BinauthzManagementServiceV1Client(*, credentials: typing.Optional[google.auth.credentials.Credentials] = None, transport: typing.Optional[typing.Union[str, google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.base.BinauthzManagementServiceV1Transport, typing.Callable[[...], google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.base.BinauthzManagementServiceV1Transport]]] = None, client_options: typing.Optional[typing.Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)Google Cloud Management Service for Binary Authorization admission policies and attestation authorities.
This API implements a REST model with the following objects:
- Policy
- Attestor
Properties
api_endpoint
Return the API endpoint used by the client instance.
| Returns | |
|---|---|
| Type | Description | 
| str | The API endpoint used by the client instance. | 
transport
Returns the transport used by the client instance.
| Returns | |
|---|---|
| Type | Description | 
| BinauthzManagementServiceV1Transport | The transport used by the client instance. | 
universe_domain
Return the universe domain used by the client instance.
| Returns | |
|---|---|
| Type | Description | 
| str | The universe domain used by the client instance. | 
Methods
BinauthzManagementServiceV1Client
BinauthzManagementServiceV1Client(*, credentials: typing.Optional[google.auth.credentials.Credentials] = None, transport: typing.Optional[typing.Union[str, google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.base.BinauthzManagementServiceV1Transport, typing.Callable[[...], google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.transports.base.BinauthzManagementServiceV1Transport]]] = None, client_options: typing.Optional[typing.Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)Instantiates the binauthz management service v1 client.
| Parameters | |
|---|---|
| Name | Description | 
| credentials | Optional[google.auth.credentials.Credentials]The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. | 
| transport | Optional[Union[str,BinauthzManagementServiceV1Transport,Callable[..., BinauthzManagementServiceV1Transport]]]The transport to use, or a Callable that constructs and returns a new transport. If a Callable is given, it will be called with the same set of initialization arguments as used in the BinauthzManagementServiceV1Transport constructor. If set to None, a transport is chosen automatically. | 
| client_options | Optional[Union[google.api_core.client_options.ClientOptions, dict]]Custom options for the client. 1. The  | 
| client_info | google.api_core.gapic_v1.client_info.ClientInfoThe client info used to send a user-agent string along with API requests. If  | 
| Exceptions | |
|---|---|
| Type | Description | 
| google.auth.exceptions.MutualTLSChannelError | If mutual TLS transport creation failed for any reason. | 
__exit__
__exit__(type, value, traceback)Releases underlying transport's resources.
attestor_path
attestor_path(project: str, attestor: str) -> strReturns a fully-qualified attestor string.
common_billing_account_path
common_billing_account_path(billing_account: str) -> strReturns a fully-qualified billing_account string.
common_folder_path
common_folder_path(folder: str) -> strReturns a fully-qualified folder string.
common_location_path
common_location_path(project: str, location: str) -> strReturns a fully-qualified location string.
common_organization_path
common_organization_path(organization: str) -> strReturns a fully-qualified organization string.
common_project_path
common_project_path(project: str) -> strReturns a fully-qualified project string.
