:SrSSKJr SSKJr SSKJr SSKrSSKrSSKJr SSKJ r SSKJ r SS KJ r SS K Jr SS KJr SS KJr SS KJr SSKJr SSKJr SSKJr SSKJr SSKJr \R8\R:"\R<R>5"SS\R@555r!\R:"\R<RD\R<RF5"SS\R@55r$g)z9The Create command for Binary Authorization attestations.)absolute_import)division)unicode_literalsN)apis) attestors)containeranalysis)containeranalysis_apis)base) exceptions)flags)util) validation) properties) resources) console_io)filesc.\rSrSrSr\S5rSrSrg)Create'aHCreate a Binary Authorization attestation. This command creates a Binary Authorization attestation for your project. The attestation is created for the specified artifact (e.g. a gcr.io container URL), associate with the specified attestor, and stored under the specified project. ## EXAMPLES To create an attestation in the project "my_proj" as the attestor with resource path "projects/foo/attestors/bar", run: $ {command} \ --project=my_proj \ --artifact-url='gcr.io/example-project/example-image@sha256:abcd' \ --attestor=projects/foo/attestors/bar \ --signature-file=signed_artifact_attestation.pgp.sig \ --public-key-id=AAAA0000000000000000FFFFFFFFFFFFFFFFFFFF To create an attestation in the project "my_proj" in note "projects/foo/notes/bar", run: $ {command} \ --project=my_proj \ --artifact-url='gcr.io/example-project/example-image@sha256:abcd' \ --note=projects/foo/notes/bar \ --signature-file=signed_artifact_attestation.pgp.sig \ --public-key-id=AAAA0000000000000000FFFFFFFFFFFFFFFFFFFF c [R"U5 URSS[[R "S5S9 URSS[[R "S5S9 UR 5nUR5n[R"U[R"SSSS[R "S 5S 95 [R"U[R"S SS[R "S 5S 95 URSS[[R "S5S9 URSSS[R "S5S9 g)N--signature-fileTh Path to file containing the signature to store, or `-` to read signature from stdin.requiredtypehelp--payload-fileF Path to file containing the payload over which the signature was calculated. This defaults to the output of the standard payload command: $ {grandparent_command} create-signature-payload NOTE: If you sign a payload with e.g. different whitespace or formatting, you must explicitly provide the payload content via this flag. attestor The Attestor whose Container Analysis Note will be used to host the created attestation. In order to successfully attach the attestation, the active gcloud account (core/account) must be able to read this attestor and must have the `containeranalysis.notes.attachOccurrence` permission for the Attestor's underlying Note resource (usually via the `containeranalysis.notes.attacher` role). base_namer positionaluse_global_project_flag group_helpnoteg The Container Analysis Note which will be used to host the created attestation. In order to successfully attach the attestation, the active gcloud account (core/account) must have the `containeranalysis.notes.attachOccurrence` permission for the Note (usually via the `containeranalysis.notes.attacher` role).r"rr#r%--public-key-ida The ID of the public key that will be used to verify the signature of the created Attestation. This ID must match the one found on the Attestor resource(s) which will verify this Attestation. For PGP keys, this must be the version 4, full 160-bit fingerprint, expressed as a 40 character hexadecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details. --validate store_trueo Whether to validate that the Attestation can be verified by the provided Attestor. actiondefaultr r AddArtifactUrlFlag add_argumentstrtextwrapdedentadd_mutually_exclusive_group add_group AddConceptsGetAttestorPresentationSpecGetNotePresentationSpecclsparserexclusive_groupgroups 5lib/surface/container/binauthz/attestations/create.pyArgs Create.ArgsHsc V$   __#$    __   $99;O  % % 'E   )) $)(;< $  %%(MN     __KL    __  c :[RR[RR R RSS9SS9n[R"UR5n[R"URSS9nUR(a![R "UR5nO[R""U5nUR$(GaUR&R$R5n[(R*"UR-55n[.R0"U5nURU5n [2R4"[6R8UUS9n [:R0"5R=U[RR?SURAU 5RB05UURDUUSU;aURF(aU S 9$SS 9$URH(aw[:R0"[JR*"UR-555R=UUR&RHR5UURDUUSS 9$[LRN"S 5e NT)rzcloudresourcemanager.projects) collection)binary) attestor_ref api_versionz containeranalysis.projects.notesvalidate) project_refnote_ref artifact_url public_key_id signature plaintextvalidation_callbackz-One of --attestor or --note must be provided.