UserOwnedDrydockNote(mapping=None, *, ignore_unknown_fields=False, **kwargs)
An [user owned drydock note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote] references a Drydock ATTESTATION_AUTHORITY Note created by the user.
Attributes
Name | Description |
note_reference |
str
Required. The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy
providers/*/notes/* ). This field may not be updated.
An attestation by this attestor is stored as a Drydock
ATTESTATION_AUTHORITY Occurrence that names a container
image and that links to this Note. Drydock is an external
dependency.
|
public_keys |
Sequence[google.cloud.binaryauthorization_v1beta1.types.AttestorPublicKey]
Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist. |
delegation_service_account_email |
str
Output only. This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference][Note] in Container
Analysis (containeranalysis.notes.occurrences.viewer ).
This email address is fixed for the lifetime of the
Attestor, but callers should not make any other assumptions
about the service account email; future versions may use an
email based on a different naming pattern.
|