containeranalysis

package
v6.58.0 Latest Latest
Warning

This package is not in the latest version of its module.

Go to latest
Published: Jun 6, 2023 License: Apache-2.0 Imports: 7 Imported by: 0

Documentation

Index

Constants

This section is empty.

Variables

This section is empty.

Functions

This section is empty.

Types

type Note

type Note struct {
	pulumi.CustomResourceState

	// Note kind that represents a logical attestation "role" or "authority".
	// For example, an organization might have one AttestationAuthority for
	// "QA" and one for "build". This Note is intended to act strictly as a
	// grouping mechanism for the attached Occurrences (Attestations). This
	// grouping mechanism also provides a security boundary, since IAM ACLs
	// gate the ability for a principle to attach an Occurrence to a given
	// Note. It also provides a single point of lookup to find all attached
	// Attestation Occurrences, even if they don't all live in the same
	// project.
	// Structure is documented below.
	AttestationAuthority NoteAttestationAuthorityOutput `pulumi:"attestationAuthority"`
	// The time this note was created.
	CreateTime pulumi.StringOutput `pulumi:"createTime"`
	// Time of expiration for this note. Leave empty if note does not expire.
	ExpirationTime pulumi.StringPtrOutput `pulumi:"expirationTime"`
	// The type of analysis this note describes
	Kind pulumi.StringOutput `pulumi:"kind"`
	// A detailed description of the note
	LongDescription pulumi.StringPtrOutput `pulumi:"longDescription"`
	// The name of the note.
	Name pulumi.StringOutput `pulumi:"name"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// Names of other notes related to this note.
	RelatedNoteNames pulumi.StringArrayOutput `pulumi:"relatedNoteNames"`
	// URLs associated with this note and related metadata.
	// Structure is documented below.
	RelatedUrls NoteRelatedUrlArrayOutput `pulumi:"relatedUrls"`
	// A one sentence description of the note.
	ShortDescription pulumi.StringPtrOutput `pulumi:"shortDescription"`
	// The time this note was last updated.
	UpdateTime pulumi.StringOutput `pulumi:"updateTime"`
}

A Container Analysis note is a high-level piece of metadata that describes a type of analysis that can be done for a resource.

To get more information about Note, see:

* [API documentation](https://cloud.google.com/container-analysis/api/reference/rest/) * How-to Guides

## Example Usage ### Container Analysis Note Basic

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/containeranalysis"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := containeranalysis.NewNote(ctx, "note", &containeranalysis.NoteArgs{
			AttestationAuthority: &containeranalysis.NoteAttestationAuthorityArgs{
				Hint: &containeranalysis.NoteAttestationAuthorityHintArgs{
					HumanReadableName: pulumi.String("Attestor Note"),
				},
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

``` ### Container Analysis Note Attestation Full

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/containeranalysis"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := containeranalysis.NewNote(ctx, "note", &containeranalysis.NoteArgs{
			AttestationAuthority: &containeranalysis.NoteAttestationAuthorityArgs{
				Hint: &containeranalysis.NoteAttestationAuthorityHintArgs{
					HumanReadableName: pulumi.String("Attestor Note"),
				},
			},
			ExpirationTime:  pulumi.String("2120-10-02T15:01:23.045123456Z"),
			LongDescription: pulumi.String("a longer description of test note"),
			RelatedUrls: containeranalysis.NoteRelatedUrlArray{
				&containeranalysis.NoteRelatedUrlArgs{
					Label: pulumi.String("foo"),
					Url:   pulumi.String("some.url"),
				},
				&containeranalysis.NoteRelatedUrlArgs{
					Url: pulumi.String("google.com"),
				},
			},
			ShortDescription: pulumi.String("test note"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

Note can be imported using any of these accepted formats

```sh

$ pulumi import gcp:containeranalysis/note:Note default projects/{{project}}/notes/{{name}}

```

```sh

$ pulumi import gcp:containeranalysis/note:Note default {{project}}/{{name}}

```

