Class BinauthzManagementServiceV1Client (1.5.1)

BinauthzManagementServiceV1Client(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.base.BinauthzManagementServiceV1Transport]] = None, client_options: Optional[Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)

Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.

This API implements a REST model with the following objects:

  • Policy
  • Attestor

Properties

transport

Returns the transport used by the client instance.

Returns
TypeDescription
BinauthzManagementServiceV1TransportThe transport used by the client instance.

Methods

BinauthzManagementServiceV1Client

BinauthzManagementServiceV1Client(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.base.BinauthzManagementServiceV1Transport]] = None, client_options: Optional[Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)

Instantiates the binauthz management service v1 client.

Parameters
NameDescription
credentials Optional[google.auth.credentials.Credentials]

The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment.

transport Union[str, BinauthzManagementServiceV1Transport]

The transport to use. If set to None, a transport is chosen automatically.

client_options Optional[Union[google.api_core.client_options.ClientOptions, dict]]

Custom options for the client. It won't take effect if a transport instance is provided. (1) The api_endpoint property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT environment variable can also be used to override the endpoint: "always" (always use the default mTLS endpoint), "never" (always use the default regular endpoint) and "auto" (auto switch to the default mTLS endpoint if client certificate is present, this is the default value). However, the api_endpoint property takes precedence if provided. (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "true", then the client_cert_source property can be used to provide client certificate for mutual TLS transport. If not provided, the default SSL client certificate will be used if present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not set, no client certificate will be used.

client_info google.api_core.gapic_v1.client_info.ClientInfo

The client info used to send a user-agent string along with API requests. If None, then default info will be used. Generally, you only need to set this if you're developing your own client library.

Exceptions
TypeDescription
google.auth.exceptions.MutualTLSChannelErrorIf mutual TLS transport creation failed for any reason.

__exit__

__exit__(type, value, traceback)

Releases underlying transport's resources.

attestor_path

attestor_path(project: str, attestor: str)

Returns a fully-qualified attestor string.

common_billing_account_path

common_billing_account_path(billing_account: str)

Returns a fully-qualified billing_account string.

common_folder_path

common_folder_path(folder: str)

Returns a fully-qualified folder string.

common_location_path

common_location_path(project: str, location: str)

Returns a fully-qualified location string.

common_organization_path

common_organization_path(organization: str)

Returns a fully-qualified organization string.

common_project_path

common_project_path(project: str)

Returns a fully-qualified project string.

create_attestor

create_attestor(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.CreateAttestorRequest, dict]] = None, *, parent: Optional[str] = None, attestor_id: Optional[str] = None, attestor: Optional[google.cloud.binaryauthorization_v1.types.resources.Attestor] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())

Creates an xref_attestor, and returns a copy of the new xref_attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the xref_attestor already exists.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1

def sample_create_attestor():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()

    # Initialize request argument(s)
    attestor = binaryauthorization_v1.Attestor()
    attestor.user_owned_grafeas_note.note_reference = "note_reference_value"
    attestor.name = "name_value"

    request = binaryauthorization_v1.CreateAttestorRequest(
        parent="parent_value",
        attestor_id="attestor_id_value",
        attestor=attestor,
    )

    # Make the request
    response = client.create_attestor(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.binaryauthorization_v1.types.CreateAttestorRequest, dict]

The request object. Request message for [BinauthzManagementService.CreateAttestor][].

parent str

Required. The parent of this attestor. This corresponds to the parent field on the request instance; if request is provided, this should not be set.

attestor_id str

Required. The attestors ID. This corresponds to the attestor_id field on the request instance; if request is provided, this should not be set.

attestor google.cloud.binaryauthorization_v1.types.Attestor

Required. The initial attestor value. The service will overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name, in the format projects//attestors/. This corresponds to the attestor field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.binaryauthorization_v1.types.AttestorAn attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

delete_attestor

delete_attestor(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.DeleteAttestorRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())