create_attestor
create_attestor(
    request: typing.Optional[
        typing.Union[
            google.cloud.binaryauthorization_v1.types.service.CreateAttestorRequest,
            dict,
        ]
    ] = None,
    *,
    parent: typing.Optional[str] = None,
    attestor_id: typing.Optional[str] = None,
    attestor: typing.Optional[
        google.cloud.binaryauthorization_v1.types.resources.Attestor
    ] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.cloud.binaryauthorization_v1.types.resources.AttestorCreates an xref_attestor, and returns a copy of the new xref_attestor. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed, ALREADY_EXISTS if the xref_attestor already exists.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_create_attestor():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
    # Initialize request argument(s)
    attestor = binaryauthorization_v1.Attestor()
    attestor.user_owned_grafeas_note.note_reference = "note_reference_value"
    attestor.name = "name_value"
    request = binaryauthorization_v1.CreateAttestorRequest(
        parent="parent_value",
        attestor_id="attestor_id_value",
        attestor=attestor,
    )
    # Make the request
    response = client.create_attestor(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.binaryauthorization_v1.types.CreateAttestorRequest, dict]The request object. Request message for [BinauthzManagementService.CreateAttestor][]. | 
| parent | strRequired. The parent of this attestor. This corresponds to the  | 
| attestor_id | strRequired. The attestors ID. This corresponds to the  | 
| attestor | google.cloud.binaryauthorization_v1.types.AttestorRequired. The initial attestor value. The service will overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name, in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, Union[str, bytes]]]Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type  | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.binaryauthorization_v1.types.Attestor | An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated. | 
delete_attestor
delete_attestor(
    request: typing.Optional[
        typing.Union[
            google.cloud.binaryauthorization_v1.types.service.DeleteAttestorRequest,
            dict,
        ]
    ] = None,
    *,
    name: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> NoneDeletes an xref_attestor. Returns NOT_FOUND if the xref_attestor does not exist.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_delete_attestor():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
    # Initialize request argument(s)
    request = binaryauthorization_v1.DeleteAttestorRequest(
        name="name_value",
    )
    # Make the request
    client.delete_attestor(request=request)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.binaryauthorization_v1.types.DeleteAttestorRequest, dict]The request object. Request message for [BinauthzManagementService.DeleteAttestor][]. | 
| name | strRequired. The name of the attestors to delete, in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, Union[str, bytes]]]Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type  | 
from_service_account_file
from_service_account_file(filename: str, *args, **kwargs)Creates an instance of this client using the provided credentials file.
| Parameter | |
|---|---|
| Name | Description | 
| filename | strThe path to the service account private key json file. | 
| Returns | |
|---|---|
| Type | Description | 
| BinauthzManagementServiceV1Client | The constructed client. | 
from_service_account_info
from_service_account_info(info: dict, *args, **kwargs)Creates an instance of this client using the provided credentials info.
| Parameter | |
|---|---|
| Name | Description | 
| info | dictThe service account private key info. | 
| Returns | |
|---|---|
| Type | Description | 
| BinauthzManagementServiceV1Client | The constructed client. | 
from_service_account_json
from_service_account_json(filename: str, *args, **kwargs)Creates an instance of this client using the provided credentials file.
| Parameter | |
|---|---|
| Name | Description | 
| filename | strThe path to the service account private key json file. | 
| Returns | |
|---|---|
| Type | Description | 
| BinauthzManagementServiceV1Client | The constructed client. | 
get_attestor
get_attestor(
    request: typing.Optional[
        typing.Union[
            google.cloud.binaryauthorization_v1.types.service.GetAttestorRequest, dict
        ]
    ] = None,
    *,
    name: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.cloud.binaryauthorization_v1.types.resources.AttestorGets an xref_attestor. Returns NOT_FOUND if the xref_attestor does not exist.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_get_attestor():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
    # Initialize request argument(s)
    request = binaryauthorization_v1.GetAttestorRequest(
        name="name_value",
    )
    # Make the request
    response = client.get_attestor(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.binaryauthorization_v1.types.GetAttestorRequest, dict]The request object. Request message for [BinauthzManagementService.GetAttestor][]. | 
| name | strRequired. The name of the attestor to retrieve, in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, Union[str, bytes]]]Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type  | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.binaryauthorization_v1.types.Attestor | An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated. | 
get_mtls_endpoint_and_cert_source
get_mtls_endpoint_and_cert_source(
    client_options: typing.Optional[
        google.api_core.client_options.ClientOptions
    ] = None,
)Deprecated. Return the API endpoint and client cert source for mutual TLS.
The client cert source is determined in the following order:
(1) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not "true", the
client cert source is None.
(2) if client_options.client_cert_source is provided, use the provided one; if the
default client cert source exists, use the default one; otherwise the client cert
source is None.
