gcloud container binauthz attestors create - create an Attestor
gcloud container binauthz attestors create ATTESTOR (--attestation-authority-note=ATTESTATION_AUTHORITY_NOTE : --attestation-authority-note-project=ATTESTATION_AUTHORITY_NOTE_PROJECT) [--description=DESCRIPTION] [GCLOUD_WIDE_FLAG ...]
To create an Attestor with an existing Note projects/my_proj/notes/my_note:
$ gcloud container binauthz attestors create my_new_attestor \ --attestation-authority-note=my_note \ --attestation-authority-note-project=my_proj \
- Attestor resource - The attestor to be created. This represents a Cloud
resource. (NOTE) Some attributes are not given arguments in this group but can be set in other ways. To set the project attribute:
- —
provide the argument ATTESTOR on the command line with a fully specified name;
- —
provide the argument --project on the command line;
- —
set the property core/project.
This must be specified.
- ATTESTOR
ID of the attestor or fully qualified identifier for the attestor. To set the name attribute:
provide the argument ATTESTOR on the command line.
- Note resource - The Container Analysis ATTESTATION_AUTHORITY Note to which the
created attestor will be bound.
For the attestor to be able to access and use the Note, the Note must exist and the active gcloud account (core/account) must have the containeranalysis.notes.listOccurrences permission for the Note. This can be achieved by granting the containeranalysis.notes.occurrences.viewer role to the active account for the Note resource in question.
The arguments in this group can be used to specify the attributes of this resource.
This must be specified.
- --attestation-authority-note=ATTESTATION_AUTHORITY_NOTE
ID of the note or fully qualified identifier for the note. To set the note attribute:
provide the argument --attestation-authority-note on the command line.
This flag argument must be specified if any of the other arguments in this group are specified.
- --attestation-authority-note-project=ATTESTATION_AUTHORITY_NOTE_PROJECT
The Container Analysis project for the note. To set the project attribute:
provide the argument --attestation-authority-note on the command line with a fully specified name;
provide the argument --attestation-authority-note-project on the command line.
- --description=DESCRIPTION
A description for the attestor
These flags are available to all commands: --access-token-file, --account, --billing-project, --configuration, --flags-file, --flatten, --format, --help, --impersonate-service-account, --log-http, --project, --quiet, --trace-token, --user-output-enabled, --verbosity.
Run $ gcloud help for details.
These variants are also available:
$ gcloud alpha container binauthz attestors create
$ gcloud beta container binauthz attestors create