mirror of
https://github.com/letic/terraform-provider-google.git
synced 2024-07-05 17:52:38 +00:00
Remove bad docs (#2371)
<!-- This change is generated by MagicModules. --> /cc @rileykarson
This commit is contained in:
parent
672ae729fa
commit
0a58f45f7e
|
@ -1,161 +0,0 @@
|
|||
---
|
||||
# ----------------------------------------------------------------------------
|
||||
#
|
||||
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
|
||||
#
|
||||
# ----------------------------------------------------------------------------
|
||||
#
|
||||
# This file is automatically generated by Magic Modules and manual
|
||||
# changes will be clobbered when the file is regenerated.
|
||||
#
|
||||
# Please read more about how to change this file in
|
||||
# .github/CONTRIBUTING.md.
|
||||
#
|
||||
# ----------------------------------------------------------------------------
|
||||
layout: "google"
|
||||
page_title: "Google: google_binary_authorization_attestor"
|
||||
sidebar_current: "docs-google-binary-authorization-attestor"
|
||||
description: |-
|
||||
An attestor that attests to container image artifacts.
|
||||
---
|
||||
|
||||
# google\_binary\_authorization\_attestor
|
||||
|
||||
An attestor that attests to container image artifacts.
|
||||
|
||||
~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
|
||||
See [Provider Versions](https://terraform.io/docs/providers/google/provider_versions.html) for more details on beta resources.
|
||||
|
||||
To get more information about Attestor, see:
|
||||
|
||||
* [API documentation](https://cloud.google.com/binary-authorization/docs/reference/rest/)
|
||||
* How-to Guides
|
||||
* [Official Documentation](https://cloud.google.com/binary-authorization/)
|
||||
|
||||
## Example Usage
|
||||
|
||||
```hcl
|
||||
resource "google_binary_authorization_attestor" "attestor" {
|
||||
name = "test-attestor"
|
||||
attestation_authority_note {
|
||||
note_reference = "${google_container_analysis_note.note.name}"
|
||||
public_keys {
|
||||
ascii_armored_pgp_public_key = <<EOF
|
||||
mQENBFtP0doBCADF+joTiXWKVuP8kJt3fgpBSjT9h8ezMfKA4aXZctYLx5wslWQl
|
||||
bB7Iu2ezkECNzoEeU7WxUe8a61pMCh9cisS9H5mB2K2uM4Jnf8tgFeXn3akJDVo0
|
||||
oR1IC+Dp9mXbRSK3MAvKkOwWlG99sx3uEdvmeBRHBOO+grchLx24EThXFOyP9Fk6
|
||||
V39j6xMjw4aggLD15B4V0v9JqBDdJiIYFzszZDL6pJwZrzcP0z8JO4rTZd+f64bD
|
||||
Mpj52j/pQfA8lZHOaAgb1OrthLdMrBAjoDjArV4Ek7vSbrcgYWcI6BhsQrFoxKdX
|
||||
83TZKai55ZCfCLIskwUIzA1NLVwyzCS+fSN/ABEBAAG0KCJUZXN0IEF0dGVzdG9y
|
||||
IiA8ZGFuYWhvZmZtYW5AZ29vZ2xlLmNvbT6JAU4EEwEIADgWIQRfWkqHt6hpTA1L
|
||||
uY060eeM4dc66AUCW0/R2gIbLwULCQgHAgYVCgkICwIEFgIDAQIeAQIXgAAKCRA6
|
||||
0eeM4dc66HdpCAC4ot3b0OyxPb0Ip+WT2U0PbpTBPJklesuwpIrM4Lh0N+1nVRLC
|
||||
51WSmVbM8BiAFhLbN9LpdHhds1kUrHF7+wWAjdR8sqAj9otc6HGRM/3qfa2qgh+U
|
||||
WTEk/3us/rYSi7T7TkMuutRMIa1IkR13uKiW56csEMnbOQpn9rDqwIr5R8nlZP5h
|
||||
MAU9vdm1DIv567meMqTaVZgR3w7bck2P49AO8lO5ERFpVkErtu/98y+rUy9d789l
|
||||
+OPuS1NGnxI1YKsNaWJF4uJVuvQuZ1twrhCbGNtVorO2U12+cEq+YtUxj7kmdOC1
|
||||
qoIRW6y0+UlAc+MbqfL0ziHDOAmcqz1GnROg
|
||||
=6Bvm
|
||||
EOF
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_container_analysis_note" "note" {
|
||||
name = "test-attestor-note"
|
||||
attestation_authority {
|
||||
hint {
|
||||
human_readable_name = "Attestor Note"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Argument Reference
|
||||
|
||||
The following arguments are supported:
|
||||
|
||||
|
||||
* `name` -
|
||||
(Required)
|
||||
The resource name.
