mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-10-04 17:51:11 +00:00
Remove bad docs (#2371)
<!-- This change is generated by MagicModules. --> /cc @rileykarson
This commit is contained in:
parent
672ae729fa
commit
0a58f45f7e
@ -1,161 +0,0 @@
|
|||||||
---
|
|
||||||
# ----------------------------------------------------------------------------
|
|
||||||
#
|
|
||||||
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
|
|
||||||
#
|
|
||||||
# ----------------------------------------------------------------------------
|
|
||||||
#
|
|
||||||
# This file is automatically generated by Magic Modules and manual
|
|
||||||
# changes will be clobbered when the file is regenerated.
|
|
||||||
#
|
|
||||||
# Please read more about how to change this file in
|
|
||||||
# .github/CONTRIBUTING.md.
|
|
||||||
#
|
|
||||||
# ----------------------------------------------------------------------------
|
|
||||||
layout: "google"
|
|
||||||
page_title: "Google: google_binary_authorization_attestor"
|
|
||||||
sidebar_current: "docs-google-binary-authorization-attestor"
|
|
||||||
description: |-
|
|
||||||
An attestor that attests to container image artifacts.
|
|
||||||
---
|
|
||||||
|
|
||||||
# google\_binary\_authorization\_attestor
|
|
||||||
|
|
||||||
An attestor that attests to container image artifacts.
|
|
||||||
|
|
||||||
~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
|
|
||||||
See [Provider Versions](https://terraform.io/docs/providers/google/provider_versions.html) for more details on beta resources.
|
|
||||||
|
|
||||||
To get more information about Attestor, see:
|
|
||||||
|
|
||||||
* [API documentation](https://cloud.google.com/binary-authorization/docs/reference/rest/)
|
|
||||||
* How-to Guides
|
|
||||||
* [Official Documentation](https://cloud.google.com/binary-authorization/)
|
|
||||||
|
|
||||||
## Example Usage
|
|
||||||
|
|
||||||
```hcl
|
|
||||||
resource "google_binary_authorization_attestor" "attestor" {
|
|
||||||
name = "test-attestor"
|
|
||||||
attestation_authority_note {
|
|
||||||
note_reference = "${google_container_analysis_note.note.name}"
|
|
||||||
public_keys {
|
|
||||||
ascii_armored_pgp_public_key = <<EOF
|
|
||||||
mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl
|
|
||||||
bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0
|
|
||||||
oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6
|
|
||||||
V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD
|
|
||||||
Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX
|
|
||||||
83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y
|
|
||||||
IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L
|
|
||||||
uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6
|
|
||||||
0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC
|
|
||||||
51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U
|
|
||||||
WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h
|
|
||||||
MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l
|
|
||||||
+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1
|
|
||||||
qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg
|
|
||||||
=6Bvm
|
|
||||||
EOF
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_container_analysis_note" "note" {
|
|
||||||
name = "test-attestor-note"
|
|
||||||
attestation_authority {
|
|
||||||
hint {
|
|
||||||
human_readable_name = "Attestor Note"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
## Argument Reference
|
|
||||||
|
|
||||||
The following arguments are supported:
|
|
||||||
|
|
||||||
|
|
||||||
* `name` -
|
|
||||||
(Required)
|
|
||||||
The resource name.
|
|
||||||
|
|
||||||
* `attestation_authority_note` -
|
|
||||||
(Required)
|
|
||||||
A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. Structure is documented below.
|
|
||||||
|
|
||||||
|
|
||||||
The `attestation_authority_note` block supports:
|
|
||||||
|
|
||||||
* `note_reference` -
|
|
||||||
(Required)
|
|
||||||
The resource name of a ATTESTATION_AUTHORITY Note, created by the
|
|
||||||
user. If the Note is in a different project from the Attestor, it
|
|
||||||
should be specified in the format `projects/*/notes/*` (or the legacy
|
|
||||||
`providers/*/notes/*`). This field may not be updated.