The API endpoint is determined in the following order:
(1) if client_options.api_endpoint if provided, use the provided one.
(2) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "always", use the
default mTLS endpoint; if the environment variable is "never", use the default API
endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
use the default API endpoint.
More details can be found at https://google.aip.dev/auth/4114.
| Parameter | |
|---|---|
| Name | Description | 
| client_options | google.api_core.client_options.ClientOptionsCustom options for the client. Only the  | 
| Exceptions | |
|---|---|
| Type | Description | 
| google.auth.exceptions.MutualTLSChannelError | If any errors happen. | 
| Returns | |
|---|---|
| Type | Description | 
| Tuple[str, Callable[[], Tuple[bytes, bytes]]] | returns the API endpoint and the client cert source to use. | 
get_policy
get_policy(
    request: typing.Optional[
        typing.Union[
            google.cloud.binaryauthorization_v1.types.service.GetPolicyRequest, dict
        ]
    ] = None,
    *,
    name: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.cloud.binaryauthorization_v1.types.resources.PolicyA xref_policy specifies the xref_attestors that must attest to a container image, before the project is allowed to deploy that image. There is at most one policy per project. All image admission requests are permitted if a project has no policy.
Gets the xref_policy for this project. Returns a default xref_policy if the project does not have one.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_get_policy():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
    # Initialize request argument(s)
    request = binaryauthorization_v1.GetPolicyRequest(
        name="name_value",
    )
    # Make the request
    response = client.get_policy(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.binaryauthorization_v1.types.GetPolicyRequest, dict]The request object. Request message for [BinauthzManagementService.GetPolicy][]. | 
| name | strRequired. The resource name of the policy to retrieve, in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, Union[str, bytes]]]Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type  | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.binaryauthorization_v1.types.Policy | A policy for container image binary authorization. | 
list_attestors
list_attestors(
    request: typing.Optional[
        typing.Union[
            google.cloud.binaryauthorization_v1.types.service.ListAttestorsRequest, dict
        ]
    ] = None,
    *,
    parent: typing.Optional[str] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> (
    google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.pagers.ListAttestorsPager
)Lists xref_attestors. Returns INVALID_ARGUMENT if the project does not exist.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_list_attestors():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
    # Initialize request argument(s)
    request = binaryauthorization_v1.ListAttestorsRequest(
        parent="parent_value",
    )
    # Make the request
    page_result = client.list_attestors(request=request)
    # Handle the response
    for response in page_result:
        print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.binaryauthorization_v1.types.ListAttestorsRequest, dict]The request object. Request message for [BinauthzManagementService.ListAttestors][]. | 
| parent | strRequired. The resource name of the project associated with the attestors, in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, Union[str, bytes]]]Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type  | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.binaryauthorization_v1.services.binauthz_management_service_v1.pagers.ListAttestorsPager | Response message for [BinauthzManagementService.ListAttestors][]. Iterating over this object will yield results and resolve additional pages automatically. | 
parse_attestor_path
parse_attestor_path(path: str) -> typing.Dict[str, str]Parses a attestor path into its component segments.
parse_common_billing_account_path
parse_common_billing_account_path(path: str) -> typing.Dict[str, str]Parse a billing_account path into its component segments.
parse_common_folder_path
parse_common_folder_path(path: str) -> typing.Dict[str, str]Parse a folder path into its component segments.
parse_common_location_path
parse_common_location_path(path: str) -> typing.Dict[str, str]Parse a location path into its component segments.
parse_common_organization_path
parse_common_organization_path(path: str) -> typing.Dict[str, str]Parse a organization path into its component segments.
parse_common_project_path
parse_common_project_path(path: str) -> typing.Dict[str, str]Parse a project path into its component segments.
parse_policy_path
parse_policy_path(path: str) -> typing.Dict[str, str]Parses a policy path into its component segments.
