BinauthzManagementServiceV1Client(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.base.BinauthzManagementServiceV1Transport]] = None, client_options: Optional[Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.
This API implements a REST model with the following objects:
- Policy
- Attestor
Properties
transport
Returns the transport used by the client instance.
Type | Description |
BinauthzManagementServiceV1Transport | The transport used by the client instance. |
Methods
BinauthzManagementServiceV1Client
BinauthzManagementServiceV1Client(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.base.BinauthzManagementServiceV1Transport]] = None, client_options: Optional[Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Instantiates the binauthz management service v1 client.
Name | Description |
credentials |
Optional[google.auth.credentials.Credentials]
The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. |
transport |
Union[str, BinauthzManagementServiceV1Transport]
The transport to use. If set to None, a transport is chosen automatically. |
client_options |
Optional[Union[google.api_core.client_options.ClientOptions, dict]]
Custom options for the client. It won't take effect if a |
client_info |
google.api_core.gapic_v1.client_info.ClientInfo
The client info used to send a user-agent string along with API requests. If |
Type | Description |
google.auth.exceptions.MutualTLSChannelError | If mutual TLS transport creation failed for any reason. |
__exit__
__exit__(type, value, traceback)
Releases underlying transport's resources.
attestor_path
attestor_path(project: str, attestor: str)
Returns a fully-qualified attestor string.
common_billing_account_path
common_billing_account_path(billing_account: str)
Returns a fully-qualified billing_account string.
common_folder_path
common_folder_path(folder: str)
Returns a fully-qualified folder string.
common_location_path
common_location_path(project: str, location: str)
Returns a fully-qualified location string.
common_organization_path
common_organization_path(organization: str)
Returns a fully-qualified organization string.
common_project_path
common_project_path(project: str)
Returns a fully-qualified project string.
create_attestor
create_attestor(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.CreateAttestorRequest, dict]] = None, *, parent: Optional[str] = None, attestor_id: Optional[str] = None, attestor: Optional[google.cloud.binaryauthorization_v1.types.resources.Attestor] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())
Creates an xref_attestor, and returns a copy of the new xref_attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the xref_attestor already exists.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_create_attestor():
# Create a client
client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
# Initialize request argument(s)
attestor = binaryauthorization_v1.Attestor()
attestor.user_owned_grafeas_note.note_reference = "note_reference_value"
attestor.name = "name_value"
request = binaryauthorization_v1.CreateAttestorRequest(
parent="parent_value",
attestor_id="attestor_id_value",
attestor=attestor,
)
# Make the request
response = client.create_attestor(request=request)
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.binaryauthorization_v1.types.CreateAttestorRequest, dict]
The request object. Request message for [BinauthzManagementService.CreateAttestor][]. |
parent |
str
Required. The parent of this attestor. This corresponds to the |
attestor_id |
str
Required. The attestors ID. This corresponds to the |
attestor |
google.cloud.binaryauthorization_v1.types.Attestor
Required. The initial attestor value. The service will overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.cloud.binaryauthorization_v1.types.Attestor | An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated. |
delete_attestor
delete_attestor(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.DeleteAttestorRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())
Deletes an xref_attestor. Returns NOT_FOUND if the xref_attestor does not exist.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_delete_attestor():
# Create a client
client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
# Initialize request argument(s)
request = binaryauthorization_v1.DeleteAttestorRequest(
name="name_value",
)
# Make the request
client.delete_attestor(request=request)
Name | Description |
request |
Union[google.cloud.binaryauthorization_v1.types.DeleteAttestorRequest, dict]
The request object. Request message for [BinauthzManagementService.DeleteAttestor][]. |
name |
str
Required. The name of the attestors to delete, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
from_service_account_file
from_service_account_file(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Name | Description |
filename |
str
The path to the service account private key json file. |
Type | Description |
BinauthzManagementServiceV1Client | The constructed client. |
from_service_account_info
from_service_account_info(info: dict, *args, **kwargs)
Creates an instance of this client using the provided credentials info.
Name | Description |
info |
dict
The service account private key info. |
Type | Description |
BinauthzManagementServiceV1Client | The constructed client. |
from_service_account_json
from_service_account_json(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Name | Description |
filename |
str
The path to the service account private key json file. |
Type | Description |
BinauthzManagementServiceV1Client | The constructed client. |
get_attestor
get_attestor(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.GetAttestorRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())
Gets an xref_attestor. Returns NOT_FOUND if the xref_attestor does not exist.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_get_attestor():
# Create a client
client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
# Initialize request argument(s)
request = binaryauthorization_v1.GetAttestorRequest(
name="name_value",
)
# Make the request
response = client.get_attestor(request=request)
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.binaryauthorization_v1.types.GetAttestorRequest, dict]
The request object. Request message for [BinauthzManagementService.GetAttestor][]. |
name |
str
Required. The name of the attestor to retrieve, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.cloud.binaryauthorization_v1.types.Attestor | An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated. |
get_mtls_endpoint_and_cert_source
get_mtls_endpoint_and_cert_source(
client_options: Optional[google.api_core.client_options.ClientOptions] = None,
)
Return the API endpoint and client cert source for mutual TLS.
The client cert source is determined in the following order:
(1) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is not "true", the
client cert source is None.
(2) if client_options.client_cert_source
is provided, use the provided one; if the
default client cert source exists, use the default one; otherwise the client cert
source is None.