```sh

$ pulumi import gcp:containeranalysis/note:Note default {{name}}

```

func GetNote

func GetNote(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *NoteState, opts ...pulumi.ResourceOption) (*Note, error)

GetNote gets an existing Note resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewNote

func NewNote(ctx *pulumi.Context,
	name string, args *NoteArgs, opts ...pulumi.ResourceOption) (*Note, error)

NewNote registers a new resource with the given unique name, arguments, and options.

func (*Note) ElementType

func (*Note) ElementType() reflect.Type

func (*Note) ToNoteOutput

func (i *Note) ToNoteOutput() NoteOutput

func (*Note) ToNoteOutputWithContext

func (i *Note) ToNoteOutputWithContext(ctx context.Context) NoteOutput

type NoteArgs

type NoteArgs struct {
	// Note kind that represents a logical attestation "role" or "authority".
	// For example, an organization might have one AttestationAuthority for
	// "QA" and one for "build". This Note is intended to act strictly as a
	// grouping mechanism for the attached Occurrences (Attestations). This
	// grouping mechanism also provides a security boundary, since IAM ACLs
	// gate the ability for a principle to attach an Occurrence to a given
	// Note. It also provides a single point of lookup to find all attached
	// Attestation Occurrences, even if they don't all live in the same
	// project.
	// Structure is documented below.
	AttestationAuthority NoteAttestationAuthorityInput
	// Time of expiration for this note. Leave empty if note does not expire.
	ExpirationTime pulumi.StringPtrInput
	// A detailed description of the note
	LongDescription pulumi.StringPtrInput
	// The name of the note.
	Name pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// Names of other notes related to this note.
	RelatedNoteNames pulumi.StringArrayInput
	// URLs associated with this note and related metadata.
	// Structure is documented below.
	RelatedUrls NoteRelatedUrlArrayInput
	// A one sentence description of the note.
	ShortDescription pulumi.StringPtrInput
}

The set of arguments for constructing a Note resource.

func (NoteArgs) ElementType

func (NoteArgs) ElementType() reflect.Type

type NoteArray

type NoteArray []NoteInput

func (NoteArray) ElementType

func (NoteArray) ElementType() reflect.Type

func (NoteArray) ToNoteArrayOutput

func (i NoteArray) ToNoteArrayOutput() NoteArrayOutput

func (NoteArray) ToNoteArrayOutputWithContext

func (i NoteArray) ToNoteArrayOutputWithContext(ctx context.Context) NoteArrayOutput

type NoteArrayInput

type NoteArrayInput interface {
	pulumi.Input

	ToNoteArrayOutput() NoteArrayOutput
	ToNoteArrayOutputWithContext(context.Context) NoteArrayOutput
}

NoteArrayInput is an input type that accepts NoteArray and NoteArrayOutput values. You can construct a concrete instance of `NoteArrayInput` via:

NoteArray{ NoteArgs{...} }

type NoteArrayOutput

type NoteArrayOutput struct{ *pulumi.OutputState }

func (NoteArrayOutput) ElementType

func (NoteArrayOutput) ElementType() reflect.Type

func (NoteArrayOutput) Index

func (NoteArrayOutput) ToNoteArrayOutput

func (o NoteArrayOutput) ToNoteArrayOutput() NoteArrayOutput

func (NoteArrayOutput) ToNoteArrayOutputWithContext

func (o NoteArrayOutput) ToNoteArrayOutputWithContext(ctx context.Context) NoteArrayOutput

type NoteAttestationAuthority

type NoteAttestationAuthority struct {
	// This submessage provides human-readable hints about the purpose of
	// the AttestationAuthority. Because the name of a Note acts as its
	// resource reference, it is important to disambiguate the canonical
	// name of the Note (which might be a UUID for security purposes)
	// from "readable" names more suitable for debug output. Note that
	// these hints should NOT be used to look up AttestationAuthorities
	// in security sensitive contexts, such as when looking up
	// Attestations to verify.
	// Structure is documented below.
	Hint NoteAttestationAuthorityHint `pulumi:"hint"`
}

type NoteAttestationAuthorityArgs

type NoteAttestationAuthorityArgs struct {
	// This submessage provides human-readable hints about the purpose of
	// the AttestationAuthority. Because the name of a Note acts as its
	// resource reference, it is important to disambiguate the canonical
	// name of the Note (which might be a UUID for security purposes)
	// from "readable" names more suitable for debug output. Note that
	// these hints should NOT be used to look up AttestationAuthorities
	// in security sensitive contexts, such as when looking up
	// Attestations to verify.
	// Structure is documented below.
	Hint NoteAttestationAuthorityHintInput `pulumi:"hint"`
}

func (NoteAttestationAuthorityArgs) ElementType

func (NoteAttestationAuthorityArgs) ToNoteAttestationAuthorityOutput

func (i NoteAttestationAuthorityArgs) ToNoteAttestationAuthorityOutput() NoteAttestationAuthorityOutput

func (NoteAttestationAuthorityArgs) ToNoteAttestationAuthorityOutputWithContext

func (i NoteAttestationAuthorityArgs) ToNoteAttestationAuthorityOutputWithContext(ctx context.Context) NoteAttestationAuthorityOutput

func (NoteAttestationAuthorityArgs) ToNoteAttestationAuthorityPtrOutput

func (i NoteAttestationAuthorityArgs) ToNoteAttestationAuthorityPtrOutput() NoteAttestationAuthorityPtrOutput

func (NoteAttestationAuthorityArgs) ToNoteAttestationAuthorityPtrOutputWithContext

func (i NoteAttestationAuthorityArgs) ToNoteAttestationAuthorityPtrOutputWithContext(ctx context.Context) NoteAttestationAuthorityPtrOutput

type NoteAttestationAuthorityHint

type NoteAttestationAuthorityHint struct {
	// The human readable name of this Attestation Authority, for
	// example "qa".
	//
	// ***
	HumanReadableName string `pulumi:"humanReadableName"`
}

type NoteAttestationAuthorityHintArgs

type NoteAttestationAuthorityHintArgs struct {
	// The human readable name of this Attestation Authority, for
	// example "qa".
	//
	// ***
	HumanReadableName pulumi.StringInput `pulumi:"humanReadableName"`
}

func (NoteAttestationAuthorityHintArgs) ElementType

func (NoteAttestationAuthorityHintArgs) ToNoteAttestationAuthorityHintOutput

func (i NoteAttestationAuthorityHintArgs) ToNoteAttestationAuthorityHintOutput() NoteAttestationAuthorityHintOutput

func (NoteAttestationAuthorityHintArgs) ToNoteAttestationAuthorityHintOutputWithContext

func (i NoteAttestationAuthorityHintArgs) ToNoteAttestationAuthorityHintOutputWithContext(ctx context.Context) NoteAttestationAuthorityHintOutput

func (NoteAttestationAuthorityHintArgs) ToNoteAttestationAuthorityHintPtrOutput

func (i NoteAttestationAuthorityHintArgs) ToNoteAttestationAuthorityHintPtrOutput() NoteAttestationAuthorityHintPtrOutput

func (NoteAttestationAuthorityHintArgs) ToNoteAttestationAuthorityHintPtrOutputWithContext

func (i NoteAttestationAuthorityHintArgs) ToNoteAttestationAuthorityHintPtrOutputWithContext(ctx context.Context) NoteAttestationAuthorityHintPtrOutput

type NoteAttestationAuthorityHintInput

type NoteAttestationAuthorityHintInput interface {
	pulumi.Input

	ToNoteAttestationAuthorityHintOutput() NoteAttestationAuthorityHintOutput
	ToNoteAttestationAuthorityHintOutputWithContext(context.Context) NoteAttestationAuthorityHintOutput
}

NoteAttestationAuthorityHintInput is an input type that accepts NoteAttestationAuthorityHintArgs and NoteAttestationAuthorityHintOutput values. You can construct a concrete instance of `NoteAttestationAuthorityHintInput` via:

NoteAttestationAuthorityHintArgs{...}

type NoteAttestationAuthorityHintOutput

type NoteAttestationAuthorityHintOutput struct{ *pulumi.OutputState }

func (NoteAttestationAuthorityHintOutput) ElementType

func (NoteAttestationAuthorityHintOutput) HumanReadableName

The human readable name of this Attestation Authority, for example "qa".

***

func (NoteAttestationAuthorityHintOutput) ToNoteAttestationAuthorityHintOutput

func (o NoteAttestationAuthorityHintOutput) ToNoteAttestationAuthorityHintOutput() NoteAttestationAuthorityHintOutput

func (NoteAttestationAuthorityHintOutput) ToNoteAttestationAuthorityHintOutputWithContext

func (o NoteAttestationAuthorityHintOutput) ToNoteAttestationAuthorityHintOutputWithContext(ctx context.Context) NoteAttestationAuthorityHintOutput

func (NoteAttestationAuthorityHintOutput) ToNoteAttestationAuthorityHintPtrOutput

func (o NoteAttestationAuthorityHintOutput) ToNoteAttestationAuthorityHintPtrOutput() NoteAttestationAuthorityHintPtrOutput

func (NoteAttestationAuthorityHintOutput) ToNoteAttestationAuthorityHintPtrOutputWithContext

func (o NoteAttestationAuthorityHintOutput) ToNoteAttestationAuthorityHintPtrOutputWithContext(ctx context.Context) NoteAttestationAuthorityHintPtrOutput

type NoteAttestationAuthorityHintPtrInput

type NoteAttestationAuthorityHintPtrInput interface {
	pulumi.Input

	ToNoteAttestationAuthorityHintPtrOutput() NoteAttestationAuthorityHintPtrOutput
	ToNoteAttestationAuthorityHintPtrOutputWithContext(context.Context) NoteAttestationAuthorityHintPtrOutput
}

NoteAttestationAuthorityHintPtrInput is an input type that accepts NoteAttestationAuthorityHintArgs, NoteAttestationAuthorityHintPtr and NoteAttestationAuthorityHintPtrOutput values. You can construct a concrete instance of `NoteAttestationAuthorityHintPtrInput` via:

        NoteAttestationAuthorityHintArgs{...}

or:

        nil

type NoteAttestationAuthorityHintPtrOutput

type NoteAttestationAuthorityHintPtrOutput struct{ *pulumi.OutputState }

func (NoteAttestationAuthorityHintPtrOutput) Elem

func (NoteAttestationAuthorityHintPtrOutput) ElementType

func (NoteAttestationAuthorityHintPtrOutput) HumanReadableName

The human readable name of this Attestation Authority, for example "qa".

***

func (NoteAttestationAuthorityHintPtrOutput) ToNoteAttestationAuthorityHintPtrOutput

func (o NoteAttestationAuthorityHintPtrOutput) ToNoteAttestationAuthorityHintPtrOutput() NoteAttestationAuthorityHintPtrOutput

func (NoteAttestationAuthorityHintPtrOutput) ToNoteAttestationAuthorityHintPtrOutputWithContext

func (o NoteAttestationAuthorityHintPtrOutput) ToNoteAttestationAuthorityHintPtrOutputWithContext(ctx context.Context) NoteAttestationAuthorityHintPtrOutput

type NoteAttestationAuthorityInput

type NoteAttestationAuthorityInput interface {
	pulumi.Input

	ToNoteAttestationAuthorityOutput() NoteAttestationAuthorityOutput
	ToNoteAttestationAuthorityOutputWithContext(context.Context) NoteAttestationAuthorityOutput
}

NoteAttestationAuthorityInput is an input type that accepts NoteAttestationAuthorityArgs and NoteAttestationAuthorityOutput values. You can construct a concrete instance of `NoteAttestationAuthorityInput` via:

NoteAttestationAuthorityArgs{...}

type NoteAttestationAuthorityOutput

type NoteAttestationAuthorityOutput struct{ *pulumi.OutputState }

func (NoteAttestationAuthorityOutput) ElementType

func (NoteAttestationAuthorityOutput) Hint

This submessage provides human-readable hints about the purpose of the AttestationAuthority. Because the name of a Note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should NOT be used to look up AttestationAuthorities in security sensitive contexts, such as when looking up Attestations to verify. Structure is documented below.

func (NoteAttestationAuthorityOutput) ToNoteAttestationAuthorityOutput

func (o NoteAttestationAuthorityOutput) ToNoteAttestationAuthorityOutput() NoteAttestationAuthorityOutput

func (NoteAttestationAuthorityOutput) ToNoteAttestationAuthorityOutputWithContext

func (o NoteAttestationAuthorityOutput) ToNoteAttestationAuthorityOutputWithContext(ctx context.Context) NoteAttestationAuthorityOutput

func (NoteAttestationAuthorityOutput) ToNoteAttestationAuthorityPtrOutput

func (o NoteAttestationAuthorityOutput) ToNoteAttestationAuthorityPtrOutput() NoteAttestationAuthorityPtrOutput

func (NoteAttestationAuthorityOutput) ToNoteAttestationAuthorityPtrOutputWithContext

func (o NoteAttestationAuthorityOutput) ToNoteAttestationAuthorityPtrOutputWithContext(ctx context.Context) NoteAttestationAuthorityPtrOutput

type NoteAttestationAuthorityPtrInput

type NoteAttestationAuthorityPtrInput interface {
	pulumi.Input

	ToNoteAttestationAuthorityPtrOutput() NoteAttestationAuthorityPtrOutput
	ToNoteAttestationAuthorityPtrOutputWithContext(context.Context) NoteAttestationAuthorityPtrOutput
}

NoteAttestationAuthorityPtrInput is an input type that accepts NoteAttestationAuthorityArgs, NoteAttestationAuthorityPtr and NoteAttestationAuthorityPtrOutput values. You can construct a concrete instance of `NoteAttestationAuthorityPtrInput` via:

        NoteAttestationAuthorityArgs{...}

or:

        nil

type NoteAttestationAuthorityPtrOutput

type NoteAttestationAuthorityPtrOutput struct{ *pulumi.OutputState }

func (NoteAttestationAuthorityPtrOutput) Elem

func (NoteAttestationAuthorityPtrOutput) ElementType

func (NoteAttestationAuthorityPtrOutput) Hint

This submessage provides human-readable hints about the purpose of the AttestationAuthority. Because the name of a Note acts as its resource reference, it is important to disambiguate the canonical name of the Note (which might be a UUID for security purposes) from "readable" names more suitable for debug output. Note that these hints should NOT be used to look up AttestationAuthorities in security sensitive contexts, such as when looking up Attestations to verify. Structure is documented below.

func (NoteAttestationAuthorityPtrOutput) ToNoteAttestationAuthorityPtrOutput

func (o NoteAttestationAuthorityPtrOutput) ToNoteAttestationAuthorityPtrOutput() NoteAttestationAuthorityPtrOutput

func (NoteAttestationAuthorityPtrOutput) ToNoteAttestationAuthorityPtrOutputWithContext

func (o NoteAttestationAuthorityPtrOutput) ToNoteAttestationAuthorityPtrOutputWithContext(ctx context.Context) NoteAttestationAuthorityPtrOutput

type NoteIamBinding added in v6.58.0

type NoteIamBinding struct {
	pulumi.CustomResourceState

	Condition NoteIamBindingConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringOutput      `pulumi:"etag"`
	Members pulumi.StringArrayOutput `pulumi:"members"`
	// Used to find the parent resource to bind the IAM policy to
	Note pulumi.StringOutput `pulumi:"note"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	//
	// * `member/members` - (Required) Identities that will be granted the privilege in `role`.
	//   Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:

* `containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached. * `containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved. * `containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.

A data source can be used to retrieve policy data in advent you do not need creation

* `containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note

> **Note:** `containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `containeranalysis.NoteIamBinding` and `containeranalysis.NoteIamMember` or they will fight over what your policy should be.

> **Note:** `containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.

## google\_container\_analysis\_note\_iam\_policy

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/containeranalysis"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/containeranalysis.notes.occurrences.viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = containeranalysis.NewNoteIamPolicy(ctx, "policy", &containeranalysis.NoteIamPolicyArgs{
			Project:    pulumi.Any(google_container_analysis_note.Note.Project),
			Note:       pulumi.Any(google_container_analysis_note.Note.Name),
			PolicyData: *pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_container\_analysis\_note\_iam\_binding

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/containeranalysis"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := containeranalysis.NewNoteIamBinding(ctx, "binding", &containeranalysis.NoteIamBindingArgs{
			Project: pulumi.Any(google_container_analysis_note.Note.Project),
			Note:    pulumi.Any(google_container_analysis_note.Note.Name),
			Role:    pulumi.String("roles/containeranalysis.notes.occurrences.viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_container\_analysis\_note\_iam\_member

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/containeranalysis"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := containeranalysis.NewNoteIamMember(ctx, "member", &containeranalysis.NoteIamMemberArgs{
			Project: pulumi.Any(google_container_analysis_note.Note.Project),
			Note:    pulumi.Any(google_container_analysis_note.Note.Name),
			Role:    pulumi.String("roles/containeranalysis.notes.occurrences.viewer"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/notes/{{name}} * {{project}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Container Registry note IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh

$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor "projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com"

```

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh

$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor "projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer"

```

IAM policy imports use the identifier of the resource in question, e.g.