|
||||
|
||||
* `attestation_authority_note` -
|
||||
(Required)
|
||||
A Container Analysis ATTESTATION_AUTHORITY Note, created by the user. Structure is documented below.
|
||||
|
||||
|
||||
The `attestation_authority_note` block supports:
|
||||
|
||||
* `note_reference` -
|
||||
(Required)
|
||||
The resource name of a ATTESTATION_AUTHORITY Note, created by the
|
||||
user. If the Note is in a different project from the Attestor, it
|
||||
should be specified in the format `projects/*/notes/*` (or the legacy
|
||||
`providers/*/notes/*`). This field may not be updated.
|
||||
An attestation by this attestor is stored as a Container Analysis
|
||||
ATTESTATION_AUTHORITY Occurrence that names a container image
|
||||
and that links to this Note.
|
||||
|
||||
* `public_keys` -
|
||||
(Optional)
|
||||
Public keys that verify attestations signed by this attestor. This
|
||||
field may be updated.
|
||||
If this field is non-empty, one of the specified public keys must
|
||||
verify that an attestation was signed by this attestor for the
|
||||
image specified in the admission request.
|
||||
If this field is empty, this attestor always returns that no valid
|
||||
attestations exist. Structure is documented below.
|
||||
|
||||
* `delegation_service_account_email` -
|
||||
This field will contain the service account email address that
|
||||
this Attestor will use as the principal when querying Container
|
||||
Analysis. Attestor administrators must grant this service account
|
||||
the IAM role needed to read attestations from the noteReference in
|
||||
Container Analysis (containeranalysis.notes.occurrences.viewer).
|
||||
This email address is fixed for the lifetime of the Attestor, but
|
||||
callers should not make any other assumptions about the service
|
||||
account email; future versions may use an email based on a
|
||||
different naming pattern.
|
||||
|
||||
|
||||
The `public_keys` block supports:
|
||||
|
||||
* `comment` -
|
||||
(Optional)
|
||||
A descriptive comment. This field may be updated.
|
||||
|
||||
* `id` -
|
||||
This field will be overwritten with key ID information, for
|
||||
example, an identifier extracted from a PGP public key. This
|
||||
field may not be updated.
|
||||
|
||||
* `ascii_armored_pgp_public_key` -
|
||||
(Required)
|
||||
ASCII-armored representation of a PGP public key, as the
|
||||
entire output by the command
|
||||
`gpg --export --armor foo@example.com` (either LF or CRLF
|
||||
line endings).
|
||||
|
||||
- - -
|
||||
|
||||
|
||||
* `description` -
|
||||
(Optional)
|
||||
A descriptive comment. This field may be updated. The field may be
|
||||
displayed in chooser dialogs.
|
||||
* `project` - (Optional) The ID of the project in which the resource belongs.
|
||||
If it is not provided, the provider project is used.
|
||||
|
||||
|
||||
|
||||
|
||||
## Import
|
||||
|
||||
Attestor can be imported using any of these accepted formats:
|
||||
|
||||
```
|
||||
$ terraform import google_binary_authorization_attestor.default projects/{{project}}/attestors/{{name}}
|
||||
$ terraform import google_binary_authorization_attestor.default {{project}}/{{name}}
|
||||
$ terraform import google_binary_authorization_attestor.default {{name}}
|
||||
```
|
|
@ -1,174 +0,0 @@
|
|||
---
|
||||
# ----------------------------------------------------------------------------
|
||||
#
|
||||
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
|
||||
#
|
||||
# ----------------------------------------------------------------------------
|
||||
#
|
||||
# This file is automatically generated by Magic Modules and manual
|
||||
# changes will be clobbered when the file is regenerated.
|
||||
#
|
||||
# Please read more about how to change this file in
|
||||
# .github/CONTRIBUTING.md.
|
||||
#
|
||||
# ----------------------------------------------------------------------------
|
||||
layout: "google"
|
||||
page_title: "Google: google_binary_authorization_policy"
|
||||
sidebar_current: "docs-google-binary-authorization-policy"
|
||||
description: |-
|
||||
A policy for container image binary authorization.
|
||||
---
|
||||
|
||||
# google\_binary\_authorization\_policy
|
||||
|
||||
A policy for container image binary authorization.
|
||||
|
||||
~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
|
||||
See [Provider Versions](https://terraform.io/docs/providers/google/provider_versions.html) for more details on beta resources.
