Class UserOwnedDrydockNote (0.4.1)

UserOwnedDrydockNote(mapping=None, *, ignore_unknown_fields=False, **kwargs)

An [user owned drydock note][google.cloud.binaryauthorization.v1beta1.UserOwnedDrydockNote] references a Drydock ATTESTATION_AUTHORITY Note created by the user.

Attributes

NameDescription
note_reference str
Required. The Drydock resource name of a ATTESTATION_AUTHORITY Note, created by the user, in the format: projects/*/notes/* (or the legacy providers/*/notes/*). This field may not be updated. An attestation by this attestor is stored as a Drydock ATTESTATION_AUTHORITY Occurrence that names a container image and that links to this Note. Drydock is an external dependency.
public_keys Sequence[google.cloud.binaryauthorization_v1beta1.types.AttestorPublicKey]
Optional. Public keys that verify attestations signed by this attestor. This field may be updated. If this field is non-empty, one of the specified public keys must verify that an attestation was signed by this attestor for the image specified in the admission request. If this field is empty, this attestor always returns that no valid attestations exist.
delegation_service_account_email str
Output only. This field will contain the service account email address that this Attestor will use as the principal when querying Container Analysis. Attestor administrators must grant this service account the IAM role needed to read attestations from the note_reference][Note] in Container Analysis (containeranalysis.notes.occurrences.viewer). This email address is fixed for the lifetime of the Attestor, but callers should not make any other assumptions about the service account email; future versions may use an email based on a different naming pattern.