```sh

$ pulumi import gcp:containeranalysis/noteIamBinding:NoteIamBinding editor projects/{{project}}/notes/{{note}}

```

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetNoteIamBinding added in v6.58.0

func GetNoteIamBinding(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *NoteIamBindingState, opts ...pulumi.ResourceOption) (*NoteIamBinding, error)

GetNoteIamBinding gets an existing NoteIamBinding resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewNoteIamBinding added in v6.58.0

func NewNoteIamBinding(ctx *pulumi.Context,
	name string, args *NoteIamBindingArgs, opts ...pulumi.ResourceOption) (*NoteIamBinding, error)

NewNoteIamBinding registers a new resource with the given unique name, arguments, and options.

func (*NoteIamBinding) ElementType added in v6.58.0

func (*NoteIamBinding) ElementType() reflect.Type

func (*NoteIamBinding) ToNoteIamBindingOutput added in v6.58.0

func (i *NoteIamBinding) ToNoteIamBindingOutput() NoteIamBindingOutput

func (*NoteIamBinding) ToNoteIamBindingOutputWithContext added in v6.58.0

func (i *NoteIamBinding) ToNoteIamBindingOutputWithContext(ctx context.Context) NoteIamBindingOutput

type NoteIamBindingArgs added in v6.58.0

type NoteIamBindingArgs struct {
	Condition NoteIamBindingConditionPtrInput
	Members   pulumi.StringArrayInput
	// Used to find the parent resource to bind the IAM policy to
	Note pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	//
	// * `member/members` - (Required) Identities that will be granted the privilege in `role`.
	//   Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a NoteIamBinding resource.

func (NoteIamBindingArgs) ElementType added in v6.58.0

func (NoteIamBindingArgs) ElementType() reflect.Type

type NoteIamBindingArray added in v6.58.0

type NoteIamBindingArray []NoteIamBindingInput

func (NoteIamBindingArray) ElementType added in v6.58.0

func (NoteIamBindingArray) ElementType() reflect.Type

func (NoteIamBindingArray) ToNoteIamBindingArrayOutput added in v6.58.0

func (i NoteIamBindingArray) ToNoteIamBindingArrayOutput() NoteIamBindingArrayOutput

func (NoteIamBindingArray) ToNoteIamBindingArrayOutputWithContext added in v6.58.0

func (i NoteIamBindingArray) ToNoteIamBindingArrayOutputWithContext(ctx context.Context) NoteIamBindingArrayOutput

type NoteIamBindingArrayInput added in v6.58.0

type NoteIamBindingArrayInput interface {
	pulumi.Input

	ToNoteIamBindingArrayOutput() NoteIamBindingArrayOutput
	ToNoteIamBindingArrayOutputWithContext(context.Context) NoteIamBindingArrayOutput
}

NoteIamBindingArrayInput is an input type that accepts NoteIamBindingArray and NoteIamBindingArrayOutput values. You can construct a concrete instance of `NoteIamBindingArrayInput` via:

NoteIamBindingArray{ NoteIamBindingArgs{...} }

type NoteIamBindingArrayOutput added in v6.58.0

type NoteIamBindingArrayOutput struct{ *pulumi.OutputState }

func (NoteIamBindingArrayOutput) ElementType added in v6.58.0

func (NoteIamBindingArrayOutput) ElementType() reflect.Type

func (NoteIamBindingArrayOutput) Index added in v6.58.0

func (NoteIamBindingArrayOutput) ToNoteIamBindingArrayOutput added in v6.58.0

func (o NoteIamBindingArrayOutput) ToNoteIamBindingArrayOutput() NoteIamBindingArrayOutput

func (NoteIamBindingArrayOutput) ToNoteIamBindingArrayOutputWithContext added in v6.58.0

func (o NoteIamBindingArrayOutput) ToNoteIamBindingArrayOutputWithContext(ctx context.Context) NoteIamBindingArrayOutput

type NoteIamBindingCondition added in v6.58.0

type NoteIamBindingCondition struct {
	Description *string `pulumi:"description"`
	Expression  string  `pulumi:"expression"`
	Title       string  `pulumi:"title"`
}

type NoteIamBindingConditionArgs added in v6.58.0

type NoteIamBindingConditionArgs struct {
	Description pulumi.StringPtrInput `pulumi:"description"`
	Expression  pulumi.StringInput    `pulumi:"expression"`
	Title       pulumi.StringInput    `pulumi:"title"`
}

func (NoteIamBindingConditionArgs) ElementType added in v6.58.0

func (NoteIamBindingConditionArgs) ToNoteIamBindingConditionOutput added in v6.58.0

func (i NoteIamBindingConditionArgs) ToNoteIamBindingConditionOutput() NoteIamBindingConditionOutput

func (NoteIamBindingConditionArgs) ToNoteIamBindingConditionOutputWithContext added in v6.58.0

func (i NoteIamBindingConditionArgs) ToNoteIamBindingConditionOutputWithContext(ctx context.Context) NoteIamBindingConditionOutput

func (NoteIamBindingConditionArgs) ToNoteIamBindingConditionPtrOutput added in v6.58.0

func (i NoteIamBindingConditionArgs) ToNoteIamBindingConditionPtrOutput() NoteIamBindingConditionPtrOutput

func (NoteIamBindingConditionArgs) ToNoteIamBindingConditionPtrOutputWithContext added in v6.58.0

func (i NoteIamBindingConditionArgs) ToNoteIamBindingConditionPtrOutputWithContext(ctx context.Context) NoteIamBindingConditionPtrOutput

type NoteIamBindingConditionInput added in v6.58.0

type NoteIamBindingConditionInput interface {
	pulumi.Input

	ToNoteIamBindingConditionOutput() NoteIamBindingConditionOutput
	ToNoteIamBindingConditionOutputWithContext(context.Context) NoteIamBindingConditionOutput
}

NoteIamBindingConditionInput is an input type that accepts NoteIamBindingConditionArgs and NoteIamBindingConditionOutput values. You can construct a concrete instance of `NoteIamBindingConditionInput` via:

NoteIamBindingConditionArgs{...}

type NoteIamBindingConditionOutput added in v6.58.0

type NoteIamBindingConditionOutput struct{ *pulumi.OutputState }

func (NoteIamBindingConditionOutput) Description added in v6.58.0

func (NoteIamBindingConditionOutput) ElementType added in v6.58.0

func (NoteIamBindingConditionOutput) Expression added in v6.58.0

func (NoteIamBindingConditionOutput) Title added in v6.58.0

func (NoteIamBindingConditionOutput) ToNoteIamBindingConditionOutput added in v6.58.0

func (o NoteIamBindingConditionOutput) ToNoteIamBindingConditionOutput() NoteIamBindingConditionOutput

func (NoteIamBindingConditionOutput) ToNoteIamBindingConditionOutputWithContext added in v6.58.0

func (o NoteIamBindingConditionOutput) ToNoteIamBindingConditionOutputWithContext(ctx context.Context) NoteIamBindingConditionOutput

func (NoteIamBindingConditionOutput) ToNoteIamBindingConditionPtrOutput added in v6.58.0

func (o NoteIamBindingConditionOutput) ToNoteIamBindingConditionPtrOutput() NoteIamBindingConditionPtrOutput

func (NoteIamBindingConditionOutput) ToNoteIamBindingConditionPtrOutputWithContext added in v6.58.0

func (o NoteIamBindingConditionOutput) ToNoteIamBindingConditionPtrOutputWithContext(ctx context.Context) NoteIamBindingConditionPtrOutput

type NoteIamBindingConditionPtrInput added in v6.58.0

type NoteIamBindingConditionPtrInput interface {
	pulumi.Input

	ToNoteIamBindingConditionPtrOutput() NoteIamBindingConditionPtrOutput
	ToNoteIamBindingConditionPtrOutputWithContext(context.Context) NoteIamBindingConditionPtrOutput
}

NoteIamBindingConditionPtrInput is an input type that accepts NoteIamBindingConditionArgs, NoteIamBindingConditionPtr and NoteIamBindingConditionPtrOutput values. You can construct a concrete instance of `NoteIamBindingConditionPtrInput` via:

        NoteIamBindingConditionArgs{...}

or:

        nil

func NoteIamBindingConditionPtr added in v6.58.0

func NoteIamBindingConditionPtr(v *NoteIamBindingConditionArgs) NoteIamBindingConditionPtrInput

type NoteIamBindingConditionPtrOutput added in v6.58.0

type NoteIamBindingConditionPtrOutput struct{ *pulumi.OutputState }

func (NoteIamBindingConditionPtrOutput) Description added in v6.58.0

func (NoteIamBindingConditionPtrOutput) Elem added in v6.58.0

func (NoteIamBindingConditionPtrOutput) ElementType added in v6.58.0

func (NoteIamBindingConditionPtrOutput) Expression added in v6.58.0

func (NoteIamBindingConditionPtrOutput) Title added in v6.58.0

func (NoteIamBindingConditionPtrOutput) ToNoteIamBindingConditionPtrOutput added in v6.58.0

func (o NoteIamBindingConditionPtrOutput) ToNoteIamBindingConditionPtrOutput() NoteIamBindingConditionPtrOutput

func (NoteIamBindingConditionPtrOutput) ToNoteIamBindingConditionPtrOutputWithContext added in v6.58.0

func (o NoteIamBindingConditionPtrOutput) ToNoteIamBindingConditionPtrOutputWithContext(ctx context.Context) NoteIamBindingConditionPtrOutput

type NoteIamBindingInput added in v6.58.0

type NoteIamBindingInput interface {
	pulumi.Input

	ToNoteIamBindingOutput() NoteIamBindingOutput
	ToNoteIamBindingOutputWithContext(ctx context.Context) NoteIamBindingOutput
}

type NoteIamBindingMap added in v6.58.0

type NoteIamBindingMap map[string]NoteIamBindingInput

func (NoteIamBindingMap) ElementType added in v6.58.0

func (NoteIamBindingMap) ElementType() reflect.Type

func (NoteIamBindingMap) ToNoteIamBindingMapOutput added in v6.58.0

func (i NoteIamBindingMap) ToNoteIamBindingMapOutput() NoteIamBindingMapOutput

func (NoteIamBindingMap) ToNoteIamBindingMapOutputWithContext added in v6.58.0

func (i NoteIamBindingMap) ToNoteIamBindingMapOutputWithContext(ctx context.Context) NoteIamBindingMapOutput

type NoteIamBindingMapInput added in v6.58.0

type NoteIamBindingMapInput interface {
	pulumi.Input

	ToNoteIamBindingMapOutput() NoteIamBindingMapOutput
	ToNoteIamBindingMapOutputWithContext(context.Context) NoteIamBindingMapOutput
}

NoteIamBindingMapInput is an input type that accepts NoteIamBindingMap and NoteIamBindingMapOutput values. You can construct a concrete instance of `NoteIamBindingMapInput` via:

NoteIamBindingMap{ "key": NoteIamBindingArgs{...} }

type NoteIamBindingMapOutput added in v6.58.0

type NoteIamBindingMapOutput struct{ *pulumi.OutputState }

func (NoteIamBindingMapOutput) ElementType added in v6.58.0

func (NoteIamBindingMapOutput) ElementType() reflect.Type

func (NoteIamBindingMapOutput) MapIndex added in v6.58.0

func (NoteIamBindingMapOutput) ToNoteIamBindingMapOutput added in v6.58.0

func (o NoteIamBindingMapOutput) ToNoteIamBindingMapOutput() NoteIamBindingMapOutput

func (NoteIamBindingMapOutput) ToNoteIamBindingMapOutputWithContext added in v6.58.0

func (o NoteIamBindingMapOutput) ToNoteIamBindingMapOutputWithContext(ctx context.Context) NoteIamBindingMapOutput

type NoteIamBindingOutput added in v6.58.0

type NoteIamBindingOutput struct{ *pulumi.OutputState }

func (NoteIamBindingOutput) Condition added in v6.58.0

func (NoteIamBindingOutput) ElementType added in v6.58.0

func (NoteIamBindingOutput) ElementType() reflect.Type

func (NoteIamBindingOutput) Etag added in v6.58.0

(Computed) The etag of the IAM policy.

func (NoteIamBindingOutput) Members added in v6.58.0

func (NoteIamBindingOutput) Note added in v6.58.0

Used to find the parent resource to bind the IAM policy to

func (NoteIamBindingOutput) Project added in v6.58.0

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

  • `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
  • **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
  • **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
  • **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
  • **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
  • **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
  • **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
  • **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
  • **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"

func (NoteIamBindingOutput) Role added in v6.58.0

The role that should be applied. Only one `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (NoteIamBindingOutput) ToNoteIamBindingOutput added in v6.58.0

func (o NoteIamBindingOutput) ToNoteIamBindingOutput() NoteIamBindingOutput

func (NoteIamBindingOutput) ToNoteIamBindingOutputWithContext added in v6.58.0

func (o NoteIamBindingOutput) ToNoteIamBindingOutputWithContext(ctx context.Context) NoteIamBindingOutput

type NoteIamBindingState added in v6.58.0

type NoteIamBindingState struct {
	Condition NoteIamBindingConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag    pulumi.StringPtrInput
	Members pulumi.StringArrayInput
	// Used to find the parent resource to bind the IAM policy to
	Note pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	//
	// * `member/members` - (Required) Identities that will be granted the privilege in `role`.
	//   Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (NoteIamBindingState) ElementType added in v6.58.0

func (NoteIamBindingState) ElementType() reflect.Type

type NoteIamMember added in v6.58.0

type NoteIamMember struct {
	pulumi.CustomResourceState

	Condition NoteIamMemberConditionPtrOutput `pulumi:"condition"`
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringOutput `pulumi:"etag"`
	Member pulumi.StringOutput `pulumi:"member"`
	// Used to find the parent resource to bind the IAM policy to
	Note pulumi.StringOutput `pulumi:"note"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	//
	// * `member/members` - (Required) Identities that will be granted the privilege in `role`.
	//   Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Project pulumi.StringOutput `pulumi:"project"`
	// The role that should be applied. Only one
	// `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringOutput `pulumi:"role"`
}

Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:

* `containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached. * `containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved. * `containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.

A data source can be used to retrieve policy data in advent you do not need creation

* `containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note

> **Note:** `containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `containeranalysis.NoteIamBinding` and `containeranalysis.NoteIamMember` or they will fight over what your policy should be.

> **Note:** `containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.

## google\_container\_analysis\_note\_iam\_policy

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/containeranalysis"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/containeranalysis.notes.occurrences.viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = containeranalysis.NewNoteIamPolicy(ctx, "policy", &containeranalysis.NoteIamPolicyArgs{
			Project:    pulumi.Any(google_container_analysis_note.Note.Project),
			Note:       pulumi.Any(google_container_analysis_note.Note.Name),
			PolicyData: *pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_container\_analysis\_note\_iam\_binding

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/containeranalysis"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := containeranalysis.NewNoteIamBinding(ctx, "binding", &containeranalysis.NoteIamBindingArgs{
			Project: pulumi.Any(google_container_analysis_note.Note.Project),
			Note:    pulumi.Any(google_container_analysis_note.Note.Name),
			Role:    pulumi.String("roles/containeranalysis.notes.occurrences.viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_container\_analysis\_note\_iam\_member

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/containeranalysis"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := containeranalysis.NewNoteIamMember(ctx, "member", &containeranalysis.NoteIamMemberArgs{
			Project: pulumi.Any(google_container_analysis_note.Note.Project),
			Note:    pulumi.Any(google_container_analysis_note.Note.Name),
			Role:    pulumi.String("roles/containeranalysis.notes.occurrences.viewer"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/notes/{{name}} * {{project}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Container Registry note IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh

$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor "projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com"

```

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh

$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor "projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer"

```

IAM policy imports use the identifier of the resource in question, e.g.

