diff --git a/google/config.go b/google/config.go index 2cb0f942d07..56056182ea2 100644 --- a/google/config.go +++ b/google/config.go @@ -80,6 +80,7 @@ type Config struct { CloudFunctionsBasePath string CloudSchedulerBasePath string ComputeBasePath string + ContainerAnalysisBasePath string DataprocBasePath string DNSBasePath string FilestoreBasePath string @@ -206,6 +207,7 @@ var CloudBuildDefaultBasePath = "https://cloudbuild.googleapis.com/v1/" var CloudFunctionsDefaultBasePath = "https://cloudfunctions.googleapis.com/v1/" var CloudSchedulerDefaultBasePath = "https://cloudscheduler.googleapis.com/v1/" var ComputeDefaultBasePath = "https://www.googleapis.com/compute/v1/" +var ContainerAnalysisDefaultBasePath = "https://containeranalysis.googleapis.com/v1/" var DataprocDefaultBasePath = "https://dataproc.googleapis.com/v1/" var DNSDefaultBasePath = "https://www.googleapis.com/dns/v1/" var FilestoreDefaultBasePath = "https://file.googleapis.com/v1/" @@ -670,6 +672,7 @@ func ConfigureBasePaths(c *Config) { c.CloudFunctionsBasePath = CloudFunctionsDefaultBasePath c.CloudSchedulerBasePath = CloudSchedulerDefaultBasePath c.ComputeBasePath = ComputeDefaultBasePath + c.ContainerAnalysisBasePath = ContainerAnalysisDefaultBasePath c.DataprocBasePath = DataprocDefaultBasePath c.DNSBasePath = DNSDefaultBasePath c.FilestoreBasePath = FilestoreDefaultBasePath diff --git a/google/iam_binary_authorization_attestor.go b/google/iam_binary_authorization_attestor.go new file mode 100644 index 00000000000..1f3192784d5 --- /dev/null +++ b/google/iam_binary_authorization_attestor.go @@ -0,0 +1,169 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- +package google + +import ( + "fmt" + + "github.com/hashicorp/errwrap" + "github.com/hashicorp/terraform-plugin-sdk/helper/schema" + "google.golang.org/api/cloudresourcemanager/v1" +) + +var BinaryAuthorizationAttestorIamSchema = map[string]*schema.Schema{ + "project": { + Type: schema.TypeString, + Computed: true, + Optional: true, + ForceNew: true, + }, + "attestor": { + Type: schema.TypeString, + Required: true, + ForceNew: true, + DiffSuppressFunc: compareSelfLinkOrResourceName, + }, +} + +type BinaryAuthorizationAttestorIamUpdater struct { + project string + attestor string + d *schema.ResourceData + Config *Config +} + +func BinaryAuthorizationAttestorIamUpdaterProducer(d *schema.ResourceData, config *Config) (ResourceIamUpdater, error) { + values := make(map[string]string) + + project, err := getProject(d, config) + if err != nil { + return nil, err + } + values["project"] = project + + // We may have gotten either a long or short name, so attempt to parse long name if possible + m, err := getImportIdQualifiers([]string{"projects/(?P[^/]+)/attestors/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)"}, d, config, d.Get("attestor").(string)) + if err != nil { + return nil, err + } + + for k, v := range m { + values[k] = v + } + + u := &BinaryAuthorizationAttestorIamUpdater{ + project: values["project"], + attestor: values["attestor"], + d: d, + Config: config, + } + + d.Set("project", u.project) + d.Set("attestor", u.GetResourceId()) + + d.SetId(u.GetResourceId()) + + return u, nil +} + +func BinaryAuthorizationAttestorIdParseFunc(d *schema.ResourceData, config *Config) error { + values := make(map[string]string) + + project, err := getProject(d, config) + if err != nil { + return err + } + values["project"] = project + + m, err := getImportIdQualifiers([]string{"projects/(?P[^/]+)/attestors/(?P[^/]+)", "(?P[^/]+)/(?P[^/]+)", "(?P[^/]+)"}, d, config, d.Id()) + if err != nil { + return err + } + + for k, v := range m { + values[k] = v + } + + u := &BinaryAuthorizationAttestorIamUpdater{ + project: values["project"], + attestor: values["attestor"], + d: d, + Config: config, + } + d.Set("attestor", u.GetResourceId()) + d.SetId(u.GetResourceId()) + return nil +} + +func (u *BinaryAuthorizationAttestorIamUpdater) GetResourceIamPolicy() (*cloudresourcemanager.Policy, error) { + url := u.qualifyAttestorUrl("getIamPolicy") + + project, err := getProject(u.d, u.Config) + if err != nil { + return nil, err + } + + policy, err := sendRequest(u.Config, "GET", project, url, nil) + if