policy_path
policy_path(project: str) -> strReturns a fully-qualified policy string.
update_attestor
update_attestor(
    request: typing.Optional[
        typing.Union[
            google.cloud.binaryauthorization_v1.types.service.UpdateAttestorRequest,
            dict,
        ]
    ] = None,
    *,
    attestor: typing.Optional[
        google.cloud.binaryauthorization_v1.types.resources.Attestor
    ] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.cloud.binaryauthorization_v1.types.resources.AttestorUpdates an xref_attestor. Returns NOT_FOUND if the xref_attestor does not exist.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_update_attestor():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
    # Initialize request argument(s)
    attestor = binaryauthorization_v1.Attestor()
    attestor.user_owned_grafeas_note.note_reference = "note_reference_value"
    attestor.name = "name_value"
    request = binaryauthorization_v1.UpdateAttestorRequest(
        attestor=attestor,
    )
    # Make the request
    response = client.update_attestor(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.binaryauthorization_v1.types.UpdateAttestorRequest, dict]The request object. Request message for [BinauthzManagementService.UpdateAttestor][]. | 
| attestor | google.cloud.binaryauthorization_v1.types.AttestorRequired. The updated attestor value. The service will overwrite the [attestor name][google.cloud.binaryauthorization.v1.Attestor.name] field with the resource name in the request URL, in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, Union[str, bytes]]]Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type  | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.binaryauthorization_v1.types.Attestor | An attestor that attests to container image artifacts. An existing attestor cannot be modified except where indicated. | 
update_policy
update_policy(
    request: typing.Optional[
        typing.Union[
            google.cloud.binaryauthorization_v1.types.service.UpdatePolicyRequest, dict
        ]
    ] = None,
    *,
    policy: typing.Optional[
        google.cloud.binaryauthorization_v1.types.resources.Policy
    ] = None,
    retry: typing.Optional[
        typing.Union[
            google.api_core.retry.retry_unary.Retry,
            google.api_core.gapic_v1.method._MethodDefault,
        ]
    ] = _MethodDefault._DEFAULT_VALUE,
    timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
    metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.cloud.binaryauthorization_v1.types.resources.PolicyCreates or updates a project's xref_policy, and returns a copy of the new xref_policy. A policy is always updated as a whole, to avoid race conditions with concurrent policy enforcement (or management!) requests. Returns NOT_FOUND if the project does not exist, INVALID_ARGUMENT if the request is malformed.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud import binaryauthorization_v1
def sample_update_policy():
    # Create a client
    client = binaryauthorization_v1.BinauthzManagementServiceV1Client()
    # Initialize request argument(s)
    policy = binaryauthorization_v1.Policy()
    policy.default_admission_rule.evaluation_mode = "ALWAYS_DENY"
    policy.default_admission_rule.enforcement_mode = "DRYRUN_AUDIT_LOG_ONLY"
    request = binaryauthorization_v1.UpdatePolicyRequest(
        policy=policy,
    )
    # Make the request
    response = client.update_policy(request=request)
    # Handle the response
    print(response)
| Parameters | |
|---|---|
| Name | Description | 
| request | Union[google.cloud.binaryauthorization_v1.types.UpdatePolicyRequest, dict]The request object. Request message for [BinauthzManagementService.UpdatePolicy][]. | 
| policy | google.cloud.binaryauthorization_v1.types.PolicyRequired. A new or updated policy value. The service will overwrite the [policy name][google.cloud.binaryauthorization.v1.Policy.name] field with the resource name in the request URL, in the format  | 
| retry | google.api_core.retry.RetryDesignation of what errors, if any, should be retried. | 
| timeout | floatThe timeout for this request. | 
| metadata | Sequence[Tuple[str, Union[str, bytes]]]Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type  | 
| Returns | |
|---|---|
| Type | Description | 
| google.cloud.binaryauthorization_v1.types.Policy | A policy for container image binary authorization. |