```sh

$ pulumi import gcp:containeranalysis/noteIamMember:NoteIamMember editor projects/{{project}}/notes/{{note}}

```

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetNoteIamMember added in v6.58.0

func GetNoteIamMember(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *NoteIamMemberState, opts ...pulumi.ResourceOption) (*NoteIamMember, error)

GetNoteIamMember gets an existing NoteIamMember resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewNoteIamMember added in v6.58.0

func NewNoteIamMember(ctx *pulumi.Context,
	name string, args *NoteIamMemberArgs, opts ...pulumi.ResourceOption) (*NoteIamMember, error)

NewNoteIamMember registers a new resource with the given unique name, arguments, and options.

func (*NoteIamMember) ElementType added in v6.58.0

func (*NoteIamMember) ElementType() reflect.Type

func (*NoteIamMember) ToNoteIamMemberOutput added in v6.58.0

func (i *NoteIamMember) ToNoteIamMemberOutput() NoteIamMemberOutput

func (*NoteIamMember) ToNoteIamMemberOutputWithContext added in v6.58.0

func (i *NoteIamMember) ToNoteIamMemberOutputWithContext(ctx context.Context) NoteIamMemberOutput

type NoteIamMemberArgs added in v6.58.0

type NoteIamMemberArgs struct {
	Condition NoteIamMemberConditionPtrInput
	Member    pulumi.StringInput
	// Used to find the parent resource to bind the IAM policy to
	Note pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	//
	// * `member/members` - (Required) Identities that will be granted the privilege in `role`.
	//   Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringInput
}

The set of arguments for constructing a NoteIamMember resource.

func (NoteIamMemberArgs) ElementType added in v6.58.0

func (NoteIamMemberArgs) ElementType() reflect.Type

type NoteIamMemberArray added in v6.58.0

type NoteIamMemberArray []NoteIamMemberInput

func (NoteIamMemberArray) ElementType added in v6.58.0

func (NoteIamMemberArray) ElementType() reflect.Type

func (NoteIamMemberArray) ToNoteIamMemberArrayOutput added in v6.58.0

func (i NoteIamMemberArray) ToNoteIamMemberArrayOutput() NoteIamMemberArrayOutput

func (NoteIamMemberArray) ToNoteIamMemberArrayOutputWithContext added in v6.58.0

func (i NoteIamMemberArray) ToNoteIamMemberArrayOutputWithContext(ctx context.Context) NoteIamMemberArrayOutput

type NoteIamMemberArrayInput added in v6.58.0

type NoteIamMemberArrayInput interface {
	pulumi.Input

	ToNoteIamMemberArrayOutput() NoteIamMemberArrayOutput
	ToNoteIamMemberArrayOutputWithContext(context.Context) NoteIamMemberArrayOutput
}

NoteIamMemberArrayInput is an input type that accepts NoteIamMemberArray and NoteIamMemberArrayOutput values. You can construct a concrete instance of `NoteIamMemberArrayInput` via:

NoteIamMemberArray{ NoteIamMemberArgs{...} }

type NoteIamMemberArrayOutput added in v6.58.0

type NoteIamMemberArrayOutput struct{ *pulumi.OutputState }

func (NoteIamMemberArrayOutput) ElementType added in v6.58.0

func (NoteIamMemberArrayOutput) ElementType() reflect.Type

func (NoteIamMemberArrayOutput) Index added in v6.58.0

func (NoteIamMemberArrayOutput) ToNoteIamMemberArrayOutput added in v6.58.0

func (o NoteIamMemberArrayOutput) ToNoteIamMemberArrayOutput() NoteIamMemberArrayOutput

func (NoteIamMemberArrayOutput) ToNoteIamMemberArrayOutputWithContext added in v6.58.0

func (o NoteIamMemberArrayOutput) ToNoteIamMemberArrayOutputWithContext(ctx context.Context) NoteIamMemberArrayOutput

type NoteIamMemberCondition added in v6.58.0

type NoteIamMemberCondition struct {
	Description *string `pulumi:"description"`
	Expression  string  `pulumi:"expression"`
	Title       string  `pulumi:"title"`
}

type NoteIamMemberConditionArgs added in v6.58.0

type NoteIamMemberConditionArgs struct {
	Description pulumi.StringPtrInput `pulumi:"description"`
	Expression  pulumi.StringInput    `pulumi:"expression"`
	Title       pulumi.StringInput    `pulumi:"title"`
}

func (NoteIamMemberConditionArgs) ElementType added in v6.58.0

func (NoteIamMemberConditionArgs) ElementType() reflect.Type

func (NoteIamMemberConditionArgs) ToNoteIamMemberConditionOutput added in v6.58.0

func (i NoteIamMemberConditionArgs) ToNoteIamMemberConditionOutput() NoteIamMemberConditionOutput

func (NoteIamMemberConditionArgs) ToNoteIamMemberConditionOutputWithContext added in v6.58.0

func (i NoteIamMemberConditionArgs) ToNoteIamMemberConditionOutputWithContext(ctx context.Context) NoteIamMemberConditionOutput

func (NoteIamMemberConditionArgs) ToNoteIamMemberConditionPtrOutput added in v6.58.0

func (i NoteIamMemberConditionArgs) ToNoteIamMemberConditionPtrOutput() NoteIamMemberConditionPtrOutput

func (NoteIamMemberConditionArgs) ToNoteIamMemberConditionPtrOutputWithContext added in v6.58.0

func (i NoteIamMemberConditionArgs) ToNoteIamMemberConditionPtrOutputWithContext(ctx context.Context) NoteIamMemberConditionPtrOutput

type NoteIamMemberConditionInput added in v6.58.0

type NoteIamMemberConditionInput interface {
	pulumi.Input

	ToNoteIamMemberConditionOutput() NoteIamMemberConditionOutput
	ToNoteIamMemberConditionOutputWithContext(context.Context) NoteIamMemberConditionOutput
}

NoteIamMemberConditionInput is an input type that accepts NoteIamMemberConditionArgs and NoteIamMemberConditionOutput values. You can construct a concrete instance of `NoteIamMemberConditionInput` via:

NoteIamMemberConditionArgs{...}

type NoteIamMemberConditionOutput added in v6.58.0

type NoteIamMemberConditionOutput struct{ *pulumi.OutputState }

func (NoteIamMemberConditionOutput) Description added in v6.58.0

func (NoteIamMemberConditionOutput) ElementType added in v6.58.0

func (NoteIamMemberConditionOutput) Expression added in v6.58.0

func (NoteIamMemberConditionOutput) Title added in v6.58.0

func (NoteIamMemberConditionOutput) ToNoteIamMemberConditionOutput added in v6.58.0

func (o NoteIamMemberConditionOutput) ToNoteIamMemberConditionOutput() NoteIamMemberConditionOutput

func (NoteIamMemberConditionOutput) ToNoteIamMemberConditionOutputWithContext added in v6.58.0

func (o NoteIamMemberConditionOutput) ToNoteIamMemberConditionOutputWithContext(ctx context.Context) NoteIamMemberConditionOutput

func (NoteIamMemberConditionOutput) ToNoteIamMemberConditionPtrOutput added in v6.58.0

func (o NoteIamMemberConditionOutput) ToNoteIamMemberConditionPtrOutput() NoteIamMemberConditionPtrOutput

func (NoteIamMemberConditionOutput) ToNoteIamMemberConditionPtrOutputWithContext added in v6.58.0

func (o NoteIamMemberConditionOutput) ToNoteIamMemberConditionPtrOutputWithContext(ctx context.Context) NoteIamMemberConditionPtrOutput

type NoteIamMemberConditionPtrInput added in v6.58.0

type NoteIamMemberConditionPtrInput interface {
	pulumi.Input

	ToNoteIamMemberConditionPtrOutput() NoteIamMemberConditionPtrOutput
	ToNoteIamMemberConditionPtrOutputWithContext(context.Context) NoteIamMemberConditionPtrOutput
}

NoteIamMemberConditionPtrInput is an input type that accepts NoteIamMemberConditionArgs, NoteIamMemberConditionPtr and NoteIamMemberConditionPtrOutput values. You can construct a concrete instance of `NoteIamMemberConditionPtrInput` via:

        NoteIamMemberConditionArgs{...}

or:

        nil

func NoteIamMemberConditionPtr added in v6.58.0

func NoteIamMemberConditionPtr(v *NoteIamMemberConditionArgs) NoteIamMemberConditionPtrInput

type NoteIamMemberConditionPtrOutput added in v6.58.0

type NoteIamMemberConditionPtrOutput struct{ *pulumi.OutputState }

func (NoteIamMemberConditionPtrOutput) Description added in v6.58.0

func (NoteIamMemberConditionPtrOutput) Elem added in v6.58.0

func (NoteIamMemberConditionPtrOutput) ElementType added in v6.58.0

func (NoteIamMemberConditionPtrOutput) Expression added in v6.58.0

func (NoteIamMemberConditionPtrOutput) Title added in v6.58.0

func (NoteIamMemberConditionPtrOutput) ToNoteIamMemberConditionPtrOutput added in v6.58.0

func (o NoteIamMemberConditionPtrOutput) ToNoteIamMemberConditionPtrOutput() NoteIamMemberConditionPtrOutput

func (NoteIamMemberConditionPtrOutput) ToNoteIamMemberConditionPtrOutputWithContext added in v6.58.0

func (o NoteIamMemberConditionPtrOutput) ToNoteIamMemberConditionPtrOutputWithContext(ctx context.Context) NoteIamMemberConditionPtrOutput

type NoteIamMemberInput added in v6.58.0

type NoteIamMemberInput interface {
	pulumi.Input

	ToNoteIamMemberOutput() NoteIamMemberOutput
	ToNoteIamMemberOutputWithContext(ctx context.Context) NoteIamMemberOutput
}

type NoteIamMemberMap added in v6.58.0

type NoteIamMemberMap map[string]NoteIamMemberInput

func (NoteIamMemberMap) ElementType added in v6.58.0

func (NoteIamMemberMap) ElementType() reflect.Type

func (NoteIamMemberMap) ToNoteIamMemberMapOutput added in v6.58.0

func (i NoteIamMemberMap) ToNoteIamMemberMapOutput() NoteIamMemberMapOutput

func (NoteIamMemberMap) ToNoteIamMemberMapOutputWithContext added in v6.58.0

func (i NoteIamMemberMap) ToNoteIamMemberMapOutputWithContext(ctx context.Context) NoteIamMemberMapOutput

type NoteIamMemberMapInput added in v6.58.0

type NoteIamMemberMapInput interface {
	pulumi.Input

	ToNoteIamMemberMapOutput() NoteIamMemberMapOutput
	ToNoteIamMemberMapOutputWithContext(context.Context) NoteIamMemberMapOutput
}

NoteIamMemberMapInput is an input type that accepts NoteIamMemberMap and NoteIamMemberMapOutput values. You can construct a concrete instance of `NoteIamMemberMapInput` via:

NoteIamMemberMap{ "key": NoteIamMemberArgs{...} }

type NoteIamMemberMapOutput added in v6.58.0

type NoteIamMemberMapOutput struct{ *pulumi.OutputState }

func (NoteIamMemberMapOutput) ElementType added in v6.58.0

func (NoteIamMemberMapOutput) ElementType() reflect.Type

func (NoteIamMemberMapOutput) MapIndex added in v6.58.0

func (NoteIamMemberMapOutput) ToNoteIamMemberMapOutput added in v6.58.0

func (o NoteIamMemberMapOutput) ToNoteIamMemberMapOutput() NoteIamMemberMapOutput

func (NoteIamMemberMapOutput) ToNoteIamMemberMapOutputWithContext added in v6.58.0

func (o NoteIamMemberMapOutput) ToNoteIamMemberMapOutputWithContext(ctx context.Context) NoteIamMemberMapOutput

type NoteIamMemberOutput added in v6.58.0

type NoteIamMemberOutput struct{ *pulumi.OutputState }

func (NoteIamMemberOutput) Condition added in v6.58.0

func (NoteIamMemberOutput) ElementType added in v6.58.0

func (NoteIamMemberOutput) ElementType() reflect.Type

func (NoteIamMemberOutput) Etag added in v6.58.0

(Computed) The etag of the IAM policy.

func (NoteIamMemberOutput) Member added in v6.58.0

func (NoteIamMemberOutput) Note added in v6.58.0

Used to find the parent resource to bind the IAM policy to

func (NoteIamMemberOutput) Project added in v6.58.0

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

  • `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
  • **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
  • **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
  • **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
  • **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
  • **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
  • **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
  • **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
  • **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"

func (NoteIamMemberOutput) Role added in v6.58.0

The role that should be applied. Only one `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format `[projects|organizations]/{parent-name}/roles/{role-name}`.

func (NoteIamMemberOutput) ToNoteIamMemberOutput added in v6.58.0

func (o NoteIamMemberOutput) ToNoteIamMemberOutput() NoteIamMemberOutput

func (NoteIamMemberOutput) ToNoteIamMemberOutputWithContext added in v6.58.0

func (o NoteIamMemberOutput) ToNoteIamMemberOutputWithContext(ctx context.Context) NoteIamMemberOutput

type NoteIamMemberState added in v6.58.0

type NoteIamMemberState struct {
	Condition NoteIamMemberConditionPtrInput
	// (Computed) The etag of the IAM policy.
	Etag   pulumi.StringPtrInput
	Member pulumi.StringPtrInput
	// Used to find the parent resource to bind the IAM policy to
	Note pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	//
	// * `member/members` - (Required) Identities that will be granted the privilege in `role`.
	//   Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Project pulumi.StringPtrInput
	// The role that should be applied. Only one
	// `containeranalysis.NoteIamBinding` can be used per role. Note that custom roles must be of the format
	// `[projects|organizations]/{parent-name}/roles/{role-name}`.
	Role pulumi.StringPtrInput
}

func (NoteIamMemberState) ElementType added in v6.58.0

func (NoteIamMemberState) ElementType() reflect.Type

type NoteIamPolicy added in v6.58.0

type NoteIamPolicy struct {
	pulumi.CustomResourceState

	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringOutput `pulumi:"etag"`
	// Used to find the parent resource to bind the IAM policy to
	Note pulumi.StringOutput `pulumi:"note"`
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringOutput `pulumi:"policyData"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	//
	// * `member/members` - (Required) Identities that will be granted the privilege in `role`.
	//   Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Project pulumi.StringOutput `pulumi:"project"`
}

Three different resources help you manage your IAM policy for Container Registry Note. Each of these resources serves a different use case:

* `containeranalysis.NoteIamPolicy`: Authoritative. Sets the IAM policy for the note and replaces any existing policy already attached. * `containeranalysis.NoteIamBinding`: Authoritative for a given role. Updates the IAM policy to grant a role to a list of members. Other roles within the IAM policy for the note are preserved. * `containeranalysis.NoteIamMember`: Non-authoritative. Updates the IAM policy to grant a role to a new member. Other members for the role for the note are preserved.

A data source can be used to retrieve policy data in advent you do not need creation

* `containeranalysis.NoteIamPolicy`: Retrieves the IAM policy for the note

> **Note:** `containeranalysis.NoteIamPolicy` **cannot** be used in conjunction with `containeranalysis.NoteIamBinding` and `containeranalysis.NoteIamMember` or they will fight over what your policy should be.

> **Note:** `containeranalysis.NoteIamBinding` resources **can be** used in conjunction with `containeranalysis.NoteIamMember` resources **only if** they do not grant privilege to the same role.

## google\_container\_analysis\_note\_iam\_policy

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/containeranalysis"
"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/organizations"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		admin, err := organizations.LookupIAMPolicy(ctx, &organizations.LookupIAMPolicyArgs{
			Bindings: []organizations.GetIAMPolicyBinding{
				{
					Role: "roles/containeranalysis.notes.occurrences.viewer",
					Members: []string{
						"user:jane@example.com",
					},
				},
			},
		}, nil)
		if err != nil {
			return err
		}
		_, err = containeranalysis.NewNoteIamPolicy(ctx, "policy", &containeranalysis.NoteIamPolicyArgs{
			Project:    pulumi.Any(google_container_analysis_note.Note.Project),
			Note:       pulumi.Any(google_container_analysis_note.Note.Name),
			PolicyData: *pulumi.String(admin.PolicyData),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_container\_analysis\_note\_iam\_binding

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/containeranalysis"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := containeranalysis.NewNoteIamBinding(ctx, "binding", &containeranalysis.NoteIamBindingArgs{
			Project: pulumi.Any(google_container_analysis_note.Note.Project),
			Note:    pulumi.Any(google_container_analysis_note.Note.Name),
			Role:    pulumi.String("roles/containeranalysis.notes.occurrences.viewer"),
			Members: pulumi.StringArray{
				pulumi.String("user:jane@example.com"),
			},
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## google\_container\_analysis\_note\_iam\_member