err != nil { + return nil, errwrap.Wrapf(fmt.Sprintf("Error retrieving IAM policy for %s: {{err}}", u.DescribeResource()), err) + } + + out := &cloudresourcemanager.Policy{} + err = Convert(policy, out) + if err != nil { + return nil, errwrap.Wrapf("Cannot convert a policy to a resource manager policy: {{err}}", err) + } + + return out, nil +} + +func (u *BinaryAuthorizationAttestorIamUpdater) SetResourceIamPolicy(policy *cloudresourcemanager.Policy) error { + json, err := ConvertToMap(policy) + if err != nil { + return err + } + + obj := make(map[string]interface{}) + obj["policy"] = json + + url := u.qualifyAttestorUrl("setIamPolicy") + + project, err := getProject(u.d, u.Config) + if err != nil { + return err + } + + _, err = sendRequestWithTimeout(u.Config, "POST", project, url, obj, u.d.Timeout(schema.TimeoutCreate)) + if err != nil { + return errwrap.Wrapf(fmt.Sprintf("Error setting IAM policy for %s: {{err}}", u.DescribeResource()), err) + } + + return nil +} + +func (u *BinaryAuthorizationAttestorIamUpdater) qualifyAttestorUrl(methodIdentifier string) string { + return fmt.Sprintf("https://binaryauthorization.googleapis.com/v1/%s:%s", fmt.Sprintf("projects/%s/attestors/%s", u.project, u.attestor), methodIdentifier) +} + +func (u *BinaryAuthorizationAttestorIamUpdater) GetResourceId() string { + return fmt.Sprintf("%s/%s", u.project, u.attestor) +} + +func (u *BinaryAuthorizationAttestorIamUpdater) GetMutexKey() string { + return fmt.Sprintf("iam-binaryauthorization-attestor-%s", u.GetResourceId()) +} + +func (u *BinaryAuthorizationAttestorIamUpdater) DescribeResource() string { + return fmt.Sprintf("binaryauthorization attestor %q", u.GetResourceId()) +} diff --git a/google/iam_binary_authorization_attestor_generated_test.go b/google/iam_binary_authorization_attestor_generated_test.go new file mode 100644 index 00000000000..8172fb89dc7 --- /dev/null +++ b/google/iam_binary_authorization_attestor_generated_test.go @@ -0,0 +1,299 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package google + +import ( + "fmt" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" +) + +func TestAccBinaryAuthorizationAttestorIamBindingGenerated(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(10), + "role": "roles/viewer", + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccBinaryAuthorizationAttestorIamBinding_basicGenerated(context), + }, + { + ResourceName: "google_binary_authorization_attestor_iam_binding.foo", + ImportStateId: fmt.Sprintf("projects/%s/attestors/%s roles/viewer", getTestProjectFromEnv(), fmt.Sprintf("test-attestor%s", context["random_suffix"])), + ImportState: true, + ImportStateVerify: true, + }, + { + // Test Iam Binding update + Config: testAccBinaryAuthorizationAttestorIamBinding_updateGenerated(context), + }, + { + ResourceName: "google_binary_authorization_attestor_iam_binding.foo", + ImportStateId: fmt.Sprintf("projects/%s/attestors/%s roles/viewer", getTestProjectFromEnv(), fmt.Sprintf("test-attestor%s", context["random_suffix"])), + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccBinaryAuthorizationAttestorIamMemberGenerated(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(10), + "role": "roles/viewer", + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + // Test Iam Member creation (no update for member, no need to test) + Config: testAccBinaryAuthorizationAttestorIamMember_basicGenerated(context), + }, + { + ResourceName: "google_binary_authorization_attestor_iam_member.foo", + ImportStateId: fmt.Sprintf("projects/%s/attestors/%s roles/viewer user:admin@hashicorptest.com", getTestProjectFromEnv(), fmt.Sprintf("test-attestor%s", context["random_suffix"])), + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func TestAccBinaryAuthorizationAttestorIamPolicyGenerated(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(10), + "role": "roles/viewer", + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + Steps: []resource.TestStep{ + { + Config: testAccBinaryAuthorizationAttestorIamPolicy_basicGenerated(context), + }, + { + ResourceName: "google_binary_authorization_attestor_iam_policy.foo", + ImportStateId: fmt.Sprintf("projects/%s/attestors/%s", getTestProjectFromEnv(), fmt.Sprintf("test-attestor%s", context["random_suffix"])), + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccBinaryAuthorizationAttestorIamMember_basicGenerated(context map[string]interface{}) string { + return Nprintf(` +resource "google_binary_authorization_attestor" "attestor" { + name = "test-attestor%{random_suffix}" + attestation_authority_note { + note_reference = "${google_container_analysis_note.note.name}" + public_keys { + ascii_armored_pgp_public_key = <[^/]+)/notes/(?P[^/]+)", + "(?P[^/]+)/(?P[^/]+)", + "(?P[^/]+)", + }, d, config); err != nil { + return nil, err + } + + // Replace import id for the resource id + id, err := replaceVars(d, config, "{{name}}") + if err != nil { + return nil, fmt.Errorf("Error constructing id: %s", err) + } + d.SetId(id) + + return []*schema.ResourceData{d}, nil +} + +func flattenContainerAnalysisNoteName(v interface{}, d *schema.ResourceData) interface{} { + if v == nil { + return v + } + return NameFromSelfLinkStateFunc(v) +} + +func flattenContainerAnalysisNoteAttestationAuthority(v interface{}, d *schema.ResourceData) interface{} { + if v == nil { + return nil + } + original := v.(map[string]interface{}) + if len(original) == 0 { + return nil + } + transformed := make(map[string]interface{}) + transformed["hint"] = + flattenContainerAnalysisNoteAttestationAuthorityHint(original["hint"], d) + return []interface{}{transformed} +} +func flattenContainerAnalysisNoteAttestationAuthorityHint(v interface{}, d *schema.ResourceData) interface{} { + if v == nil { + return nil + } + original := v.(map[string]interface{}) + if len(original) == 0 { + return nil + } + transformed := make(map[string]interface{}) + transformed["human_readable_name"] = + flattenContainerAnalysisNoteAttestationAuthorityHintHumanReadableName(original["humanReadableName"], d) + return []interface{}{transformed} +} +func flattenContainerAnalysisNoteAttestationAuthorityHintHumanReadableName(v interface{}, d *schema.ResourceData) interface{} { + return v +} + +func expandContainerAnalysisNoteName(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func expandContainerAnalysisNoteAttestationAuthority(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + raw := l[0] + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedHint, err := expandContainerAnalysisNoteAttestationAuthorityHint(original["hint"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedHint); val.IsValid() && !isEmptyValue(val) { + transformed["hint"] = transformedHint + } + + return transformed, nil +} + +func expandContainerAnalysisNoteAttestationAuthorityHint(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + l := v.([]interface{}) + if len(l) == 0 || l[0] == nil { + return nil, nil + } + raw := l[0] + original := raw.(map[string]interface{}) + transformed := make(map[string]interface{}) + + transformedHumanReadableName, err := expandContainerAnalysisNoteAttestationAuthorityHintHumanReadableName(original["human_readable_name"], d, config) + if err != nil { + return nil, err + } else if val := reflect.ValueOf(transformedHumanReadableName); val.IsValid() && !isEmptyValue(val) { + transformed["humanReadableName"] = transformedHumanReadableName + } + + return transformed, nil +} + +func expandContainerAnalysisNoteAttestationAuthorityHintHumanReadableName(v interface{}, d TerraformResourceData, config *Config) (interface{}, error) { + return v, nil +} + +func resourceContainerAnalysisNoteEncoder(d *schema.ResourceData, meta interface{}, obj map[string]interface{}) (map[string]interface{}, error) { + // Field was renamed in GA API + obj["attestation"] = obj["attestationAuthority"] + delete(obj, "attestationAuthority") + + return obj, nil +} + +func resourceContainerAnalysisNoteDecoder(d *schema.ResourceData, meta interface{}, res map[string]interface{}) (map[string]interface{}, error) { + // Field was renamed in GA API + res["attestationAuthority"] = res["attestation"] + delete(res, "attestation") + + return res, nil +} diff --git a/google/resource_container_analysis_note_generated_test.go b/google/resource_container_analysis_note_generated_test.go new file