(rREGISTRYParserVALUEScoreprojectGetbinauthz_command_utilRemoveArtifactUrlSchemerMrReadFromFileOrStdinsignature_file payload_filerReadBinaryFileContentsMakeSignaturePayloadrCONCEPTSr GetApiVersion ReleaseTrackrClient functoolspartialrvalidate_attestationrCreateAttestationOccurrenceParseResourceId GetNoteAttr noteReferencerNrJr&ca_apisr InvalidArgumentError) selfargsrKartifact_url_without_schemerOpayloadrHrIclientrrQs r@Run Create.Runs?$$**&&**D*92+K#8"O"O #..t/B/B4PI ,,T->->?g%:: %g }}}]]++113l&&t'8'8':;k ,fL)h%--  ) )#!  % % ' C C!%%550  *88 3** 4 DMM2DD   % %    1 1 3 4##!==%%++-2**" $    + + 9 rCN __name__ __module__ __qualname____firstlineno____doc__ classmethodrArr__static_attributes__rtrCr@rr's#<VVp:rCrc.\rSrSrSr\S5rSrSrg)CreateWithPkixSupportaFCreate a Binary Authorization attestation. This command creates a Binary Authorization attestation for your project. The attestation is created for the specified artifact (e.g. a gcr.io container URL), associate with the specified attestor, and stored under the specified project. ## EXAMPLES To create an attestation in the project "my_proj" as the attestor with resource path "projects/foo/attestors/bar", run: $ {command} \ --project=my_proj \ --artifact-url=gcr.io/example-project/example-image@sha256:abcd \ --attestor=projects/foo/attestors/bar \ --signature-file=signed_artifact_attestation.pgp.sig \ --public-key-id=AAAA0000000000000000FFFFFFFFFFFFFFFFFFFF To create an attestation in the project "my_proj" in note "projects/foo/notes/bar", run: $ {command} \ --project=my_proj \ --artifact-url='gcr.io/example-project/example-image@sha256:abcd' \ --note=projects/foo/notes/bar \ --signature-file=signed_artifact_attestation.pgp.sig \ --public-key-id=AAAA0000000000000000FFFFFFFFFFFFFFFFFFFF c [R"U5 URSS[[R "S5S9 URSS[[R "S5S9 UR 5nUR5n[R"U[R"SSSS[R "S 5S 95 [R"U[R"S SS[R "S 5S 95 URSS[[R "S5S9 URSSS[R "S5S9 g)NrTrrrFrrr r!r&r'r(r)a' The ID of the public key that will be used to verify the signature of the created Attestation. This ID must match the one found on the Attestor resource(s) which will verify this Attestation. For PKIX keys, this will be the URI-formatted `id` field of the associated Attestor public key. For PGP keys, this must be the version 4, full 160-bit fingerprint, expressed as a 40 character hexadecimal string. See https://tools.ietf.org/html/rfc4880#section-12.2 for details.r*r+r,r-r0r;s r@rACreateWithPkixSupport.Argssc V$   __#$    __   $99;O  % % 'E   )) $)(;< $  %%(MN     __ K L "  __  rCc >[RR[RR R RSS9SS9n[R"UR5n[R"URSS9nUR(a![R "UR5nO[R""U5nUR$(GaUR&R$R5n[(R*"UR-55n[.R0"U5nURU5n [2R4"[6R8UUS9n [:R0"5R=U[RR?SURAU 5RB05UURDUUSU;aURF(aU S 9$SS 9$URH(ayUR&RHR5n [:R0"[JR*"UR-555R=UU UURDUUSS 9$[LRN"S 5erErR) rmrnrKrorOrprHrIrqrrQrLs r@rrCreateWithPkixSupport.RunZsD$$**&&**D*92+K#8"O"O #..t/B/B4PI ,,T->->?g%:: %g }}}]]++113l&&t'8'8':;k ,fL)h%--  ) )#!  % % ' C C!%%550  *88 3** 4 DMM2DD ##))+h  % %    1 1 3 4##!2**" $    + + 9 rCrtNrurtrCr@r~r~s#<YYv<rCr~)%rz __future__rrrrdr4)googlecloudsdk.api_lib.container.binauthzrrrr rkgooglecloudsdk.callioper -googlecloudsdk.command_lib.container.binauthzr r r rYrgooglecloudsdk.corerrgooglecloudsdk.core.consolergooglecloudsdk.core.utilrDefaultUniverseOnly ReleaseTracksrbGA CreateCommandrBETAALPHAr~rtrCr@rs@&':?GW(D?WD*)2*D%%(()rT  r*rjD%%**D,=,=,C,CDwD..wEwrC