```go package main

import (

"github.com/pulumi/pulumi-gcp/sdk/v6/go/gcp/containeranalysis"
"github.com/pulumi/pulumi/sdk/v3/go/pulumi"

)

func main() {
	pulumi.Run(func(ctx *pulumi.Context) error {
		_, err := containeranalysis.NewNoteIamMember(ctx, "member", &containeranalysis.NoteIamMemberArgs{
			Project: pulumi.Any(google_container_analysis_note.Note.Project),
			Note:    pulumi.Any(google_container_analysis_note.Note.Name),
			Role:    pulumi.String("roles/containeranalysis.notes.occurrences.viewer"),
			Member:  pulumi.String("user:jane@example.com"),
		})
		if err != nil {
			return err
		}
		return nil
	})
}

```

## Import

For all import syntaxes, the "resource in question" can take any of the following forms* projects/{{project}}/notes/{{name}} * {{project}}/{{name}} * {{name}} Any variables not passed in the import command will be taken from the provider configuration. Container Registry note IAM resources can be imported using the resource identifiers, role, and member. IAM member imports use space-delimited identifiersthe resource in question, the role, and the member identity, e.g.

```sh

$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor "projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer user:jane@example.com"

```

IAM binding imports use space-delimited identifiersthe resource in question and the role, e.g.

```sh

$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor "projects/{{project}}/notes/{{note}} roles/containeranalysis.notes.occurrences.viewer"

```

IAM policy imports use the identifier of the resource in question, e.g.