|
|
||||||
An attestation by this attestor is stored as a Container Analysis
|
|
||||||
ATTESTATION_AUTHORITY Occurrence that names a container image
|
|
||||||
and that links to this Note.
|
|
||||||
|
|
||||||
* `public_keys` -
|
|
||||||
(Optional)
|
|
||||||
Public keys that verify attestations signed by this attestor. This
|
|
||||||
field may be updated.
|
|
||||||
If this field is non-empty, one of the specified public keys must
|
|
||||||
verify that an attestation was signed by this attestor for the
|
|
||||||
image specified in the admission request.
|
|
||||||
If this field is empty, this attestor always returns that no valid
|
|
||||||
attestations exist. Structure is documented below.
|
|
||||||
|
|
||||||
* `delegation_service_account_email` -
|
|
||||||
This field will contain the service account email address that
|
|
||||||
this Attestor will use as the principal when querying Container
|
|
||||||
Analysis. Attestor administrators must grant this service account
|
|
||||||
the IAM role needed to read attestations from the noteReference in
|
|
||||||
Container Analysis (containeranalysis.notes.occurrences.viewer).
|
|
||||||
This email address is fixed for the lifetime of the Attestor, but
|
|
||||||
callers should not make any other assumptions about the service
|
|
||||||
account email; future versions may use an email based on a
|
|
||||||
different naming pattern.
|
|
||||||
|
|
||||||
|
|
||||||
The `public_keys` block supports:
|
|
||||||
|
|
||||||
* `comment` -
|
|
||||||
(Optional)
|
|
||||||
A descriptive comment. This field may be updated.
|
|
||||||
|
|
||||||
* `id` -
|
|
||||||
This field will be overwritten with key ID information, for
|
|
||||||
example, an identifier extracted from a PGP public key. This
|
|
||||||
field may not be updated.
|
|
||||||
|
|
||||||
* `ascii_armored_pgp_public_key` -
|
|
||||||
(Required)
|
|
||||||
ASCII-armored representation of a PGP public key, as the
|
|
||||||
entire output by the command
|
|
||||||
`gpg --export --armor foo@example.com` (either LF or CRLF
|
|
||||||
line endings).
|
|
||||||
|
|
||||||
- - -
|
|
||||||
|
|
||||||
|
|
||||||
* `description` -
|
|
||||||
(Optional)
|
|
||||||
A descriptive comment. This field may be updated. The field may be
|
|
||||||
displayed in chooser dialogs.
|
|
||||||
* `project` - (Optional) The ID of the project in which the resource belongs.
|
|
||||||
If it is not provided, the provider project is used.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Import
|
|
||||||
|
|
||||||
Attestor can be imported using any of these accepted formats:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ terraform import google_binary_authorization_attestor.default projects/{{project}}/attestors/{{name}}
|
|
||||||
$ terraform import google_binary_authorization_attestor.default {{project}}/{{name}}
|
|
||||||
$ terraform import google_binary_authorization_attestor.default {{name}}
|
|
||||||
```
|
|
@ -1,174 +0,0 @@
|
|||||||
---
|
|
||||||
# ----------------------------------------------------------------------------
|
|
||||||
#
|
|
||||||
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
|
|
||||||
#
|
|
||||||
# ----------------------------------------------------------------------------
|
|
||||||
#
|
|
||||||
# This file is automatically generated by Magic Modules and manual
|
|
||||||
# changes will be clobbered when the file is regenerated.
|
|
||||||
#
|
|
||||||
# Please read more about how to change this file in
|
|
||||||
# .github/CONTRIBUTING.md.
|
|
||||||
#
|
|
||||||
# ----------------------------------------------------------------------------
|
|
||||||
layout: "google"
|
|
||||||
page_title: "Google: google_binary_authorization_policy"
|
|
||||||
sidebar_current: "docs-google-binary-authorization-policy"
|
|
||||||
description: |-
|
|
||||||
A policy for container image binary authorization.