|
||||
|
||||
To get more information about Policy, see:
|
||||
|
||||
* [API documentation](https://cloud.google.com/binary-authorization/docs/reference/rest/)
|
||||
* How-to Guides
|
||||
* [Official Documentation](https://cloud.google.com/binary-authorization/)
|
||||
|
||||
## Example Usage
|
||||
|
||||
```hcl
|
||||
resource "google_binary_authorization_policy" "policy" {
|
||||
admission_whitelist_patterns {
|
||||
name_pattern= "gcr.io/google_containers/*"
|
||||
}
|
||||
|
||||
default_admission_rule {
|
||||
evaluation_mode = "ALWAYS_ALLOW"
|
||||
enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
|
||||
}
|
||||
|
||||
cluster_admission_rules {
|
||||
cluster = "us-central1-a.prod-cluster"
|
||||
evaluation_mode = "REQUIRE_ATTESTATION"
|
||||
enforcement_mode = "ENFORCED_BLOCK_AND_AUDIT_LOG"
|
||||
require_attestations_by = ["${google_binary_authorization_attestor.attestor.name}"]
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_container_analysis_note" "note" {
|
||||
name = "test-attestor-note"
|
||||
attestation_authority {
|
||||
hint {
|
||||
human_readable_name = "My attestor"
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
resource "google_binary_authorization_attestor" "attestor" {
|
||||
name = "test-attestor"
|
||||
attestation_authority_note {
|
||||
note_reference = "${google_container_analysis_note.note.name}"
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Argument Reference
|
||||
|
||||
The following arguments are supported:
|
||||
|
||||
|
||||
* `default_admission_rule` -
|
||||
(Required)
|
||||
Default admission rule for a cluster without a per-cluster admission
|
||||
rule. Structure is documented below.
|
||||
|
||||
|
||||
The `default_admission_rule` block supports:
|
||||
|
||||
* `evaluation_mode` -
|
||||
(Required)
|
||||
How this admission rule will be evaluated.
|
||||
|
||||
* `require_attestations_by` -
|
||||
(Optional)
|
||||
The resource names of the attestors that must attest to a
|
||||
container image. If the attestor is in a different project from the
|
||||
policy, it should be specified in the format `projects/*/attestors/*`.
|
||||
Each attestor must exist before a policy can reference it. To add an
|
||||
attestor to a policy the principal issuing the policy change
|
||||
request must be able to read the attestor resource.
|
||||
Note: this field must be non-empty when the evaluation_mode field
|
||||
specifies REQUIRE_ATTESTATION, otherwise it must be empty.
|
||||
|
||||
* `enforcement_mode` -
|
||||
(Required)
|
||||
The action when a pod creation is denied by the admission rule.
|
||||
|
||||
- - -
|
||||
|
||||
|
||||
* `description` -
|
||||
(Optional)
|
||||
A descriptive comment.
|
||||
|
||||
* `admission_whitelist_patterns` -
|
||||
(Optional)
|
||||
A whitelist of image patterns to exclude from admission rules. If an
|
||||
image's name matches a whitelist pattern, the image's admission
|
||||
requests will always be permitted regardless of your admission rules. Structure is documented below.
|
||||
|
||||
* `cluster_admission_rules` -
|
||||
(Optional)
|
||||
Per-cluster admission rules. An admission rule specifies either that
|
||||
all container images used in a pod creation request must be attested
|
||||
to by one or more attestors, that all pod creations will be allowed,
|
||||
or that all pod creations will be denied. There can be at most one
|
||||
admission rule per cluster spec.
|
||||
|
||||
Identifier format: `{{location}}.{{clusterId}}`.
|
||||
A location is either a compute zone (e.g. `us-central1-a`) or a region
|
||||
(e.g. `us-central1`). Structure is documented below.
|
||||
* `project` - (Optional) The ID of the project in which the resource belongs.
|
||||
If it is not provided, the provider project is used.
|
||||
|
||||
|
||||
The `admission_whitelist_patterns` block supports:
|
||||
|
||||
* `name_pattern` -
|
||||
(Optional)
|
||||
An image name pattern to whitelist, in the form
|
||||
`registry/path/to/image`. This supports a trailing * as a
|
||||
wildcard, but this is allowed only in text after the registry/
|
||||
part.
|
||||
|
||||
The `cluster_admission_rules` block supports:
|
||||
|
||||
* `cluster` - (Required) The identifier for this object. Format specified above.
|
||||
|
||||
* `evaluation_mode` -
|
||||
(Optional)
|
||||
How this admission rule will be evaluated.
|
||||
|
||||
* `require_attestations_by` -
|
||||
(Optional)
|
||||
The resource names of the attestors that must attest to a
|
||||
container image. If the attestor is in a different project from the
|
||||
policy, it should be specified in the format `projects/*/attestors/*`.
|
||||
Each attestor must exist before a policy can reference it. To add an
|
||||
attestor to a policy the principal issuing the policy change
|
||||
request must be able to read the attestor resource.
|
||||
Note: this field must be non-empty when the evaluation_mode field
|
||||
specifies REQUIRE_ATTESTATION, otherwise it must be empty.