Deletes an xref_attestor. Returns NOT_FOUND if the xref_attestor does not exist.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1

def sample_delete_attestor():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()

    # Initialize request argument(s)
    request = binaryauthorization_v1.DeleteAttestorRequest(
        name="name_value",
    )

    # Make the request
    client.delete_attestor(request=request)
Parameters
NameDescription
request Union[google.cloud.binaryauthorization_v1.types.DeleteAttestorRequest, dict]

The request object. Request message for [BinauthzManagementService.DeleteAttestor][].

name str

Required. The name of the attestors to delete, in the format projects//attestors/. This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

from_service_account_file

from_service_account_file(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
NameDescription
filename str

The path to the service account private key json file.

Returns
TypeDescription
BinauthzManagementServiceV1ClientThe constructed client.

from_service_account_info

from_service_account_info(info: dict, *args, **kwargs)

Creates an instance of this client using the provided credentials info.

Parameter
NameDescription
info dict

The service account private key info.

Returns
TypeDescription
BinauthzManagementServiceV1ClientThe constructed client.

from_service_account_json

from_service_account_json(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
NameDescription
filename str

The path to the service account private key json file.

Returns
TypeDescription
BinauthzManagementServiceV1ClientThe constructed client.

get_attestor

get_attestor(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.GetAttestorRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())

Gets an xref_attestor. Returns NOT_FOUND if the xref_attestor does not exist.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1

def sample_get_attestor():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()

    # Initialize request argument(s)
    request = binaryauthorization_v1.GetAttestorRequest(
        name="name_value",
    )

    # Make the request
    response = client.get_attestor(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.binaryauthorization_v1.types.GetAttestorRequest, dict]

The request object. Request message for [BinauthzManagementService.GetAttestor][].

name str

Required. The name of the attestor to retrieve, in the format projects//attestors/. This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.binaryauthorization_v1.types.AttestorAn attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

get_mtls_endpoint_and_cert_source

get_mtls_endpoint_and_cert_source(
    client_options: Optional[google.api_core.client_options.ClientOptions] = None,
)

Return the API endpoint and client cert source for mutual TLS.

The client cert source is determined in the following order: (1) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not "true", the client cert source is None. (2) if client_options.client_cert_source is provided, use the provided one; if the default client cert source exists, use the default one; otherwise the client cert source is None.

The API endpoint is determined in the following order: (1) if client_options.api_endpoint if provided, use the provided one. (2) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "always", use the default mTLS endpoint; if the environment variable is "never", use the default API endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise use the default API endpoint.

More details can be found at https://google.aip.dev/auth/4114.

Parameter
NameDescription
client_options google.api_core.client_options.ClientOptions

Custom options for the client. Only the api_endpoint and client_cert_source properties may be used in this method.

Exceptions
TypeDescription
google.auth.exceptions.MutualTLSChannelErrorIf any errors happen.
Returns
TypeDescription
Tuple[str, Callable[[], Tuple[bytes, bytes]]]returns the API endpoint and the client cert source to use.

get_policy

get_policy(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.GetPolicyRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())

A xref_policy specifies the xref_attestors that must attest to a container image, before the project is allowed to deploy that image. There is at most one policy per project. All image admission requests are permitted if a project has no policy.

Gets the xref_policy for this project. Returns a default xref_policy if the project does not have one.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1

def sample_get_policy():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()

    # Initialize request argument(s)
    request = binaryauthorization_v1.GetPolicyRequest(
        name="name_value",
    )

    # Make the request
    response = client.get_policy(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.binaryauthorization_v1.types.GetPolicyRequest, dict]

The request object. Request message for [BinauthzManagementService.GetPolicy][].

name str

Required. The resource name of the policy to retrieve, in the format projects/*/policy. This corresponds to the name field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.binaryauthorization_v1.types.PolicyA policy for container image binary authorization.