mode 100644 index 00000000000..05987a31344 --- /dev/null +++ b/google/resource_container_analysis_note_generated_test.go @@ -0,0 +1,87 @@ +// ---------------------------------------------------------------------------- +// +// *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +// +// ---------------------------------------------------------------------------- +// +// This file is automatically generated by Magic Modules and manual +// changes will be clobbered when the file is regenerated. +// +// Please read more about how to change this file in +// .github/CONTRIBUTING.md. +// +// ---------------------------------------------------------------------------- + +package google + +import ( + "fmt" + "strings" + "testing" + + "github.com/hashicorp/terraform-plugin-sdk/helper/acctest" + "github.com/hashicorp/terraform-plugin-sdk/helper/resource" + "github.com/hashicorp/terraform-plugin-sdk/terraform" +) + +func TestAccContainerAnalysisNote_containerAnalysisNoteBasicExample(t *testing.T) { + t.Parallel() + + context := map[string]interface{}{ + "random_suffix": acctest.RandString(10), + } + + resource.Test(t, resource.TestCase{ + PreCheck: func() { testAccPreCheck(t) }, + Providers: testAccProviders, + CheckDestroy: testAccCheckContainerAnalysisNoteDestroy, + Steps: []resource.TestStep{ + { + Config: testAccContainerAnalysisNote_containerAnalysisNoteBasicExample(context), + }, + { + ResourceName: "google_container_analysis_note.note", + ImportState: true, + ImportStateVerify: true, + }, + }, + }) +} + +func testAccContainerAnalysisNote_containerAnalysisNoteBasicExample(context map[string]interface{}) string { + return Nprintf(` +resource "google_container_analysis_note" "note" { + name = "test-attestor-note%{random_suffix}" + attestation_authority { + hint { + human_readable_name = "Attestor Note" + } + } +} +`, context) +} + +func testAccCheckContainerAnalysisNoteDestroy(s *terraform.State) error { + for name, rs := range s.RootModule().Resources { + if rs.Type != "google_container_analysis_note" { + continue + } + if strings.HasPrefix(name, "data.") { + continue + } + + config := testAccProvider.Meta().(*Config) + + url, err := replaceVarsForTest(config, rs, "{{ContainerAnalysisBasePath}}projects/{{project}}/notes/{{name}}") + if err != nil { + return err + } + + _, err = sendRequest(config, "GET", "", url, nil) + if err == nil { + return fmt.Errorf("ContainerAnalysisNote still exists at %s", url) + } + } + + return nil +} diff --git a/website/docs/r/binary_authorization_attestor.html.markdown b/website/docs/r/binary_authorization_attestor.html.markdown index 1b4d5ec45dc..b5042c3da58 100644 --- a/website/docs/r/binary_authorization_attestor.html.markdown +++ b/website/docs/r/binary_authorization_attestor.html.markdown @@ -30,6 +30,11 @@ To get more information about Attestor, see: * How-to Guides * [Official Documentation](https://cloud.google.com/binary-authorization/) +
+ + Open in Cloud Shell + +
## Example Usage - Binary Authorization Attestor Basic diff --git a/website/docs/r/binary_authorization_attestor_iam.html.markdown b/website/docs/r/binary_authorization_attestor_iam.html.markdown new file mode 100644 index 00000000000..a6f9e12c63c --- /dev/null +++ b/website/docs/r/binary_authorization_attestor_iam.html.markdown @@ -0,0 +1,127 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +layout: "google" +page_title: "Google: google_binary_authorization_attestor_iam" +sidebar_current: "docs-google-binary-authorization-attestor-iam" +description: |- + Collection of resources to manage IAM policy for BinaryAuthorizationAttestor +--- + +# IAM policy for BinaryAuthorizationAttestor +Three different resources help you manage your IAM policy for BinaryAuthorization Attestor. Each of these resources serves a different use case: + +* `google_binary_authorization_attestor_iam_policy`: Authoritative. Sets the IAM policy for the attestor and replaces any existing policy already attached. +* `google_binary_authorization_attestor_iam_binding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the attestor are preserved. +* `google_binary_authorization_attestor_iam_member`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the