerabilityCheckMaximumUnfixableSeverityOutput() VulnerabilityCheckMaximumUnfixableSeverityOutput

func (VulnerabilityCheckMaximumUnfixableSeverityOutput) ToVulnerabilityCheckMaximumUnfixableSeverityOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckMaximumUnfixableSeverityOutput) ToVulnerabilityCheckMaximumUnfixableSeverityOutputWithContext(ctx context.Context) VulnerabilityCheckMaximumUnfixableSeverityOutput

func (VulnerabilityCheckMaximumUnfixableSeverityOutput) ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutput added in v0.32.0 

func (o VulnerabilityCheckMaximumUnfixableSeverityOutput) ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutput() VulnerabilityCheckMaximumUnfixableSeverityPtrOutput

func (VulnerabilityCheckMaximumUnfixableSeverityOutput) ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckMaximumUnfixableSeverityOutput) ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutputWithContext(ctx context.Context) VulnerabilityCheckMaximumUnfixableSeverityPtrOutput

type VulnerabilityCheckMaximumUnfixableSeverityPtrInput added in v0.32.0 

type VulnerabilityCheckMaximumUnfixableSeverityPtrInput interface {
	pulumi.Input

	ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutput() VulnerabilityCheckMaximumUnfixableSeverityPtrOutput
	ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutputWithContext(context.Context) VulnerabilityCheckMaximumUnfixableSeverityPtrOutput
}

func VulnerabilityCheckMaximumUnfixableSeverityPtr added in v0.32.0 

func VulnerabilityCheckMaximumUnfixableSeverityPtr(v string) VulnerabilityCheckMaximumUnfixableSeverityPtrInput

type VulnerabilityCheckMaximumUnfixableSeverityPtrOutput added in v0.32.0 

type VulnerabilityCheckMaximumUnfixableSeverityPtrOutput struct{ *pulumi.OutputState }

func (VulnerabilityCheckMaximumUnfixableSeverityPtrOutput) Elem added in v0.32.0 

func (o VulnerabilityCheckMaximumUnfixableSeverityPtrOutput) Elem() VulnerabilityCheckMaximumUnfixableSeverityOutput

func (VulnerabilityCheckMaximumUnfixableSeverityPtrOutput) ElementType added in v0.32.0 

func (VulnerabilityCheckMaximumUnfixableSeverityPtrOutput) ElementType() reflect.Type

func (VulnerabilityCheckMaximumUnfixableSeverityPtrOutput) ToStringPtrOutput added in v0.32.0 

func (o VulnerabilityCheckMaximumUnfixableSeverityPtrOutput) ToStringPtrOutput() pulumi.StringPtrOutput

func (VulnerabilityCheckMaximumUnfixableSeverityPtrOutput) ToStringPtrOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckMaximumUnfixableSeverityPtrOutput) ToStringPtrOutputWithContext(ctx context.Context) pulumi.StringPtrOutput

func (VulnerabilityCheckMaximumUnfixableSeverityPtrOutput) ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutput added in v0.32.0 

func (o VulnerabilityCheckMaximumUnfixableSeverityPtrOutput) ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutput() VulnerabilityCheckMaximumUnfixableSeverityPtrOutput

func (VulnerabilityCheckMaximumUnfixableSeverityPtrOutput) ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckMaximumUnfixableSeverityPtrOutput) ToVulnerabilityCheckMaximumUnfixableSeverityPtrOutputWithContext(ctx context.Context) VulnerabilityCheckMaximumUnfixableSeverityPtrOutput

type VulnerabilityCheckOutput added in v0.32.0 

type VulnerabilityCheckOutput struct{ *pulumi.OutputState }

An image vulnerability check, which rejects images that violate the configured vulnerability rules.

func (VulnerabilityCheckOutput) AllowedCves added in v0.32.0 

func (o VulnerabilityCheckOutput) AllowedCves() pulumi.StringArrayOutput

Optional. A list of specific CVEs to ignore even if the vulnerability level violates `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will allow vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.

func (VulnerabilityCheckOutput) BlockedCves added in v0.32.0 

func (o VulnerabilityCheckOutput) BlockedCves() pulumi.StringArrayOutput

Optional. A list of specific CVEs to always raise warnings about even if the vulnerability level meets `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will block vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.

func (VulnerabilityCheckOutput) ContainerAnalysisVulnerabilityProjects added in v0.32.0 

func (o VulnerabilityCheckOutput) ContainerAnalysisVulnerabilityProjects() pulumi.StringArrayOutput

Optional. The projects where vulnerabilities are stored as Container Analysis Occurrences. Each project is expressed in the resource format of `projects/[PROJECT_ID]`, e.g., `projects/my-gcp-project`. An attempt will be made for each project to fetch vulnerabilities, and all valid vulnerabilities will be used to check against the vulnerability policy. If no valid scan is found in all projects configured here, an error will be returned for the check.