|
|
||||||
---
|
|
||||||
|
|
||||||
# google\_binary\_authorization\_policy
|
|
||||||
|
|
||||||
A policy for container image binary authorization.
|
|
||||||
|
|
||||||
~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
|
|
||||||
See [Provider Versions](https://terraform.io/docs/providers/google/provider_versions.html) for more details on beta resources.
|
|
||||||
|
|
||||||
To get more information about Policy, see:
|
|
||||||
|
|
||||||
* [API documentation](https://cloud.google.com/binary-authorization/docs/reference/rest/)
|
|
||||||
* How-to Guides
|
|
||||||
* [Official Documentation](https://cloud.google.com/binary-authorization/)
|
|
||||||
|
|
||||||
## Example Usage
|
|
||||||
|
|
||||||
```hcl
|
|
||||||
resource "google_binary_authorization_policy" "policy" {
|
|
||||||
admission_whitelist_patterns {
|
|
||||||
name_pattern= "gcr.io/google_containers/*"
|
|
||||||
}
|
|
||||||
|
|
||||||
default_admission_rule {
|
|
||||||
evaluation_mode = "ALWAYS_ALLOW"
|
|
||||||
enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
|
|
||||||
}
|
|
||||||
|
|
||||||
cluster_admission_rules {
|
|
||||||
cluster = "us-central1-a.prod-cluster"
|
|
||||||
evaluation_mode = "REQUIRE_ATTESTATION"
|
|
||||||
enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
|
|
||||||
require_attestations_by = ["${google_binary_authorization_attestor.attestor.name}"]
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_container_analysis_note" "note" {
|
|
||||||
name = "test-attestor-note"
|
|
||||||
attestation_authority {
|
|
||||||
hint {
|
|
||||||
human_readable_name = "My attestor"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
resource "google_binary_authorization_attestor" "attestor" {
|
|
||||||
name = "test-attestor"
|
|
||||||
attestation_authority_note {
|
|
||||||
note_reference = "${google_container_analysis_note.note.name}"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
## Argument Reference
|
|
||||||
|
|
||||||
The following arguments are supported:
|
|
||||||
|
|
||||||
|
|
||||||
* `default_admission_rule` -
|
|
||||||
(Required)
|
|
||||||
Default admission rule for a cluster without a per-cluster admission
|
|
||||||
rule. Structure is documented below.
|
|
||||||
|
|
||||||
|
|
||||||
The `default_admission_rule` block supports:
|
|
||||||
|
|
||||||
* `evaluation_mode` -
|
|
||||||
(Required)
|
|
||||||
How this admission rule will be evaluated.
|
|
||||||
|
|
||||||
* `require_attestations_by` -
|
|
||||||
(Optional)
|
|
||||||
The resource names of the attestors that must attest to a
|
|
||||||
container image. If the attestor is in a different project from the
|
|
||||||
policy, it should be specified in the format `projects/*/attestors/*`.
|
|
||||||
Each attestor must exist before a policy can reference it. To add an
|
|
||||||
attestor to a policy the principal issuing the policy change
|
|
||||||
request must be able to read the attestor resource.
|
|
||||||
Note: this field must be non-empty when the evaluation_mode field
|
|
||||||
specifies REQUIRE_ATTESTATION, otherwise it must be empty.
|
|
||||||
|
|
||||||
* `enforcement_mode` -
|
|
||||||
(Required)
|
|
||||||
The action when a pod creation is denied by the admission rule.
|
|
||||||
|
|
||||||
- - -
|
|
||||||
|
|
||||||
|
|
||||||
* `description` -
|
|
||||||
(Optional)
|
|
||||||
A descriptive comment.