The API endpoint is determined in the following order:
(1) if client_options.api_endpoint
if provided, use the provided one.
(2) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is "always", use the
default mTLS endpoint; if the environment variable is "never", use the default API
endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
use the default API endpoint.
More details can be found at https://google.aip.dev/auth/4114.
Name | Description |
client_options |
google.api_core.client_options.ClientOptions
Custom options for the client. Only the |
Type | Description |
google.auth.exceptions.MutualTLSChannelError | If any errors happen. |
Type | Description |
Tuple[str, Callable[[], Tuple[bytes, bytes]]] | returns the API endpoint and the client cert source to use. |
get_policy
get_policy(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.GetPolicyRequest, dict]] = None, *, name: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())
A xref_policy specifies the xref_attestors that must attest to a container image, before the project is allowed to deploy that image. There is at most one policy per project. All image admission requests are permitted if a project has no policy.
Gets the xref_policy for this project. Returns a default xref_policy if the project does not have one.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_get_policy():
# Create a client
client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
# Initialize request argument(s)
request = binaryauthorization_v1.GetPolicyRequest(
name="name_value",
)
# Make the request
response = client.get_policy(request=request)
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.binaryauthorization_v1.types.GetPolicyRequest, dict]
The request object. Request message for [BinauthzManagementService.GetPolicy][]. |
name |
str
Required. The resource name of the policy to retrieve, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.cloud.binaryauthorization_v1.types.Policy | A policy for container image binary authorization. |
list_attestors
list_attestors(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.ListAttestorsRequest, dict]] = None, *, parent: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())
Lists xref_attestors. Returns INVALID_ARGUMENT if the project does not exist.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_list_attestors():
# Create a client
client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
# Initialize request argument(s)
request = binaryauthorization_v1.ListAttestorsRequest(
parent="parent_value",
)
# Make the request
page_result = client.list_attestors(request=request)
# Handle the response
for response in page_result:
print(response)
Name | Description |
request |
Union[google.cloud.binaryauthorization_v1.types.ListAttestorsRequest, dict]
The request object. Request message for [BinauthzManagementService.ListAttestors][]. |
parent |
str
Required. The resource name of the project associated with the attestors, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.pagers.ListAttestorsPager | Response message for [BinauthzManagementService.ListAttestors][]. Iterating over this object will yield results and resolve additional pages automatically. |
parse_attestor_path
parse_attestor_path(path: str)
Parses a attestor path into its component segments.
parse_common_billing_account_path
parse_common_billing_account_path(path: str)
Parse a billing_account path into its component segments.
parse_common_folder_path
parse_common_folder_path(path: str)
Parse a folder path into its component segments.
parse_common_location_path
parse_common_location_path(path: str)
Parse a location path into its component segments.
parse_common_organization_path
parse_common_organization_path(path: str)
Parse a organization path into its component segments.
parse_common_project_path
parse_common_project_path(path: str)
Parse a project path into its component segments.
parse_policy_path
parse_policy_path(path: str)
Parses a policy path into its component segments.
policy_path
policy_path(project: str)
Returns a fully-qualified policy string.
update_attestor
update_attestor(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.UpdateAttestorRequest, dict]] = None, *, attestor: Optional[google.cloud.binaryauthorization_v1.types.resources.Attestor] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())
Updates an xref_attestor. Returns NOT_FOUND if the xref_attestor does not exist.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_update_attestor():
# Create a client
client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
# Initialize request argument(s)
attestor = binaryauthorization_v1.Attestor()
attestor.user_owned_grafeas_note.note_reference = "note_reference_value"
attestor.name = "name_value"
request = binaryauthorization_v1.UpdateAttestorRequest(
attestor=attestor,
)
# Make the request
response = client.update_attestor(request=request)
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.binaryauthorization_v1.types.UpdateAttestorRequest, dict]
The request object. Request message for [BinauthzManagementService.UpdateAttestor][]. |
attestor |
google.cloud.binaryauthorization_v1.types.Attestor
Required. The updated attestor value. The service will overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name in the request URL, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.cloud.binaryauthorization_v1.types.Attestor | An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated. |
update_policy
update_policy(request: Optional[Union[google.cloud.binaryauthorization_v1.types.service.UpdatePolicyRequest, dict]] = None, *, policy: Optional[google.cloud.binaryauthorization_v1.types.resources.Policy] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())
Creates or updates a project's xref_policy, and returns a copy of the new xref_policy. A policy is always updated as a whole, to avoid race conditions with concurrent policy enforcement (or management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_update_policy():
# Create a client
client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
# Initialize request argument(s)
policy = binaryauthorization_v1.Policy()
policy.default_admission_rule.evaluation_mode = "ALWAYS_DENY"
policy.default_admission_rule.enforcement_mode = "DRYRUN_AUDIT_LOG_ONLY"
request = binaryauthorization_v1.UpdatePolicyRequest(
policy=policy,
)
# Make the request
response = client.update_policy(request=request)
# Handle the response
print(response)
Name | Description |
request |
Union[google.cloud.binaryauthorization_v1.types.UpdatePolicyRequest, dict]
The request object. Request message for [BinauthzManagementService.UpdatePolicy][]. |
policy |
google.cloud.binaryauthorization_v1.types.Policy
Required. A new or updated policy value. The service will overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in the request URL, in the format |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Type | Description |
google.cloud.binaryauthorization_v1.types.Policy | A policy for container image binary authorization. |