This product is not supported for your selected Datadog site. ().
Cette page n'est pas encore disponible en français, sa traduction est en cours.
Si vous avez des questions ou des retours sur notre projet de traduction actuel, n'hésitez pas à nous contacter.

gcp_binaryauthorization_attestor

ancestors

Type: UNORDERED_LIST_STRING

description

Type: STRING
Provider name: description
Description: Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.

etag

Type: STRING
Provider name: etag
Description: Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.

labels

Type: UNORDERED_LIST_STRING

name

Type: STRING
Provider name: name
Description: Required. The resource name, in the format: projects/*/attestors/*. This field may not be updated.

organization_id

Type: STRING

parent

Type: STRING

project_id

Type: STRING

project_number

Type: STRING

resource_name

Type: STRING

tags

Type: UNORDERED_LIST_STRING

update_time

Type: TIMESTAMP
Provider name: updateTime
Description: Output only. Time when the attestor was last updated.

user_owned_grafeas_note

Type: STRUCT
Provider name: userOwnedGrafeasNote
Description: This specifies how an attestation will be read, and how it will be used during policy enforcement.

  • delegation_service_account_email
    Type: STRING
    Provider name: delegationServiceAccountEmail
    Description: Output only. This field will contain the service account email address that this attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.
  • note_reference
    Type: STRING
    Provider name: noteReference
    Description: Required. The Grafeas resource name of a Attestation.Authority Note, created by the user, in the format: projects/[PROJECT_ID]/notes/*. This field may not be updated. A project ID must be used, not a project number. An attestation by this attestor is stored as a Grafeas Attestation.Authority Occurrence that names a container image and that links to this Note. Grafeas is an external dependency.
  • public_keys
    Type: UNORDERED_LIST_STRUCT
    Provider name: publicKeys
    Description: Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
    • ascii_armored_pgp_public_key
      Type: STRING
      Provider name: asciiArmoredPgpPublicKey
      Description: ASCII-armored representation of a PGP public key, as the entire output by the command gpg --export --armor foo@example.com (either LF or CRLF line endings). When using this field, id should be left blank. The Binary Authorization API handlers will calculate the ID and fill it in automatically. Binary Authorization computes this ID as the OpenPGP RFC4880 V4 fingerprint, represented as upper-case hex. If id is provided by the caller, it will be overwritten by the API-calculated ID.
    • comment
      Type: STRING
      Provider name: comment
      Description: Optional. A descriptive comment. This field may be updated.
    • id
      Type: STRING
      Provider name: id
      Description: The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them, and that ID must match the contents of this field exactly. Additional restrictions on this field can be imposed based on which public key type is encapsulated. See the documentation on public_key cases below for details.
    • pkix_public_key
      Type: STRUCT
      Provider name: pkixPublicKey
      Description: A raw PKIX SubjectPublicKeyInfo format public key. NOTE: id may be explicitly provided by the caller when using this type of public key, but it MUST be a valid RFC3986 URI. If id is left blank, a default one will be computed based on the digest of the DER encoding of the public key.
      • key_id
        Type: STRING
        Provider name: keyId
        Description: Optional. The ID of this public key. Signatures verified by Binary Authorization must include the ID of the public key that can be used to verify them. The ID must match exactly contents of the key_id field exactly. The ID may be explicitly provided by the caller, but it MUST be a valid RFC3986 URI. If key_id is left blank and this PkixPublicKey is not used in the context of a wrapper (see next paragraph), a default key ID will be computed based on the digest of the DER encoding of the public key. If this PkixPublicKey is used in the context of a wrapper that has its own notion of key ID (e.g. AttestorPublicKey), then this field can either match that value exactly, or be left blank, in which case it behaves exactly as though it is equal to that wrapper value.
      • public_key_pem
        Type: STRING
        Provider name: publicKeyPem
        Description: A PEM-encoded public key, as described in https://tools.ietf.org/html/rfc7468#section-13
      • signature_algorithm
        Type: STRING
        Provider name: signatureAlgorithm
        Description: The signature algorithm used to verify a message against a signature using this key. These signature algorithm must match the structure and any object identifiers encoded in public_key_pem (i.e. this algorithm must match that of the public key).
        Possible values:
        • SIGNATURE_ALGORITHM_UNSPECIFIED - Not specified.
        • RSA_PSS_2048_SHA256 - RSASSA-PSS 2048 bit key with a SHA256 digest.
        • RSA_SIGN_PSS_2048_SHA256 - RSASSA-PSS 2048 bit key with a SHA256 digest.
        • RSA_PSS_3072_SHA256 - RSASSA-PSS 3072 bit key with a SHA256 digest.
        • RSA_SIGN_PSS_3072_SHA256 - RSASSA-PSS 3072 bit key with a SHA256 digest.
        • RSA_PSS_4096_SHA256 - RSASSA-PSS 4096 bit key with a SHA256 digest.
        • RSA_SIGN_PSS_4096_SHA256 - RSASSA-PSS 4096 bit key with a SHA256 digest.
        • RSA_PSS_4096_SHA512 - RSASSA-PSS 4096 bit key with a SHA512 digest.
        • RSA_SIGN_PSS_4096_SHA512 - RSASSA-PSS 4096 bit key with a SHA512 digest.
        • RSA_SIGN_PKCS1_2048_SHA256 - RSASSA-PKCS1-v1_5 with a 2048 bit key and a SHA256 digest.
        • RSA_SIGN_PKCS1_3072_SHA256 - RSASSA-PKCS1-v1_5 with a 3072 bit key and a SHA256 digest.
        • RSA_SIGN_PKCS1_4096_SHA256 - RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA256 digest.
        • RSA_SIGN_PKCS1_4096_SHA512 - RSASSA-PKCS1-v1_5 with a 4096 bit key and a SHA512 digest.
        • ECDSA_P256_SHA256 - ECDSA on the NIST P-256 curve with a SHA256 digest.
        • EC_SIGN_P256_SHA256 - ECDSA on the NIST P-256 curve with a SHA256 digest.
        • ECDSA_P384_SHA384 - ECDSA on the NIST P-384 curve with a SHA384 digest.
        • EC_SIGN_P384_SHA384 - ECDSA on the NIST P-384 curve with a SHA384 digest.
        • ECDSA_P521_SHA512 - ECDSA on the NIST P-521 curve with a SHA512 digest.
        • EC_SIGN_P521_SHA512 - ECDSA on the NIST P-521 curve with a SHA512 digest.