|
|
||||||
|
|
||||||
* `admission_whitelist_patterns` -
|
|
||||||
(Optional)
|
|
||||||
A whitelist of image patterns to exclude from admission rules. If an
|
|
||||||
image's name matches a whitelist pattern, the image's admission
|
|
||||||
requests will always be permitted regardless of your admission rules. Structure is documented below.
|
|
||||||
|
|
||||||
* `cluster_admission_rules` -
|
|
||||||
(Optional)
|
|
||||||
Per-cluster admission rules. An admission rule specifies either that
|
|
||||||
all container images used in a pod creation request must be attested
|
|
||||||
to by one or more attestors, that all pod creations will be allowed,
|
|
||||||
or that all pod creations will be denied. There can be at most one
|
|
||||||
admission rule per cluster spec.
|
|
||||||
|
|
||||||
Identifier format: `{{location}}.{{clusterId}}`.
|
|
||||||
A location is either a compute zone (e.g. `us-central1-a`) or a region
|
|
||||||
(e.g. `us-central1`). Structure is documented below.
|
|
||||||
* `project` - (Optional) The ID of the project in which the resource belongs.
|
|
||||||
If it is not provided, the provider project is used.
|
|
||||||
|
|
||||||
|
|
||||||
The `admission_whitelist_patterns` block supports:
|
|
||||||
|
|
||||||
* `name_pattern` -
|
|
||||||
(Optional)
|
|
||||||
An image name pattern to whitelist, in the form
|
|
||||||
`registry/path/to/image`. This supports a trailing * as a
|
|
||||||
wildcard, but this is allowed only in text after the registry/
|
|
||||||
part.
|
|
||||||
|
|
||||||
The `cluster_admission_rules` block supports:
|
|
||||||
|
|
||||||
* `cluster` - (Required) The identifier for this object. Format specified above.
|
|
||||||
|
|
||||||
* `evaluation_mode` -
|
|
||||||
(Optional)
|
|
||||||
How this admission rule will be evaluated.
|
|
||||||
|
|
||||||
* `require_attestations_by` -
|
|
||||||
(Optional)
|
|
||||||
The resource names of the attestors that must attest to a
|
|
||||||
container image. If the attestor is in a different project from the
|
|
||||||
policy, it should be specified in the format `projects/*/attestors/*`.
|
|
||||||
Each attestor must exist before a policy can reference it. To add an
|
|
||||||
attestor to a policy the principal issuing the policy change
|
|
||||||
request must be able to read the attestor resource.
|
|
||||||
Note: this field must be non-empty when the evaluation_mode field
|
|
||||||
specifies REQUIRE_ATTESTATION, otherwise it must be empty.
|
|
||||||
|
|
||||||
* `enforcement_mode` -
|
|
||||||
(Optional)
|
|
||||||
The action when a pod creation is denied by the admission rule.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Import
|
|
||||||
|
|
||||||
Policy can be imported using any of these accepted formats:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ terraform import google_binary_authorization_policy.default projects/{{project}}
|
|
||||||
$ terraform import google_binary_authorization_policy.default {{project}}
|
|
||||||
```
|
|
@ -1,107 +0,0 @@
|
|||||||
---
|
|
||||||
# ----------------------------------------------------------------------------
|
|
||||||
#
|
|
||||||
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
|
|
||||||
#
|
|
||||||
# ----------------------------------------------------------------------------
|
|
||||||
#
|
|
||||||
# This file is automatically generated by Magic Modules and manual
|
|
||||||
# changes will be clobbered when the file is regenerated.
|
|
||||||
#
|
|
||||||
# Please read more about how to change this file in
|
|
||||||
# .github/CONTRIBUTING.md.
|
|
||||||
#
|
|
||||||
# ----------------------------------------------------------------------------
|
|
||||||
layout: "google"
|
|
||||||
page_title: "Google: google_container_analysis_note"
|
|
||||||
sidebar_current: "docs-google-container-analysis-note"
|
|
||||||
description: |-
|
|
||||||
Provides a detailed description of a Note.