```sh

$ pulumi import gcp:containeranalysis/noteIamPolicy:NoteIamPolicy editor projects/{{project}}/notes/{{note}}

```

-> **Custom Roles**If you're importing a IAM resource with a custom role, make sure to use the

full name of the custom role, e.g. `[projects/my-project|organizations/my-org]/roles/my-custom-role`.

func GetNoteIamPolicy added in v6.58.0

func GetNoteIamPolicy(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *NoteIamPolicyState, opts ...pulumi.ResourceOption) (*NoteIamPolicy, error)

GetNoteIamPolicy gets an existing NoteIamPolicy resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewNoteIamPolicy added in v6.58.0

func NewNoteIamPolicy(ctx *pulumi.Context,
	name string, args *NoteIamPolicyArgs, opts ...pulumi.ResourceOption) (*NoteIamPolicy, error)

NewNoteIamPolicy registers a new resource with the given unique name, arguments, and options.

func (*NoteIamPolicy) ElementType added in v6.58.0

func (*NoteIamPolicy) ElementType() reflect.Type

func (*NoteIamPolicy) ToNoteIamPolicyOutput added in v6.58.0

func (i *NoteIamPolicy) ToNoteIamPolicyOutput() NoteIamPolicyOutput

func (*NoteIamPolicy) ToNoteIamPolicyOutputWithContext added in v6.58.0

func (i *NoteIamPolicy) ToNoteIamPolicyOutputWithContext(ctx context.Context) NoteIamPolicyOutput

type NoteIamPolicyArgs added in v6.58.0

type NoteIamPolicyArgs struct {
	// Used to find the parent resource to bind the IAM policy to
	Note pulumi.StringInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	//
	// * `member/members` - (Required) Identities that will be granted the privilege in `role`.
	//   Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Project pulumi.StringPtrInput
}

The set of arguments for constructing a NoteIamPolicy resource.

func (NoteIamPolicyArgs) ElementType added in v6.58.0

func (NoteIamPolicyArgs) ElementType() reflect.Type

type NoteIamPolicyArray added in v6.58.0

type NoteIamPolicyArray []NoteIamPolicyInput

func (NoteIamPolicyArray) ElementType added in v6.58.0

func (NoteIamPolicyArray) ElementType() reflect.Type

func (NoteIamPolicyArray) ToNoteIamPolicyArrayOutput added in v6.58.0

func (i NoteIamPolicyArray) ToNoteIamPolicyArrayOutput() NoteIamPolicyArrayOutput

func (NoteIamPolicyArray) ToNoteIamPolicyArrayOutputWithContext added in v6.58.0

func (i NoteIamPolicyArray) ToNoteIamPolicyArrayOutputWithContext(ctx context.Context) NoteIamPolicyArrayOutput

type NoteIamPolicyArrayInput added in v6.58.0

type NoteIamPolicyArrayInput interface {
	pulumi.Input

	ToNoteIamPolicyArrayOutput() NoteIamPolicyArrayOutput
	ToNoteIamPolicyArrayOutputWithContext(context.Context) NoteIamPolicyArrayOutput
}

NoteIamPolicyArrayInput is an input type that accepts NoteIamPolicyArray and NoteIamPolicyArrayOutput values. You can construct a concrete instance of `NoteIamPolicyArrayInput` via:

NoteIamPolicyArray{ NoteIamPolicyArgs{...} }

type NoteIamPolicyArrayOutput added in v6.58.0

type NoteIamPolicyArrayOutput struct{ *pulumi.OutputState }

func (NoteIamPolicyArrayOutput) ElementType added in v6.58.0

func (NoteIamPolicyArrayOutput) ElementType() reflect.Type

func (NoteIamPolicyArrayOutput) Index added in v6.58.0

func (NoteIamPolicyArrayOutput) ToNoteIamPolicyArrayOutput added in v6.58.0

func (o NoteIamPolicyArrayOutput) ToNoteIamPolicyArrayOutput() NoteIamPolicyArrayOutput

func (NoteIamPolicyArrayOutput) ToNoteIamPolicyArrayOutputWithContext added in v6.58.0

func (o NoteIamPolicyArrayOutput) ToNoteIamPolicyArrayOutputWithContext(ctx context.Context) NoteIamPolicyArrayOutput

type NoteIamPolicyInput added in v6.58.0

type NoteIamPolicyInput interface {
	pulumi.Input

	ToNoteIamPolicyOutput() NoteIamPolicyOutput
	ToNoteIamPolicyOutputWithContext(ctx context.Context) NoteIamPolicyOutput
}

type NoteIamPolicyMap added in v6.58.0

type NoteIamPolicyMap map[string]NoteIamPolicyInput

func (NoteIamPolicyMap) ElementType added in v6.58.0

func (NoteIamPolicyMap) ElementType() reflect.Type

func (NoteIamPolicyMap) ToNoteIamPolicyMapOutput added in v6.58.0

func (i NoteIamPolicyMap) ToNoteIamPolicyMapOutput() NoteIamPolicyMapOutput

func (NoteIamPolicyMap) ToNoteIamPolicyMapOutputWithContext added in v6.58.0

func (i NoteIamPolicyMap) ToNoteIamPolicyMapOutputWithContext(ctx context.Context) NoteIamPolicyMapOutput

type NoteIamPolicyMapInput added in v6.58.0

type NoteIamPolicyMapInput interface {
	pulumi.Input

	ToNoteIamPolicyMapOutput() NoteIamPolicyMapOutput
	ToNoteIamPolicyMapOutputWithContext(context.Context) NoteIamPolicyMapOutput
}

NoteIamPolicyMapInput is an input type that accepts NoteIamPolicyMap and NoteIamPolicyMapOutput values. You can construct a concrete instance of `NoteIamPolicyMapInput` via:

NoteIamPolicyMap{ "key": NoteIamPolicyArgs{...} }

type NoteIamPolicyMapOutput added in v6.58.0

type NoteIamPolicyMapOutput struct{ *pulumi.OutputState }

func (NoteIamPolicyMapOutput) ElementType added in v6.58.0

func (NoteIamPolicyMapOutput) ElementType() reflect.Type

func (NoteIamPolicyMapOutput) MapIndex added in v6.58.0

func (NoteIamPolicyMapOutput) ToNoteIamPolicyMapOutput added in v6.58.0

func (o NoteIamPolicyMapOutput) ToNoteIamPolicyMapOutput() NoteIamPolicyMapOutput

func (NoteIamPolicyMapOutput) ToNoteIamPolicyMapOutputWithContext added in v6.58.0

func (o NoteIamPolicyMapOutput) ToNoteIamPolicyMapOutputWithContext(ctx context.Context) NoteIamPolicyMapOutput

type NoteIamPolicyOutput added in v6.58.0

type NoteIamPolicyOutput struct{ *pulumi.OutputState }

func (NoteIamPolicyOutput) ElementType added in v6.58.0

func (NoteIamPolicyOutput) ElementType() reflect.Type

func (NoteIamPolicyOutput) Etag added in v6.58.0

(Computed) The etag of the IAM policy.

func (NoteIamPolicyOutput) Note added in v6.58.0

Used to find the parent resource to bind the IAM policy to

func (NoteIamPolicyOutput) PolicyData added in v6.58.0

func (o NoteIamPolicyOutput) PolicyData() pulumi.StringOutput

The policy data generated by a `organizations.getIAMPolicy` data source.

func (NoteIamPolicyOutput) Project added in v6.58.0

The ID of the project in which the resource belongs. If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.

  • `member/members` - (Required) Identities that will be granted the privilege in `role`. Each entry can have one of the following values:
  • **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
  • **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
  • **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
  • **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
  • **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
  • **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
  • **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
  • **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
  • **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"

func (NoteIamPolicyOutput) ToNoteIamPolicyOutput added in v6.58.0

func (o NoteIamPolicyOutput) ToNoteIamPolicyOutput() NoteIamPolicyOutput

func (NoteIamPolicyOutput) ToNoteIamPolicyOutputWithContext added in v6.58.0

func (o NoteIamPolicyOutput) ToNoteIamPolicyOutputWithContext(ctx context.Context) NoteIamPolicyOutput

type NoteIamPolicyState added in v6.58.0

type NoteIamPolicyState struct {
	// (Computed) The etag of the IAM policy.
	Etag pulumi.StringPtrInput
	// Used to find the parent resource to bind the IAM policy to
	Note pulumi.StringPtrInput
	// The policy data generated by
	// a `organizations.getIAMPolicy` data source.
	PolicyData pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the project will be parsed from the identifier of the parent resource. If no project is provided in the parent identifier and no project is specified, the provider project is used.
	//
	// * `member/members` - (Required) Identities that will be granted the privilege in `role`.
	//   Each entry can have one of the following values:
	// * **allUsers**: A special identifier that represents anyone who is on the internet; with or without a Google account.
	// * **allAuthenticatedUsers**: A special identifier that represents anyone who is authenticated with a Google account or a service account.
	// * **user:{emailid}**: An email address that represents a specific Google account. For example, alice@gmail.com or joe@example.com.
	// * **serviceAccount:{emailid}**: An email address that represents a service account. For example, my-other-app@appspot.gserviceaccount.com.
	// * **group:{emailid}**: An email address that represents a Google group. For example, admins@example.com.
	// * **domain:{domain}**: A G Suite domain (primary, instead of alias) name that represents all the users of that domain. For example, google.com or example.com.
	// * **projectOwner:projectid**: Owners of the given project. For example, "projectOwner:my-example-project"
	// * **projectEditor:projectid**: Editors of the given project. For example, "projectEditor:my-example-project"
	// * **projectViewer:projectid**: Viewers of the given project. For example, "projectViewer:my-example-project"
	Project pulumi.StringPtrInput
}

func (NoteIamPolicyState) ElementType added in v6.58.0

func (NoteIamPolicyState) ElementType() reflect.Type

type NoteInput

type NoteInput interface {
	pulumi.Input

	ToNoteOutput() NoteOutput
	ToNoteOutputWithContext(ctx context.Context) NoteOutput
}

type NoteMap

type NoteMap map[string]NoteInput

func (NoteMap) ElementType

func (NoteMap) ElementType() reflect.Type

func (NoteMap) ToNoteMapOutput

func (i NoteMap) ToNoteMapOutput() NoteMapOutput

func (NoteMap) ToNoteMapOutputWithContext

func (i NoteMap) ToNoteMapOutputWithContext(ctx context.Context) NoteMapOutput

type NoteMapInput

type NoteMapInput interface {
	pulumi.Input

	ToNoteMapOutput() NoteMapOutput
	ToNoteMapOutputWithContext(context.Context) NoteMapOutput
}

NoteMapInput is an input type that accepts NoteMap and NoteMapOutput values. You can construct a concrete instance of `NoteMapInput` via:

NoteMap{ "key": NoteArgs{...} }

type NoteMapOutput

type NoteMapOutput struct{ *pulumi.OutputState }

func (NoteMapOutput) ElementType