attestor are preserved. + +~> **Note:** `google_binary_authorization_attestor_iam_policy` **cannot** be used in conjunction with `google_binary_authorization_attestor_iam_binding` and `google_binary_authorization_attestor_iam_member` or they will fight over what your policy should be. + +~> **Note:** `google_binary_authorization_attestor_iam_binding` resources **can be** used in conjunction with `google_binary_authorization_attestor_iam_member` resources **only if** they do not grant privilege to the same role. + + + +## google\_binary\_authorization\_attestor\_iam\_policy + +```hcl +data "google_iam_policy" "admin" { + binding { + role = "roles/viewer" + members = [ + "user:jane@example.com", + ] + } +} + +resource "google_binary_authorization_attestor_iam_policy" "editor" { + project = "${google_binary_authorization_attestor.attestor.project}" + attestor = "${google_binary_authorization_attestor.attestor.name}" + policy_data = "${data.google_iam_policy.admin.policy_data}" +} +``` + +## google\_binary\_authorization\_attestor\_iam\_binding + +```hcl +resource "google_binary_authorization_attestor_iam_binding" "editor" { + project = "${google_binary_authorization_attestor.attestor.project}" + attestor = "${google_binary_authorization_attestor.attestor.name}" + role = "roles/viewer" + members = [ + "user:jane@example.com", + ] +} +``` + +## google\_binary\_authorization\_attestor\_iam\_member + +```hcl +resource "google_binary_authorization_attestor_iam_member" "editor" { + project = "${google_binary_authorization_attestor.attestor.project}" + attestor = "${google_binary_authorization_attestor.attestor.name}" + role = "roles/viewer" + member = "user:jane@example.com" +} +``` + +## Argument Reference + +The following arguments are supported: + +* `attestor` - (Required) Used to find the parent resource to bind the IAM policy to + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used. + +* `member/members` - (Required) Identities that will be granted the privilege in `role`. + Each entry can have one of the following values: + * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account. + * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account. + * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com. + * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com. + * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com. + * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com. + +* `role` - (Required) The role that should be applied. Only one + `google_binary_authorization_attestor_iam_binding` can be used per role. Note that custom roles must be of the format + `[projects|organizations]/{parent-name}/roles/{role-name}`. + +* `policy_data` - (Required only by `google_binary_authorization_attestor_iam_policy`) The policy data generated by + a `google_iam_policy` data source. + +## Attributes Reference + +In addition to the arguments listed above, the following computed attributes are +exported: + +* `etag` - (Computed) The etag of the IAM policy. + +## Import + +BinaryAuthorization attestor IAM resources can be imported using the project, resource identifiers, role and member. + +``` +$ terraform import google_binary_authorization_attestor_iam_policy.editor {{project}}/{{attestor}} + +$ terraform import google_binary_authorization_attestor_iam_binding.editor "{{project}}/{{attestor}} roles/viewer" + +$ terraform import google_binary_authorization_attestor_iam_member.editor "{{project}}/{{attestor}} roles/viewer jane@example.com" +``` + +-> If you're importing a resource with beta features, make sure to include `-provider=google-beta` +as an argument so that Terraform uses the correct provider to import your resource. + +## User Project Overrides + +This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/provider_reference.html#user_project_override). diff --git a/website/docs/r/container_analysis_note.html.markdown b/website/docs/r/container_analysis_note.html.markdown new file mode 100644 index 00000000000..016b1466303 --- /dev/null +++ b/website/docs/r/container_analysis_note.html.markdown @@ -0,0 +1,127 @@ +--- +# ---------------------------------------------------------------------------- +# +# *** AUTO GENERATED CODE *** AUTO GENERATED CODE *** +# +# ---------------------------------------------------------------------------- +# +# This file is automatically generated by Magic Modules and manual +# changes will be clobbered when the file is regenerated. +# +# Please read more about how to change this file in +# .github/CONTRIBUTING.md. +# +# ---------------------------------------------------------------------------- +layout: "google" +page_title: "Google: google_container_analysis_note" +sidebar_current: "docs-google-container-analysis-note" +description: |- + Provides a detailed description of a Note. +--- + +# google\_container\_analysis\_note + +Provides a detailed description of a Note. + + +To get more information about Note, see: + +* [API documentation](https://cloud.google.com/container-analysis/api/reference/rest/) +* How-to Guides + * [Official Documentation](https://cloud.google.com/container-analysis/) + +
+ + Open in Cloud Shell + +
+## Example Usage - Container Analysis Note Basic + + +```hcl +resource "google_container_analysis_note" "note" { + name = "test-attestor-note" + attestation_authority { + hint { + human_readable_name = "Attestor Note" + } + } +} +``` + +## Argument Reference + +The following arguments are supported: + + +* `name` - + (Required) + The name of the note. + +* `attestation_authority` - + (Required) + Note kind that represents a logical attestation "role" or "authority". + For example, an organization might have one AttestationAuthority for + "QA" and one for "build". This Note is intended to act strictly as a + grouping mechanism for the attached Occurrences (Attestations). This + grouping mechanism also provides a security boundary, since IAM ACLs + gate the ability for a principle to attach an Occurrence to a given + Note. It also provides a single point of lookup to find all attached + Attestation Occurrences, even if they don't all live in the same + project. Structure is documented below. + + +The `attestation_authority` block supports: + +* `hint` - + (Required) + This submessage provides human-readable hints about the purpose of + the AttestationAuthority. Because the name of a Note acts as its + resource reference, it is important to disambiguate the canonical + name of the Note (which might be a UUID for security purposes) + from "readable" names more suitable for debug output. Note that + these hints should NOT be used to look up AttestationAuthorities + in security sensitive contexts, such as when looking up + Attestations to verify. Structure is documented below. + + +The `hint` block supports: + +* `human_readable_name` - + (Required) + The human readable name of this Attestation Authority, for + example "qa". + +- - - + + +* `project` - (Optional) The ID of the project in which the resource belongs. + If it is not provided, the provider project is used. + + + +## Timeouts + +This resource provides the following +[Timeouts](/docs/configuration/resources.html#timeouts) configuration options: + +- `create` - Default is 4 minutes. +- `update` - Default is 4 minutes. +- `delete` - Default is 4 minutes. + +## Import + +Note can be imported using any of these accepted formats: + +``` +$ terraform import google_container_analysis_note.default projects/{{project}}/notes/{{name}} +$ terraform import google_container_analysis_note.default {{project}}/{{name}} +$ terraform import google_container_analysis_note.default {{name}} +``` + +-> If you're importing a resource with beta features, make sure to include `-provider=google-beta` +as an argument so that Terraform uses the correct provider to import your resource. + +## User Project Overrides + +This resource supports [User Project Overrides](https://www.terraform.io/docs/providers/google/provider_reference.html#user_project_override). diff --git a/website/google.erb b/website/google.erb index 11609da61aa..17f1041dd8f 100644 --- a/website/google.erb +++ b/website/google.erb @@ -260,7 +260,21 @@ Google Binary Authorization Resources + > + Google Container Analysis Resources + + + > Google Kubernetes (Container) Engine Resources