|
|
||||||
---
|
|
||||||
|
|
||||||
# google\_container\_analysis\_note
|
|
||||||
|
|
||||||
Provides a detailed description of a Note.
|
|
||||||
|
|
||||||
~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
|
|
||||||
See [Provider Versions](https://terraform.io/docs/providers/google/provider_versions.html) for more details on beta resources.
|
|
||||||
|
|
||||||
To get more information about Note, see:
|
|
||||||
|
|
||||||
* [API documentation](https://cloud.google.com/container-analysis/api/reference/rest/)
|
|
||||||
* How-to Guides
|
|
||||||
* [Official Documentation](https://cloud.google.com/container-analysis/)
|
|
||||||
|
|
||||||
## Example Usage
|
|
||||||
|
|
||||||
```hcl
|
|
||||||
resource "google_container_analysis_note" "note" {
|
|
||||||
name = "test-attestor-note"
|
|
||||||
attestation_authority {
|
|
||||||
hint {
|
|
||||||
human_readable_name = "Attestor Note"
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
```
|
|
||||||
|
|
||||||
## Argument Reference
|
|
||||||
|
|
||||||
The following arguments are supported:
|
|
||||||
|
|
||||||
|
|
||||||
* `name` -
|
|
||||||
(Required)
|
|
||||||
The name of the note.
|
|
||||||
|
|
||||||
* `attestation_authority` -
|
|
||||||
(Required)
|
|
||||||
Note kind that represents a logical attestation "role" or "authority".
|
|
||||||
For example, an organization might have one AttestationAuthority for
|
|
||||||
"QA" and one for "build". This Note is intended to act strictly as a
|
|
||||||
grouping mechanism for the attached Occurrences (Attestations). This
|
|
||||||
grouping mechanism also provides a security boundary, since IAM ACLs
|
|
||||||
gate the ability for a principle to attach an Occurrence to a given
|
|
||||||
Note. It also provides a single point of lookup to find all attached
|
|
||||||
Attestation Occurrences, even if they don't all live in the same
|
|
||||||
project. Structure is documented below.
|
|
||||||
|
|
||||||
|
|
||||||
The `attestation_authority` block supports:
|
|
||||||
|
|
||||||
* `hint` -
|
|
||||||
(Required)
|
|
||||||
This submessage provides human-readable hints about the purpose of
|
|
||||||
the AttestationAuthority. Because the name of a Note acts as its
|
|
||||||
resource reference, it is important to disambiguate the canonical
|
|
||||||
name of the Note (which might be a UUID for security purposes)
|
|
||||||
from "readable" names more suitable for debug output. Note that
|
|
||||||
these hints should NOT be used to look up AttestationAuthorities
|
|
||||||
in security sensitive contexts, such as when looking up
|
|
||||||
Attestations to verify. Structure is documented below.
|
|
||||||
|
|
||||||
|
|
||||||
The `hint` block supports:
|
|
||||||
|
|
||||||
* `human_readable_name` -
|
|
||||||
(Required)
|
|
||||||
The human readable name of this Attestation Authority, for
|
|
||||||
example "qa".
|
|
||||||
|
|
||||||
- - -
|
|
||||||
|
|
||||||
* `project` - (Optional) The ID of the project in which the resource belongs.
|
|
||||||
If it is not provided, the provider project is used.
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## Import
|
|
||||||
|
|
||||||
Note can be imported using any of these accepted formats:
|
|
||||||
|
|
||||||
```
|
|
||||||
$ terraform import google_container_analysis_note.default projects/{{project}}/notes/{{name}}
|
|
||||||
$ terraform import google_container_analysis_note.default {{project}}/{{name}}
|
|
||||||
$ terraform import google_container_analysis_note.default {{name}}
|
|
||||||
```
|
|
Loading…
Reference in New Issue
Block a user