|
||||
|
||||
* `enforcement_mode` -
|
||||
(Optional)
|
||||
The action when a pod creation is denied by the admission rule.
|
||||
|
||||
|
||||
|
||||
## Import
|
||||
|
||||
Policy can be imported using any of these accepted formats:
|
||||
|
||||
```
|
||||
$ terraform import google_binary_authorization_policy.default projects/{{project}}
|
||||
$ terraform import google_binary_authorization_policy.default {{project}}
|
||||
```
|
|
@ -1,107 +0,0 @@
|
|||
---
|
||||
# ----------------------------------------------------------------------------
|
||||
#
|
||||
# *** AUTO GENERATED CODE *** AUTO GENERATED CODE ***
|
||||
#
|
||||
# ----------------------------------------------------------------------------
|
||||
#
|
||||
# This file is automatically generated by Magic Modules and manual
|
||||
# changes will be clobbered when the file is regenerated.
|
||||
#
|
||||
# Please read more about how to change this file in
|
||||
# .github/CONTRIBUTING.md.
|
||||
#
|
||||
# ----------------------------------------------------------------------------
|
||||
layout: "google"
|
||||
page_title: "Google: google_container_analysis_note"
|
||||
sidebar_current: "docs-google-container-analysis-note"
|
||||
description: |-
|
||||
Provides a detailed description of a Note.
|
||||
---
|
||||
|
||||
# google\_container\_analysis\_note
|
||||
|
||||
Provides a detailed description of a Note.
|
||||
|
||||
~> **Warning:** This resource is in beta, and should be used with the terraform-provider-google-beta provider.
|
||||
See [Provider Versions](https://terraform.io/docs/providers/google/provider_versions.html) for more details on beta resources.
|
||||
|
||||
To get more information about Note, see:
|
||||
|
||||
* [API documentation](https://cloud.google.com/container-analysis/api/reference/rest/)
|
||||
* How-to Guides
|
||||
* [Official Documentation](https://cloud.google.com/container-analysis/)
|
||||
|
||||
## Example Usage
|
||||
|
||||
```hcl
|
||||
resource "google_container_analysis_note" "note" {
|
||||
name = "test-attestor-note"
|
||||
attestation_authority {
|
||||
hint {
|
||||
human_readable_name = "Attestor Note"
|
||||
}
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
## Argument Reference
|
||||
|
||||
The following arguments are supported:
|
||||
|
||||
|
||||
* `name` -
|
||||
(Required)
|
||||
The name of the note.
|
||||
|
||||
* `attestation_authority` -
|
||||
(Required)
|
||||
Note kind that represents a logical attestation "role" or "authority".
|
||||
For example, an organization might have one AttestationAuthority for
|
||||
"QA" and one for "build". This Note is intended to act strictly as a
|
||||
grouping mechanism for the attached Occurrences (Attestations). This
|
||||
grouping mechanism also provides a security boundary, since IAM ACLs
|
||||
gate the ability for a principle to attach an Occurrence to a given
|
||||
Note. It also provides a single point of lookup to find all attached
|
||||
Attestation Occurrences, even if they don't all live in the same
|
||||
project. Structure is documented below.
|
||||
|
||||
|
||||
The `attestation_authority` block supports:
|
||||
|
||||
* `hint` -
|
||||
(Required)
|
||||
This submessage provides human-readable hints about the purpose of
|
||||
the AttestationAuthority. Because the name of a Note acts as its
|
||||
resource reference, it is important to disambiguate the canonical
|
||||
name of the Note (which might be a UUID for security purposes)
|
||||
from "readable" names more suitable for debug output. Note that
|
||||
these hints should NOT be used to look up AttestationAuthorities
|
||||
in security sensitive contexts, such as when looking up
|
||||
Attestations to verify. Structure is documented below.
|
||||
|
||||
|
||||
The `hint` block supports:
|
||||
|
||||
* `human_readable_name` -
|
||||
(Required)
|
||||
The human readable name of this Attestation Authority, for
|
||||
example "qa".
|
||||
|
||||
- - -
|
||||
|
||||
* `project` - (Optional) The ID of the project in which the resource belongs.
|
||||
If it is not provided, the provider project is used.
|
||||
|
||||
|
||||
|
||||
|
||||
## Import
|
||||
|
||||
Note can be imported using any of these accepted formats:
|
||||
|
||||
```
|
||||
$ terraform import google_container_analysis_note.default projects/{{project}}/notes/{{name}}
|
||||
$ terraform import google_container_analysis_note.default {{project}}/{{name}}
|
||||
$ terraform import google_container_analysis_note.default {{name}}
|
||||
```
|
Loading…
Reference in New Issue
Block a user