func (VulnerabilityCheckOutput) ElementType added in v0.32.0 

func (VulnerabilityCheckOutput) ElementType() reflect.Type

func (VulnerabilityCheckOutput) MaximumFixableSeverity added in v0.32.0 

func (o VulnerabilityCheckOutput) MaximumFixableSeverity() VulnerabilityCheckMaximumFixableSeverityOutput

The threshold for severity for which a fix is currently available. This field is required and must be set.

func (VulnerabilityCheckOutput) MaximumUnfixableSeverity added in v0.32.0 

func (o VulnerabilityCheckOutput) MaximumUnfixableSeverity() VulnerabilityCheckMaximumUnfixableSeverityOutput

The threshold for severity for which a fix isn't currently available. This field is required and must be set.

func (VulnerabilityCheckOutput) ToVulnerabilityCheckOutput added in v0.32.0 

func (o VulnerabilityCheckOutput) ToVulnerabilityCheckOutput() VulnerabilityCheckOutput

func (VulnerabilityCheckOutput) ToVulnerabilityCheckOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckOutput) ToVulnerabilityCheckOutputWithContext(ctx context.Context) VulnerabilityCheckOutput

func (VulnerabilityCheckOutput) ToVulnerabilityCheckPtrOutput added in v0.32.0 

func (o VulnerabilityCheckOutput) ToVulnerabilityCheckPtrOutput() VulnerabilityCheckPtrOutput

func (VulnerabilityCheckOutput) ToVulnerabilityCheckPtrOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckOutput) ToVulnerabilityCheckPtrOutputWithContext(ctx context.Context) VulnerabilityCheckPtrOutput

type VulnerabilityCheckPtrInput added in v0.32.0 

type VulnerabilityCheckPtrInput interface {
	pulumi.Input

	ToVulnerabilityCheckPtrOutput() VulnerabilityCheckPtrOutput
	ToVulnerabilityCheckPtrOutputWithContext(context.Context) VulnerabilityCheckPtrOutput
}

VulnerabilityCheckPtrInput is an input type that accepts VulnerabilityCheckArgs, VulnerabilityCheckPtr and VulnerabilityCheckPtrOutput values. You can construct a concrete instance of `VulnerabilityCheckPtrInput` via: 

        VulnerabilityCheckArgs{...}

or:

        nil

func VulnerabilityCheckPtr added in v0.32.0 

func VulnerabilityCheckPtr(v *VulnerabilityCheckArgs) VulnerabilityCheckPtrInput

type VulnerabilityCheckPtrOutput added in v0.32.0 

type VulnerabilityCheckPtrOutput struct{ *pulumi.OutputState }

func (VulnerabilityCheckPtrOutput) AllowedCves added in v0.32.0 

func (o VulnerabilityCheckPtrOutput) AllowedCves() pulumi.StringArrayOutput

Optional. A list of specific CVEs to ignore even if the vulnerability level violates `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will allow vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.

func (VulnerabilityCheckPtrOutput) BlockedCves added in v0.32.0 

func (o VulnerabilityCheckPtrOutput) BlockedCves() pulumi.StringArrayOutput

Optional. A list of specific CVEs to always raise warnings about even if the vulnerability level meets `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will block vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.

func (VulnerabilityCheckPtrOutput) ContainerAnalysisVulnerabilityProjects added in v0.32.0 

func (o VulnerabilityCheckPtrOutput) ContainerAnalysisVulnerabilityProjects() pulumi.StringArrayOutput

Optional. The projects where vulnerabilities are stored as Container Analysis Occurrences. Each project is expressed in the resource format of `projects/[PROJECT_ID]`, e.g., `projects/my-gcp-project`. An attempt will be made for each project to fetch vulnerabilities, and all valid vulnerabilities will be used to check against the vulnerability policy. If no valid scan is found in all projects configured here, an error will be returned for the check.

func (VulnerabilityCheckPtrOutput) Elem added in v0.32.0 

func (o VulnerabilityCheckPtrOutput) Elem() VulnerabilityCheckOutput

func (VulnerabilityCheckPtrOutput) ElementType added in v0.32.0 

func (VulnerabilityCheckPtrOutput) ElementType() reflect.Type

func (VulnerabilityCheckPtrOutput) MaximumFixableSeverity added in v0.32.0 

func (o VulnerabilityCheckPtrOutput) MaximumFixableSeverity() VulnerabilityCheckMaximumFixableSeverityPtrOutput

The threshold for severity for which a fix is currently available. This field is required and must be set.

func (VulnerabilityCheckPtrOutput) MaximumUnfixableSeverity added in v0.32.0 

func (o VulnerabilityCheckPtrOutput) MaximumUnfixableSeverity() VulnerabilityCheckMaximumUnfixableSeverityPtrOutput

The threshold for severity for which a fix isn't currently available. This field is required and must be set.

