attestors
Creates, updates, deletes, gets or lists an attestors resource.
Overview
| Name | attestors |
| Type | Resource |
| Id | google.binaryauthorization.attestors |
Fields
The following fields are returned by SELECT queries:
- get
- list
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Required. The resource name, in the format: projects/*/attestors/*. This field may not be updated. |
description | string | Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs. |
etag | string | Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154. |
updateTime | string (google-datetime) | Output only. Time when the attestor was last updated. |
userOwnedGrafeasNote | object | This specifies how an attestation will be read, and how it will be used during policy enforcement. (id: UserOwnedGrafeasNote) |
Successful response
| Name | Datatype | Description |
|---|---|---|
name | string | Required. The resource name, in the format: projects/*/attestors/*. This field may not be updated. |
description | string | Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs. |
etag | string | Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154. |
updateTime | string (google-datetime) | Output only. Time when the attestor was last updated. |
userOwnedGrafeasNote | object | This specifies how an attestation will be read, and how it will be used during policy enforcement. (id: UserOwnedGrafeasNote) |
Methods
The following methods are available for this resource:
| Name | Accessible by | Required Params | Optional Params | Description |
|---|---|---|---|---|
get | select | projectsId, attestorsId | Gets an attestor. Returns NOT_FOUND if the attestor does not exist. | |
list | select | projectsId | pageSize, pageToken | Lists attestors. Returns INVALID_ARGUMENT if the project does not exist. |
create | insert | projectsId | attestorId | Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the attestor already exists. |
update | replace | projectsId, attestorsId | Updates an attestor. Returns NOT_FOUND if the attestor does not exist. | |
delete | delete | projectsId, attestorsId | Deletes an attestor. Returns NOT_FOUND if the attestor does not exist. | |
validate_attestation_occurrence | exec | projectsId, attestorsId | Returns whether the given Attestation for the given image URI was signed by the given Attestor |
Parameters
Parameters can be passed in the WHERE clause of a query. Check the Methods section to see which parameters are required or optional for each operation.
| Name | Datatype | Description |
|---|---|---|
attestorsId | string | |
projectsId | string | |
attestorId | string | |
pageSize | integer (int32) | |
pageToken | string |
SELECT examples
- get
- list
Gets an attestor. Returns NOT_FOUND if the attestor does not exist.
SELECT
name,
description,
etag,
updateTime,
userOwnedGrafeasNote
FROM google.binaryauthorization.attestors
WHERE projectsId = '{{ projectsId }}' -- required
AND attestorsId = '{{ attestorsId }}' -- required;
Lists attestors. Returns INVALID_ARGUMENT if the project does not exist.
SELECT
name,
description,
etag,
updateTime,
userOwnedGrafeasNote
FROM google.binaryauthorization.attestors
WHERE projectsId = '{{ projectsId }}' -- required
AND pageSize = '{{ pageSize }}'
AND pageToken = '{{ pageToken }}';
INSERT examples
- create
- Manifest
Creates an attestor, and returns a copy of the new attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the attestor already exists.
INSERT INTO google.binaryauthorization.attestors (
data__name,
data__description,
data__userOwnedGrafeasNote,
data__etag,
projectsId,
attestorId
)
SELECT
'{{ name }}',
'{{ description }}',
'{{ userOwnedGrafeasNote }}',
'{{ etag }}',
'{{ projectsId }}',
'{{ attestorId }}'
RETURNING
name,
description,
etag,
updateTime,
userOwnedGrafeasNote
;
# Description fields are for documentation purposes
- name: attestors
props:
- name: projectsId
value: string
description: Required parameter for the attestors resource.
- name: name
value: string
description: >
Required. The resource name, in the format: `projects/*/attestors/*`. This field may not be updated.
- name: description
value: string
description: >
Optional. A descriptive comment. This field may be updated. The field may be displayed in chooser dialogs.
- name: userOwnedGrafeasNote
value: object
description: >
This specifies how an attestation will be read, and how it will be used during policy enforcement.
- name: etag
value: string
description: >
Optional. A checksum, returned by the server, that can be sent on update requests to ensure the attestor has an up-to-date value before attempting to update it. See https://google.aip.dev/154.
- name: attestorId
value: string
REPLACE examples
- update
Updates an attestor. Returns NOT_FOUND if the attestor does not exist.
REPLACE google.binaryauthorization.attestors
SET
data__name = '{{ name }}',
data__description = '{{ description }}',
data__userOwnedGrafeasNote = '{{ userOwnedGrafeasNote }}',
data__etag = '{{ etag }}'
WHERE
projectsId = '{{ projectsId }}' --required
AND attestorsId = '{{ attestorsId }}' --required
RETURNING
name,
description,
etag,
updateTime,
userOwnedGrafeasNote;
DELETE examples
- delete
Deletes an attestor. Returns NOT_FOUND if the attestor does not exist.
DELETE FROM google.binaryauthorization.attestors
WHERE projectsId = '{{ projectsId }}' --required
AND attestorsId = '{{ attestorsId }}' --required;
Lifecycle Methods
- validate_attestation_occurrence
Returns whether the given Attestation for the given image URI was signed by the given Attestor
EXEC google.binaryauthorization.attestors.validate_attestation_occurrence
@projectsId='{{ projectsId }}' --required,
@attestorsId='{{ attestorsId }}' --required
@@json=
'{
"attestation": "{{ attestation }}",
"occurrenceNote": "{{ occurrenceNote }}",
"occurrenceResourceUri": "{{ occurrenceResourceUri }}"
}';