v5.18.0/website/docs/r/container_analysis_occurrence.html.markdown

---
# ----------------------------------------------------------------------------
#
#     ***     AUTO GENERATED CODE    ***    Type: MMv1     ***
#
# ----------------------------------------------------------------------------
#
#     This file is automatically generated by Magic Modules and manual
#     changes will be clobbered when the file is regenerated.
#
#     Please read more about how to change this file in
#     .github/CONTRIBUTING.md.
#
# ----------------------------------------------------------------------------
subcategory: "Container Registry"
description: |-
  An occurrence is an instance of a Note, or type of analysis that
  can be done for a resource.
---

# google\_container\_analysis\_occurrence

An occurrence is an instance of a Note, or type of analysis that
can be done for a resource.


To get more information about Occurrence, see:

* [API documentation](https://cloud.google.com/container-analysis/api/reference/rest/)
* How-to Guides
    * [Official Documentation](https://cloud.google.com/container-analysis/)

## Example Usage - Container Analysis Occurrence Kms


```hcl
resource "google_binary_authorization_attestor" "attestor" {
  name = "attestor"
  attestation_authority_note {
    note_reference = google_container_analysis_note.note.name
    public_keys {
      id = data.google_kms_crypto_key_version.version.id
      pkix_public_key {
        public_key_pem      = data.google_kms_crypto_key_version.version.public_key[0].pem
        signature_algorithm = data.google_kms_crypto_key_version.version.public_key[0].algorithm
      }
    }
  }
}

resource "google_container_analysis_note" "note" {
  name = "attestation-note"
  attestation_authority {
    hint {
      human_readable_name = "Attestor Note"
    }
  }
}

data "google_kms_key_ring" "keyring" {
  name = "my-key-ring"
  location = "global"
}

data "google_kms_crypto_key" "crypto-key" {
  name     = "my-key"
  key_ring = data.google_kms_key_ring.keyring.id
}

data "google_kms_crypto_key_version" "version" {
  crypto_key = data.google_kms_crypto_key.crypto-key.id
}

resource "google_container_analysis_occurrence" "occurrence" {
  resource_uri = "gcr.io/my-project/my-image"
  note_name = google_container_analysis_note.note.id

  // See "Creating Attestations" Guide for expected
  // payload and signature formats.
  attestation {
    serialized_payload = filebase64("path/to/my/payload.json")
    signatures {
      public_key_id = data.google_kms_crypto_key_version.version.id
      serialized_payload = filebase64("path/to/my/payload.json.sig")
    }
  }
}
```

## Argument Reference

The following arguments are supported:


* `resource_uri` -
  (Required)
  Required. Immutable. A URI that represents the resource for which
  the occurrence applies. For example,
  https://gcr.io/project/image@sha256:123abc for a Docker image.

* `note_name` -
  (Required)
  The analysis note associated with this occurrence, in the form of
  projects/[PROJECT]/notes/[NOTE_ID]. This field can be used as a
  filter in list requests.

* `attestation` -
  (Required)
  Occurrence that represents a single "attestation". The authenticity
  of an attestation can be verified using the attached signature.
  If the verifier trusts the public key of the signer, then verifying
  the signature is sufficient to establish trust. In this circumstance,
  the authority to which this attestation is attached is primarily
  useful for lookup (how to find this attestation if you already
  know the authority and artifact to be verified) and intent (for
  which authority this attestation was intended to sign.
  Structure is [documented below](#nested_attestation).


<a name="nested_attestation"></a>The `attestation` block supports:

* `serialized_payload` -
  (Required)
  The serialized payload that is verified by one or
  more signatures. A base64-encoded string.

* `signatures` -
  (Required)
  One or more signatures over serializedPayload.
  Verifier implementations should consider this attestation
  message verified if at least one signature verifies
  serializedPayload. See Signature in common.proto for more
  details on signature structure and verification.
  Structure is [documented below](#nested_signatures).


<a name="nested_signatures"></a>The `signatures` block supports:

* `signature` -
  (Optional)
  The content of the signature, an opaque bytestring.
  The payload that this signature verifies MUST be
  unambiguously provided with the Signature during
  verification. A wrapper message might provide the
  payload explicitly. Alternatively, a message might
  have a canonical serialization that can always be
  unambiguously computed to derive the payload.

* `public_key_id` -
  (Required)
  The identifier for the public key that verifies this
  signature. MUST be an RFC3986 conformant
  URI. * When possible, the key id should be an
  immutable reference, such as a cryptographic digest.
  Examples of valid values:
  * OpenPGP V4 public key fingerprint. See https://www.iana.org/assignments/uri-schemes/prov/openpgp4fpr
    for more details on this scheme.
      * `openpgp4fpr:74FAF3B861BDA0870C7B6DEF607E48D2A663AEEA`
  * RFC6920 digest-named SubjectPublicKeyInfo (digest of the DER serialization):
      * "ni:///sha-256;cD9o9Cq6LG3jD0iKXqEi_vdjJGecm_iXkbqVoScViaU"

- - -


* `remediation` -
  (Optional)
  A description of actions that can be taken to remedy the note.

* `project` - (Optional) The ID of the project in which the resource belongs.
    If it is not provided, the provider project is used.


## Attributes Reference

In addition to the arguments listed above, the following computed attributes are exported:

* `id` - an identifier for the resource with format `projects/{{project}}/occurrences/{{name}}`

* `name` -
  The name of the occurrence.

* `kind` -
  The note kind which explicitly denotes which of the occurrence
  details are specified. This field can be used as a filter in list
  requests.

* `create_time` -
  The time when the repository was created.

* `update_time` -
  The time when the repository was last updated.


## Timeouts

This resource provides the following
[Timeouts](https://developer.hashicorp.com/terraform/plugin/sdkv2/resources/retries-and-customizable-timeouts) configuration options:

- `create` - Default is 20 minutes.
- `update` - Default is 20 minutes.
- `delete` - Default is 20 minutes.

## Import


Occurrence can be imported using any of these accepted formats:

* `projects/{{project}}/occurrences/{{name}}`
* `{{project}}/{{name}}`
* `{{name}}`


In Terraform v1.5.0 and later, use an [`import` block](https://developer.hashicorp.com/terraform/language/import) to import Occurrence using one of the formats above. For example:

```tf
import {
  id = "projects/{{project}}/occurrences/{{name}}"
  to = google_container_analysis_occurrence.default
}
```

When using the [`terraform import` command](https://developer.hashicorp.com/terraform/cli/commands/import), Occurrence can be imported using one of the formats above. For example:

```
$ terraform import google_container_analysis_occurrence.default projects/{{project}}/occurrences/{{name}}
$ terraform import google_container_analysis_occurrence.default {{project}}/{{name}}
$ terraform import google_container_analysis_occurrence.default {{name}}
```

## User Project Overrides

This resource supports [User Project Overrides](https://registry.terraform.io/providers/hashicorp/google/latest/docs/guides/provider_reference#user_project_override).