func (VulnerabilityCheckPtrOutput) ToVulnerabilityCheckPtrOutput added in v0.32.0 

func (o VulnerabilityCheckPtrOutput) ToVulnerabilityCheckPtrOutput() VulnerabilityCheckPtrOutput

func (VulnerabilityCheckPtrOutput) ToVulnerabilityCheckPtrOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckPtrOutput) ToVulnerabilityCheckPtrOutputWithContext(ctx context.Context) VulnerabilityCheckPtrOutput

type VulnerabilityCheckResponse added in v0.32.0 

type VulnerabilityCheckResponse struct {
	// Optional. A list of specific CVEs to ignore even if the vulnerability level violates `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will allow vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.
	AllowedCves []string `pulumi:"allowedCves"`
	// Optional. A list of specific CVEs to always raise warnings about even if the vulnerability level meets `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will block vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.
	BlockedCves []string `pulumi:"blockedCves"`
	// Optional. The projects where vulnerabilities are stored as Container Analysis Occurrences. Each project is expressed in the resource format of `projects/[PROJECT_ID]`, e.g., `projects/my-gcp-project`. An attempt will be made for each project to fetch vulnerabilities, and all valid vulnerabilities will be used to check against the vulnerability policy. If no valid scan is found in all projects configured here, an error will be returned for the check.
	ContainerAnalysisVulnerabilityProjects []string `pulumi:"containerAnalysisVulnerabilityProjects"`
	// The threshold for severity for which a fix is currently available. This field is required and must be set.
	MaximumFixableSeverity string `pulumi:"maximumFixableSeverity"`
	// The threshold for severity for which a fix isn't currently available. This field is required and must be set.
	MaximumUnfixableSeverity string `pulumi:"maximumUnfixableSeverity"`
}

An image vulnerability check, which rejects images that violate the configured vulnerability rules.

type VulnerabilityCheckResponseOutput added in v0.32.0 

type VulnerabilityCheckResponseOutput struct{ *pulumi.OutputState }

An image vulnerability check, which rejects images that violate the configured vulnerability rules.

func (VulnerabilityCheckResponseOutput) AllowedCves added in v0.32.0 

func (o VulnerabilityCheckResponseOutput) AllowedCves() pulumi.StringArrayOutput

Optional. A list of specific CVEs to ignore even if the vulnerability level violates `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will allow vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.

func (VulnerabilityCheckResponseOutput) BlockedCves added in v0.32.0 

func (o VulnerabilityCheckResponseOutput) BlockedCves() pulumi.StringArrayOutput

Optional. A list of specific CVEs to always raise warnings about even if the vulnerability level meets `maximumUnfixableSeverity` or `maximumFixableSeverity`. CVEs are listed in the format of Container Analysis note id. For example: - CVE-2021-20305 - CVE-2020-10543 The CVEs are applicable regardless of note provider project, e.g., an entry of `CVE-2021-20305` will block vulnerabilities with a note name of either `projects/goog-vulnz/notes/CVE-2021-20305` or `projects/CUSTOM-PROJECT/notes/CVE-2021-20305`.

func (VulnerabilityCheckResponseOutput) ContainerAnalysisVulnerabilityProjects added in v0.32.0 

func (o VulnerabilityCheckResponseOutput) ContainerAnalysisVulnerabilityProjects() pulumi.StringArrayOutput

Optional. The projects where vulnerabilities are stored as Container Analysis Occurrences. Each project is expressed in the resource format of `projects/[PROJECT_ID]`, e.g., `projects/my-gcp-project`. An attempt will be made for each project to fetch vulnerabilities, and all valid vulnerabilities will be used to check against the vulnerability policy. If no valid scan is found in all projects configured here, an error will be returned for the check.

func (VulnerabilityCheckResponseOutput) ElementType added in v0.32.0 

func (VulnerabilityCheckResponseOutput) ElementType() reflect.Type

func (VulnerabilityCheckResponseOutput) MaximumFixableSeverity added in v0.32.0 

func (o VulnerabilityCheckResponseOutput) MaximumFixableSeverity() pulumi.StringOutput

The threshold for severity for which a fix is currently available. This field is required and must be set.

func (VulnerabilityCheckResponseOutput) MaximumUnfixableSeverity added in v0.32.0 

func (o VulnerabilityCheckResponseOutput) MaximumUnfixableSeverity() pulumi.StringOutput

The threshold for severity for which a fix isn't currently available. This field is required and must be set.

func (VulnerabilityCheckResponseOutput) ToVulnerabilityCheckResponseOutput added in v0.32.0 

func (o VulnerabilityCheckResponseOutput) ToVulnerabilityCheckResponseOutput() VulnerabilityCheckResponseOutput

func (VulnerabilityCheckResponseOutput) ToVulnerabilityCheckResponseOutputWithContext added in v0.32.0 

func (o VulnerabilityCheckResponseOutput) ToVulnerabilityCheckResponseOutputWithContext(ctx context.Context) VulnerabilityCheckResponseOutput

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.