func (NoteMapOutput) ElementType() reflect.Type

func (NoteMapOutput) MapIndex

func (NoteMapOutput) ToNoteMapOutput

func (o NoteMapOutput) ToNoteMapOutput() NoteMapOutput

func (NoteMapOutput) ToNoteMapOutputWithContext

func (o NoteMapOutput) ToNoteMapOutputWithContext(ctx context.Context) NoteMapOutput

type NoteOutput

type NoteOutput struct{ *pulumi.OutputState }

func (NoteOutput) AttestationAuthority added in v6.23.0

func (o NoteOutput) AttestationAuthority() NoteAttestationAuthorityOutput

Note kind that represents a logical attestation "role" or "authority". For example, an organization might have one AttestationAuthority for "QA" and one for "build". This Note is intended to act strictly as a grouping mechanism for the attached Occurrences (Attestations). This grouping mechanism also provides a security boundary, since IAM ACLs gate the ability for a principle to attach an Occurrence to a given Note. It also provides a single point of lookup to find all attached Attestation Occurrences, even if they don't all live in the same project. Structure is documented below.

func (NoteOutput) CreateTime added in v6.23.0

func (o NoteOutput) CreateTime() pulumi.StringOutput

The time this note was created.

func (NoteOutput) ElementType

func (NoteOutput) ElementType() reflect.Type

func (NoteOutput) ExpirationTime added in v6.23.0

func (o NoteOutput) ExpirationTime() pulumi.StringPtrOutput

Time of expiration for this note. Leave empty if note does not expire.

func (NoteOutput) Kind added in v6.23.0

func (o NoteOutput) Kind() pulumi.StringOutput

The type of analysis this note describes

func (NoteOutput) LongDescription added in v6.23.0

func (o NoteOutput) LongDescription() pulumi.StringPtrOutput

A detailed description of the note

func (NoteOutput) Name added in v6.23.0

func (o NoteOutput) Name() pulumi.StringOutput

The name of the note.

func (NoteOutput) Project added in v6.23.0

func (o NoteOutput) Project() pulumi.StringOutput

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

func (NoteOutput) RelatedNoteNames added in v6.23.0

func (o NoteOutput) RelatedNoteNames() pulumi.StringArrayOutput

Names of other notes related to this note.

func (NoteOutput) RelatedUrls added in v6.23.0

func (o NoteOutput) RelatedUrls() NoteRelatedUrlArrayOutput

URLs associated with this note and related metadata. Structure is documented below.

func (NoteOutput) ShortDescription added in v6.23.0

func (o NoteOutput) ShortDescription() pulumi.StringPtrOutput

A one sentence description of the note.

func (NoteOutput) ToNoteOutput

func (o NoteOutput) ToNoteOutput() NoteOutput

func (NoteOutput) ToNoteOutputWithContext

func (o NoteOutput) ToNoteOutputWithContext(ctx context.Context) NoteOutput

func (NoteOutput) UpdateTime added in v6.23.0

func (o NoteOutput) UpdateTime() pulumi.StringOutput

The time this note was last updated.

type NoteRelatedUrl

type NoteRelatedUrl struct {
	// Label to describe usage of the URL
	Label *string `pulumi:"label"`
	// Specific URL associated with the resource.
	Url string `pulumi:"url"`
}

type NoteRelatedUrlArgs

type NoteRelatedUrlArgs struct {
	// Label to describe usage of the URL
	Label pulumi.StringPtrInput `pulumi:"label"`
	// Specific URL associated with the resource.
	Url pulumi.StringInput `pulumi:"url"`
}

func (NoteRelatedUrlArgs) ElementType

func (NoteRelatedUrlArgs) ElementType() reflect.Type

func (NoteRelatedUrlArgs) ToNoteRelatedUrlOutput

func (i NoteRelatedUrlArgs) ToNoteRelatedUrlOutput() NoteRelatedUrlOutput

func (NoteRelatedUrlArgs) ToNoteRelatedUrlOutputWithContext

func (i NoteRelatedUrlArgs) ToNoteRelatedUrlOutputWithContext(ctx context.Context) NoteRelatedUrlOutput

type NoteRelatedUrlArray

type NoteRelatedUrlArray []NoteRelatedUrlInput

func (NoteRelatedUrlArray) ElementType

func (NoteRelatedUrlArray) ElementType() reflect.Type

func (NoteRelatedUrlArray) ToNoteRelatedUrlArrayOutput

func (i NoteRelatedUrlArray) ToNoteRelatedUrlArrayOutput() NoteRelatedUrlArrayOutput

func (NoteRelatedUrlArray) ToNoteRelatedUrlArrayOutputWithContext

func (i NoteRelatedUrlArray) ToNoteRelatedUrlArrayOutputWithContext(ctx context.Context) NoteRelatedUrlArrayOutput

type NoteRelatedUrlArrayInput

type NoteRelatedUrlArrayInput interface {
	pulumi.Input

	ToNoteRelatedUrlArrayOutput() NoteRelatedUrlArrayOutput
	ToNoteRelatedUrlArrayOutputWithContext(context.Context) NoteRelatedUrlArrayOutput
}

NoteRelatedUrlArrayInput is an input type that accepts NoteRelatedUrlArray and NoteRelatedUrlArrayOutput values. You can construct a concrete instance of `NoteRelatedUrlArrayInput` via:

NoteRelatedUrlArray{ NoteRelatedUrlArgs{...} }

type NoteRelatedUrlArrayOutput

type NoteRelatedUrlArrayOutput struct{ *pulumi.OutputState }

func (NoteRelatedUrlArrayOutput) ElementType

func (NoteRelatedUrlArrayOutput) ElementType() reflect.Type

func (NoteRelatedUrlArrayOutput) Index

func (NoteRelatedUrlArrayOutput) ToNoteRelatedUrlArrayOutput

func (o NoteRelatedUrlArrayOutput) ToNoteRelatedUrlArrayOutput() NoteRelatedUrlArrayOutput

func (NoteRelatedUrlArrayOutput) ToNoteRelatedUrlArrayOutputWithContext

func (o NoteRelatedUrlArrayOutput) ToNoteRelatedUrlArrayOutputWithContext(ctx context.Context) NoteRelatedUrlArrayOutput

type NoteRelatedUrlInput

type NoteRelatedUrlInput interface {
	pulumi.Input

	ToNoteRelatedUrlOutput() NoteRelatedUrlOutput
	ToNoteRelatedUrlOutputWithContext(context.Context) NoteRelatedUrlOutput
}

NoteRelatedUrlInput is an input type that accepts NoteRelatedUrlArgs and NoteRelatedUrlOutput values. You can construct a concrete instance of `NoteRelatedUrlInput` via:

NoteRelatedUrlArgs{...}

type NoteRelatedUrlOutput

type NoteRelatedUrlOutput struct{ *pulumi.OutputState }

func (NoteRelatedUrlOutput) ElementType

func (NoteRelatedUrlOutput) ElementType() reflect.Type

func (NoteRelatedUrlOutput) Label

Label to describe usage of the URL

func (NoteRelatedUrlOutput) ToNoteRelatedUrlOutput

func (o NoteRelatedUrlOutput) ToNoteRelatedUrlOutput() NoteRelatedUrlOutput

func (NoteRelatedUrlOutput) ToNoteRelatedUrlOutputWithContext

func (o NoteRelatedUrlOutput) ToNoteRelatedUrlOutputWithContext(ctx context.Context) NoteRelatedUrlOutput

func (NoteRelatedUrlOutput) Url

Specific URL associated with the resource.

type NoteState

type NoteState struct {
	// Note kind that represents a logical attestation "role" or "authority".
	// For example, an organization might have one AttestationAuthority for
	// "QA" and one for "build". This Note is intended to act strictly as a
	// grouping mechanism for the attached Occurrences (Attestations). This
	// grouping mechanism also provides a security boundary, since IAM ACLs
	// gate the ability for a principle to attach an Occurrence to a given
	// Note. It also provides a single point of lookup to find all attached
	// Attestation Occurrences, even if they don't all live in the same
	// project.
	// Structure is documented below.
	AttestationAuthority NoteAttestationAuthorityPtrInput
	// The time this note was created.
	CreateTime pulumi.StringPtrInput
	// Time of expiration for this note. Leave empty if note does not expire.
	ExpirationTime pulumi.StringPtrInput
	// The type of analysis this note describes
	Kind pulumi.StringPtrInput
	// A detailed description of the note
	LongDescription pulumi.StringPtrInput
	// The name of the note.
	Name pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// Names of other notes related to this note.
	RelatedNoteNames pulumi.StringArrayInput
	// URLs associated with this note and related metadata.
	// Structure is documented below.
	RelatedUrls NoteRelatedUrlArrayInput
	// A one sentence description of the note.
	ShortDescription pulumi.StringPtrInput
	// The time this note was last updated.
	UpdateTime pulumi.StringPtrInput
}

func (NoteState) ElementType

func (NoteState) ElementType() reflect.Type

type Occurence

type Occurence struct {
	pulumi.CustomResourceState

	// Occurrence that represents a single "attestation". The authenticity
	// of an attestation can be verified using the attached signature.
	// If the verifier trusts the public key of the signer, then verifying
	// the signature is sufficient to establish trust. In this circumstance,
	// the authority to which this attestation is attached is primarily
	// useful for lookup (how to find this attestation if you already
	// know the authority and artifact to be verified) and intent (for
	// which authority this attestation was intended to sign.
	// Structure is documented below.
	Attestation OccurenceAttestationOutput `pulumi:"attestation"`
	// The time when the repository was created.
	CreateTime pulumi.StringOutput `pulumi:"createTime"`
	// The note kind which explicitly denotes which of the occurrence
	// details are specified. This field can be used as a filter in list
	// requests.
	Kind pulumi.StringOutput `pulumi:"kind"`
	// The name of the occurrence.
	Name pulumi.StringOutput `pulumi:"name"`
	// The analysis note associated with this occurrence, in the form of
	// projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a
	// filter in list requests.
	NoteName pulumi.StringOutput `pulumi:"noteName"`
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringOutput `pulumi:"project"`
	// A description of actions that can be taken to remedy the note.
	Remediation pulumi.StringPtrOutput `pulumi:"remediation"`
	// Required. Immutable. A URI that represents the resource for which
	// the occurrence applies. For example,
	// https://gcr.io/project/image@sha256:123abc for a Docker image.
	ResourceUri pulumi.StringOutput `pulumi:"resourceUri"`
	// The time when the repository was last updated.
	UpdateTime pulumi.StringOutput `pulumi:"updateTime"`
}

An occurrence is an instance of a Note, or type of analysis that can be done for a resource.

To get more information about Occurrence, see:

* [API documentation](https://cloud.google.com/container-analysis/api/reference/rest/) * How-to Guides

## Example Usage

## Import

Occurrence can be imported using any of these accepted formats