list_attestors

list_attestors(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.ListAttestorsRequest, dict]] = None, *, parent: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())

Lists xref_attestors. Returns INVALID_ARGUMENT if the project does not exist.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1

def sample_list_attestors():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()

    # Initialize request argument(s)
    request = binaryauthorization_v1.ListAttestorsRequest(
        parent="parent_value",
    )

    # Make the request
    page_result = client.list_attestors(request=request)

    # Handle the response
    for response in page_result:
        print(response)
Parameters
NameDescription
request Union[google.cloud.binaryauthorization_v1.types.ListAttestorsRequest, dict]

The request object. Request message for [BinauthzManagementService.ListAttestors][].

parent str

Required. The resource name of the project associated with the attestors, in the format projects/*. This corresponds to the parent field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.pagers.ListAttestorsPagerResponse message for [BinauthzManagementService.ListAttestors][]. Iterating over this object will yield results and resolve additional pages automatically.

parse_attestor_path

parse_attestor_path(path: str)

Parses a attestor path into its component segments.

parse_common_billing_account_path

parse_common_billing_account_path(path: str)

Parse a billing_account path into its component segments.

parse_common_folder_path

parse_common_folder_path(path: str)

Parse a folder path into its component segments.

parse_common_location_path

parse_common_location_path(path: str)

Parse a location path into its component segments.

parse_common_organization_path

parse_common_organization_path(path: str)

Parse a organization path into its component segments.

parse_common_project_path

parse_common_project_path(path: str)

Parse a project path into its component segments.

parse_policy_path

parse_policy_path(path: str)

Parses a policy path into its component segments.

policy_path

policy_path(project: str)

Returns a fully-qualified policy string.

update_attestor

update_attestor(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.UpdateAttestorRequest, dict]] = None, *, attestor: Optional[google.cloud.binaryauthorization_v1.types.resources.Attestor] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())

Updates an xref_attestor. Returns NOT_FOUND if the xref_attestor does not exist.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1

def sample_update_attestor():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()

    # Initialize request argument(s)
    attestor = binaryauthorization_v1.Attestor()
    attestor.user_owned_grafeas_note.note_reference = "note_reference_value"
    attestor.name = "name_value"

    request = binaryauthorization_v1.UpdateAttestorRequest(
        attestor=attestor,
    )

    # Make the request
    response = client.update_attestor(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.binaryauthorization_v1.types.UpdateAttestorRequest, dict]

The request object. Request message for [BinauthzManagementService.UpdateAttestor][].

attestor google.cloud.binaryauthorization_v1.types.Attestor

Required. The updated attestor value. The service will overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name in the request URL, in the format projects//attestors/. This corresponds to the attestor field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.binaryauthorization_v1.types.AttestorAn attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated.

update_policy

update_policy(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.UpdatePolicyRequest, dict]] = None, *, policy: Optional[google.cloud.binaryauthorization_v1.types.resources.Policy] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())

Creates or updates a project's xref_policy, and returns a copy of the new xref_policy. A policy is always updated as a whole, to avoid race conditions with concurrent policy enforcement (or management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1

def sample_update_policy():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()

    # Initialize request argument(s)
    policy = binaryauthorization_v1.Policy()
    policy.default_admission_rule.evaluation_mode = "ALWAYS_DENY"
    policy.default_admission_rule.enforcement_mode = "DRYRUN_AUDIT_LOG_ONLY"

    request = binaryauthorization_v1.UpdatePolicyRequest(
        policy=policy,
    )

    # Make the request
    response = client.update_policy(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.binaryauthorization_v1.types.UpdatePolicyRequest, dict]

The request object. Request message for [BinauthzManagementService.UpdatePolicy][].

policy google.cloud.binaryauthorization_v1.types.Policy

Required. A new or updated policy value. The service will overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in the request URL, in the format projects/*/policy. This corresponds to the policy field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.binaryauthorization_v1.types.PolicyA policy for container image binary authorization.