```sh

$ pulumi import gcp:containeranalysis/occurence:Occurence default projects/{{project}}/occurrences/{{name}}

```

```sh

$ pulumi import gcp:containeranalysis/occurence:Occurence default {{project}}/{{name}}

```

```sh

$ pulumi import gcp:containeranalysis/occurence:Occurence default {{name}}

```

func GetOccurence

func GetOccurence(ctx *pulumi.Context,
	name string, id pulumi.IDInput, state *OccurenceState, opts ...pulumi.ResourceOption) (*Occurence, error)

GetOccurence gets an existing Occurence resource's state with the given name, ID, and optional state properties that are used to uniquely qualify the lookup (nil if not required).

func NewOccurence

func NewOccurence(ctx *pulumi.Context,
	name string, args *OccurenceArgs, opts ...pulumi.ResourceOption) (*Occurence, error)

NewOccurence registers a new resource with the given unique name, arguments, and options.

func (*Occurence) ElementType

func (*Occurence) ElementType() reflect.Type

func (*Occurence) ToOccurenceOutput

func (i *Occurence) ToOccurenceOutput() OccurenceOutput

func (*Occurence) ToOccurenceOutputWithContext

func (i *Occurence) ToOccurenceOutputWithContext(ctx context.Context) OccurenceOutput

type OccurenceArgs

type OccurenceArgs struct {
	// Occurrence that represents a single "attestation". The authenticity
	// of an attestation can be verified using the attached signature.
	// If the verifier trusts the public key of the signer, then verifying
	// the signature is sufficient to establish trust. In this circumstance,
	// the authority to which this attestation is attached is primarily
	// useful for lookup (how to find this attestation if you already
	// know the authority and artifact to be verified) and intent (for
	// which authority this attestation was intended to sign.
	// Structure is documented below.
	Attestation OccurenceAttestationInput
	// The analysis note associated with this occurrence, in the form of
	// projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a
	// filter in list requests.
	NoteName pulumi.StringInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// A description of actions that can be taken to remedy the note.
	Remediation pulumi.StringPtrInput
	// Required. Immutable. A URI that represents the resource for which
	// the occurrence applies. For example,
	// https://gcr.io/project/image@sha256:123abc for a Docker image.
	ResourceUri pulumi.StringInput
}

The set of arguments for constructing a Occurence resource.

func (OccurenceArgs) ElementType

func (OccurenceArgs) ElementType() reflect.Type

type OccurenceArray

type OccurenceArray []OccurenceInput

func (OccurenceArray) ElementType

func (OccurenceArray) ElementType() reflect.Type

func (OccurenceArray) ToOccurenceArrayOutput

func (i OccurenceArray) ToOccurenceArrayOutput() OccurenceArrayOutput

func (OccurenceArray) ToOccurenceArrayOutputWithContext

func (i OccurenceArray) ToOccurenceArrayOutputWithContext(ctx context.Context) OccurenceArrayOutput

type OccurenceArrayInput

type OccurenceArrayInput interface {
	pulumi.Input

	ToOccurenceArrayOutput() OccurenceArrayOutput
	ToOccurenceArrayOutputWithContext(context.Context) OccurenceArrayOutput
}

OccurenceArrayInput is an input type that accepts OccurenceArray and OccurenceArrayOutput values. You can construct a concrete instance of `OccurenceArrayInput` via:

OccurenceArray{ OccurenceArgs{...} }

type OccurenceArrayOutput

type OccurenceArrayOutput struct{ *pulumi.OutputState }

func (OccurenceArrayOutput) ElementType

func (OccurenceArrayOutput) ElementType() reflect.Type

func (OccurenceArrayOutput) Index

func (OccurenceArrayOutput) ToOccurenceArrayOutput

func (o OccurenceArrayOutput) ToOccurenceArrayOutput() OccurenceArrayOutput

func (OccurenceArrayOutput) ToOccurenceArrayOutputWithContext

func (o OccurenceArrayOutput) ToOccurenceArrayOutputWithContext(ctx context.Context) OccurenceArrayOutput

type OccurenceAttestation

type OccurenceAttestation struct {
	// The serialized payload that is verified by one or
	// more signatures. A base64-encoded string.
	SerializedPayload string `pulumi:"serializedPayload"`
	// One or more signatures over serializedPayload.
	// Verifier implementations should consider this attestation
	// message verified if at least one signature verifies
	// serializedPayload. See Signature in common.proto for more
	// details on signature structure and verification.
	// Structure is documented below.
	Signatures []OccurenceAttestationSignature `pulumi:"signatures"`
}

type OccurenceAttestationArgs

type OccurenceAttestationArgs struct {
	// The serialized payload that is verified by one or
	// more signatures. A base64-encoded string.
	SerializedPayload pulumi.StringInput `pulumi:"serializedPayload"`
	// One or more signatures over serializedPayload.
	// Verifier implementations should consider this attestation
	// message verified if at least one signature verifies
	// serializedPayload. See Signature in common.proto for more
	// details on signature structure and verification.
	// Structure is documented below.
	Signatures OccurenceAttestationSignatureArrayInput `pulumi:"signatures"`
}

func (OccurenceAttestationArgs) ElementType

func (OccurenceAttestationArgs) ElementType() reflect.Type

func (OccurenceAttestationArgs) ToOccurenceAttestationOutput

func (i OccurenceAttestationArgs) ToOccurenceAttestationOutput() OccurenceAttestationOutput

func (OccurenceAttestationArgs) ToOccurenceAttestationOutputWithContext

func (i OccurenceAttestationArgs) ToOccurenceAttestationOutputWithContext(ctx context.Context) OccurenceAttestationOutput

func (OccurenceAttestationArgs) ToOccurenceAttestationPtrOutput

func (i OccurenceAttestationArgs) ToOccurenceAttestationPtrOutput() OccurenceAttestationPtrOutput

func (OccurenceAttestationArgs) ToOccurenceAttestationPtrOutputWithContext

func (i OccurenceAttestationArgs) ToOccurenceAttestationPtrOutputWithContext(ctx context.Context) OccurenceAttestationPtrOutput

type OccurenceAttestationInput

type OccurenceAttestationInput interface {
	pulumi.Input

	ToOccurenceAttestationOutput() OccurenceAttestationOutput
	ToOccurenceAttestationOutputWithContext(context.Context) OccurenceAttestationOutput
}

OccurenceAttestationInput is an input type that accepts OccurenceAttestationArgs and OccurenceAttestationOutput values. You can construct a concrete instance of `OccurenceAttestationInput` via:

OccurenceAttestationArgs{...}

type OccurenceAttestationOutput

type OccurenceAttestationOutput struct{ *pulumi.OutputState }

func (OccurenceAttestationOutput) ElementType

func (OccurenceAttestationOutput) ElementType() reflect.Type

func (OccurenceAttestationOutput) SerializedPayload

func (o OccurenceAttestationOutput) SerializedPayload() pulumi.StringOutput

The serialized payload that is verified by one or more signatures. A base64-encoded string.

func (OccurenceAttestationOutput) Signatures

One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.

func (OccurenceAttestationOutput) ToOccurenceAttestationOutput

func (o OccurenceAttestationOutput) ToOccurenceAttestationOutput() OccurenceAttestationOutput

func (OccurenceAttestationOutput) ToOccurenceAttestationOutputWithContext

func (o OccurenceAttestationOutput) ToOccurenceAttestationOutputWithContext(ctx context.Context) OccurenceAttestationOutput

func (OccurenceAttestationOutput) ToOccurenceAttestationPtrOutput

func (o OccurenceAttestationOutput) ToOccurenceAttestationPtrOutput() OccurenceAttestationPtrOutput

func (OccurenceAttestationOutput) ToOccurenceAttestationPtrOutputWithContext

func (o OccurenceAttestationOutput) ToOccurenceAttestationPtrOutputWithContext(ctx context.Context) OccurenceAttestationPtrOutput

type OccurenceAttestationPtrInput

type OccurenceAttestationPtrInput interface {
	pulumi.Input

	ToOccurenceAttestationPtrOutput() OccurenceAttestationPtrOutput
	ToOccurenceAttestationPtrOutputWithContext(context.Context) OccurenceAttestationPtrOutput
}

OccurenceAttestationPtrInput is an input type that accepts OccurenceAttestationArgs, OccurenceAttestationPtr and OccurenceAttestationPtrOutput values. You can construct a concrete instance of `OccurenceAttestationPtrInput` via:

        OccurenceAttestationArgs{...}

or:

        nil

type OccurenceAttestationPtrOutput

type OccurenceAttestationPtrOutput struct{ *pulumi.OutputState }

func (OccurenceAttestationPtrOutput) Elem

func (OccurenceAttestationPtrOutput) ElementType

func (OccurenceAttestationPtrOutput) SerializedPayload

The serialized payload that is verified by one or more signatures. A base64-encoded string.

func (OccurenceAttestationPtrOutput) Signatures

One or more signatures over serializedPayload. Verifier implementations should consider this attestation message verified if at least one signature verifies serializedPayload. See Signature in common.proto for more details on signature structure and verification. Structure is documented below.

func (OccurenceAttestationPtrOutput) ToOccurenceAttestationPtrOutput

func (o OccurenceAttestationPtrOutput) ToOccurenceAttestationPtrOutput() OccurenceAttestationPtrOutput

func (OccurenceAttestationPtrOutput) ToOccurenceAttestationPtrOutputWithContext

func (o OccurenceAttestationPtrOutput) ToOccurenceAttestationPtrOutputWithContext(ctx context.Context) OccurenceAttestationPtrOutput

type OccurenceAttestationSignature

type OccurenceAttestationSignature struct {
	// The identifier for the public key that verifies this
	// signature. MUST be an RFC3986 conformant
	// URI. * When possible, the key id should be an
	// immutable reference, such as a cryptographic digest.
	// Examples of valid values:
	// * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr
	//   for more details on this scheme.
	// * `openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA`
	// * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
	// * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
	//
	// ***
	PublicKeyId string `pulumi:"publicKeyId"`
	// The content of the signature, an opaque bytestring.
	// The payload that this signature verifies MUST be
	// unambiguously provided with the Signature during
	// verification. A wrapper message might provide the
	// payload explicitly. Alternatively, a message might
	// have a canonical serialization that can always be
	// unambiguously computed to derive the payload.
	Signature *string `pulumi:"signature"`
}

type OccurenceAttestationSignatureArgs

type OccurenceAttestationSignatureArgs struct {
	// The identifier for the public key that verifies this
	// signature. MUST be an RFC3986 conformant
	// URI. * When possible, the key id should be an
	// immutable reference, such as a cryptographic digest.
	// Examples of valid values:
	// * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr
	//   for more details on this scheme.
	// * `openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA`
	// * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
	// * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"
	//
	// ***
	PublicKeyId pulumi.StringInput `pulumi:"publicKeyId"`
	// The content of the signature, an opaque bytestring.
	// The payload that this signature verifies MUST be
	// unambiguously provided with the Signature during
	// verification. A wrapper message might provide the
	// payload explicitly. Alternatively, a message might
	// have a canonical serialization that can always be
	// unambiguously computed to derive the payload.
	Signature pulumi.StringPtrInput `pulumi:"signature"`
}

func (OccurenceAttestationSignatureArgs) ElementType

func (OccurenceAttestationSignatureArgs) ToOccurenceAttestationSignatureOutput

func (i OccurenceAttestationSignatureArgs) ToOccurenceAttestationSignatureOutput() OccurenceAttestationSignatureOutput

func (OccurenceAttestationSignatureArgs) ToOccurenceAttestationSignatureOutputWithContext

func (i OccurenceAttestationSignatureArgs) ToOccurenceAttestationSignatureOutputWithContext(ctx context.Context) OccurenceAttestationSignatureOutput

type OccurenceAttestationSignatureArray

type OccurenceAttestationSignatureArray []OccurenceAttestationSignatureInput

func (OccurenceAttestationSignatureArray) ElementType

func (OccurenceAttestationSignatureArray) ToOccurenceAttestationSignatureArrayOutput

func (i OccurenceAttestationSignatureArray) ToOccurenceAttestationSignatureArrayOutput() OccurenceAttestationSignatureArrayOutput

func (OccurenceAttestationSignatureArray) ToOccurenceAttestationSignatureArrayOutputWithContext

func (i OccurenceAttestationSignatureArray) ToOccurenceAttestationSignatureArrayOutputWithContext(ctx context.Context) OccurenceAttestationSignatureArrayOutput

type OccurenceAttestationSignatureArrayInput

type OccurenceAttestationSignatureArrayInput interface {
	pulumi.Input

	ToOccurenceAttestationSignatureArrayOutput() OccurenceAttestationSignatureArrayOutput
	ToOccurenceAttestationSignatureArrayOutputWithContext(context.Context) OccurenceAttestationSignatureArrayOutput
}

OccurenceAttestationSignatureArrayInput is an input type that accepts OccurenceAttestationSignatureArray and OccurenceAttestationSignatureArrayOutput values. You can construct a concrete instance of `OccurenceAttestationSignatureArrayInput` via:

OccurenceAttestationSignatureArray{ OccurenceAttestationSignatureArgs{...} }

type OccurenceAttestationSignatureArrayOutput

type OccurenceAttestationSignatureArrayOutput struct{ *pulumi.OutputState }

func (OccurenceAttestationSignatureArrayOutput) ElementType

func (OccurenceAttestationSignatureArrayOutput) Index

func (OccurenceAttestationSignatureArrayOutput) ToOccurenceAttestationSignatureArrayOutput

func (o OccurenceAttestationSignatureArrayOutput) ToOccurenceAttestationSignatureArrayOutput() OccurenceAttestationSignatureArrayOutput

func (OccurenceAttestationSignatureArrayOutput) ToOccurenceAttestationSignatureArrayOutputWithContext

func (o OccurenceAttestationSignatureArrayOutput) ToOccurenceAttestationSignatureArrayOutputWithContext(ctx context.Context) OccurenceAttestationSignatureArrayOutput

type OccurenceAttestationSignatureInput

type OccurenceAttestationSignatureInput interface {
	pulumi.Input

	ToOccurenceAttestationSignatureOutput() OccurenceAttestationSignatureOutput
	ToOccurenceAttestationSignatureOutputWithContext(context.Context) OccurenceAttestationSignatureOutput
}

OccurenceAttestationSignatureInput is an input type that accepts OccurenceAttestationSignatureArgs and OccurenceAttestationSignatureOutput values. You can construct a concrete instance of `OccurenceAttestationSignatureInput` via:

OccurenceAttestationSignatureArgs{...}

type OccurenceAttestationSignatureOutput

type OccurenceAttestationSignatureOutput struct{ *pulumi.OutputState }

func (OccurenceAttestationSignatureOutput) ElementType

func (OccurenceAttestationSignatureOutput) PublicKeyId

The identifier for the public key that verifies this signature. MUST be an RFC3986 conformant URI. * When possible, the key id should be an immutable reference, such as a cryptographic digest. Examples of valid values:

  • OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr for more details on this scheme.
  • `openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA`
  • RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
  • "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"

***

func (OccurenceAttestationSignatureOutput) Signature

The content of the signature, an opaque bytestring. The payload that this signature verifies MUST be unambiguously provided with the Signature during verification. A wrapper message might provide the payload explicitly. Alternatively, a message might have a canonical serialization that can always be unambiguously computed to derive the payload.

func (OccurenceAttestationSignatureOutput) ToOccurenceAttestationSignatureOutput

func (o OccurenceAttestationSignatureOutput) ToOccurenceAttestationSignatureOutput() OccurenceAttestationSignatureOutput

func (OccurenceAttestationSignatureOutput) ToOccurenceAttestationSignatureOutputWithContext

func (o OccurenceAttestationSignatureOutput) ToOccurenceAttestationSignatureOutputWithContext(ctx context.Context) OccurenceAttestationSignatureOutput

type OccurenceInput

type OccurenceInput interface {
	pulumi.Input

	ToOccurenceOutput() OccurenceOutput
	ToOccurenceOutputWithContext(ctx context.Context) OccurenceOutput
}

type OccurenceMap

type OccurenceMap map[string]OccurenceInput

func (OccurenceMap) ElementType

func (OccurenceMap) ElementType() reflect.Type

func (OccurenceMap) ToOccurenceMapOutput

func (i OccurenceMap) ToOccurenceMapOutput() OccurenceMapOutput

func (OccurenceMap) ToOccurenceMapOutputWithContext

func (i OccurenceMap) ToOccurenceMapOutputWithContext(ctx context.Context) OccurenceMapOutput

type OccurenceMapInput

type OccurenceMapInput interface {
	pulumi.Input

	ToOccurenceMapOutput() OccurenceMapOutput
	ToOccurenceMapOutputWithContext(context.Context) OccurenceMapOutput
}

OccurenceMapInput is an input type that accepts OccurenceMap and OccurenceMapOutput values. You can construct a concrete instance of `OccurenceMapInput` via:

OccurenceMap{ "key": OccurenceArgs{...} }

type OccurenceMapOutput

type OccurenceMapOutput struct{ *pulumi.OutputState }

func (OccurenceMapOutput) ElementType

func (OccurenceMapOutput) ElementType() reflect.Type

func (OccurenceMapOutput) MapIndex

func (OccurenceMapOutput) ToOccurenceMapOutput

func (o OccurenceMapOutput) ToOccurenceMapOutput() OccurenceMapOutput

func (OccurenceMapOutput) ToOccurenceMapOutputWithContext

func (o OccurenceMapOutput) ToOccurenceMapOutputWithContext(ctx context.Context) OccurenceMapOutput

type OccurenceOutput

type OccurenceOutput struct{ *pulumi.OutputState }

func (OccurenceOutput) Attestation added in v6.23.0

Occurrence that represents a single "attestation". The authenticity of an attestation can be verified using the attached signature. If the verifier trusts the public key of the signer, then verifying the signature is sufficient to establish trust. In this circumstance, the authority to which this attestation is attached is primarily useful for lookup (how to find this attestation if you already know the authority and artifact to be verified) and intent (for which authority this attestation was intended to sign. Structure is documented below.

func (OccurenceOutput) CreateTime added in v6.23.0

func (o OccurenceOutput) CreateTime() pulumi.StringOutput

The time when the repository was created.

func (OccurenceOutput) ElementType

func (OccurenceOutput) ElementType() reflect.Type

func (OccurenceOutput) Kind added in v6.23.0

The note kind which explicitly denotes which of the occurrence details are specified. This field can be used as a filter in list requests.

func (OccurenceOutput) Name added in v6.23.0

The name of the occurrence.

func (OccurenceOutput) NoteName added in v6.23.0

func (o OccurenceOutput) NoteName() pulumi.StringOutput

The analysis note associated with this occurrence, in the form of projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a filter in list requests.

func (OccurenceOutput) Project added in v6.23.0

func (o OccurenceOutput) Project() pulumi.StringOutput

The ID of the project in which the resource belongs. If it is not provided, the provider project is used.

func (OccurenceOutput) Remediation added in v6.23.0

func (o OccurenceOutput) Remediation() pulumi.StringPtrOutput

A description of actions that can be taken to remedy the note.

func (OccurenceOutput) ResourceUri added in v6.23.0

func (o OccurenceOutput) ResourceUri() pulumi.StringOutput

Required. Immutable. A URI that represents the resource for which the occurrence applies. For example, https://gcr.io/project/image@sha256:123abc for a Docker image.

func (OccurenceOutput) ToOccurenceOutput

func (o OccurenceOutput) ToOccurenceOutput() OccurenceOutput

func (OccurenceOutput) ToOccurenceOutputWithContext

func (o OccurenceOutput) ToOccurenceOutputWithContext(ctx context.Context) OccurenceOutput

func (OccurenceOutput) UpdateTime added in v6.23.0

func (o OccurenceOutput) UpdateTime() pulumi.StringOutput

The time when the repository was last updated.

type OccurenceState

type OccurenceState struct {
	// Occurrence that represents a single "attestation". The authenticity
	// of an attestation can be verified using the attached signature.
	// If the verifier trusts the public key of the signer, then verifying
	// the signature is sufficient to establish trust. In this circumstance,
	// the authority to which this attestation is attached is primarily
	// useful for lookup (how to find this attestation if you already
	// know the authority and artifact to be verified) and intent (for
	// which authority this attestation was intended to sign.
	// Structure is documented below.
	Attestation OccurenceAttestationPtrInput
	// The time when the repository was created.
	CreateTime pulumi.StringPtrInput
	// The note kind which explicitly denotes which of the occurrence
	// details are specified. This field can be used as a filter in list
	// requests.
	Kind pulumi.StringPtrInput
	// The name of the occurrence.
	Name pulumi.StringPtrInput
	// The analysis note associated with this occurrence, in the form of
	// projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a
	// filter in list requests.
	NoteName pulumi.StringPtrInput
	// The ID of the project in which the resource belongs.
	// If it is not provided, the provider project is used.
	Project pulumi.StringPtrInput
	// A description of actions that can be taken to remedy the note.
	Remediation pulumi.StringPtrInput
	// Required. Immutable. A URI that represents the resource for which
	// the occurrence applies. For example,
	// https://gcr.io/project/image@sha256:123abc for a Docker image.
	ResourceUri pulumi.StringPtrInput
	// The time when the repository was last updated.
	UpdateTime pulumi.StringPtrInput
}

func (OccurenceState) ElementType

func (OccurenceState) ElementType() reflect.Type

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL