Class ContainerAnalysisClient (2.0.0)

ContainerAnalysisClient(*, credentials: google.auth.credentials.Credentials = None, transport: Union[str, google.cloud.devtools.containeranalysis_v1.services.container_analysis.transports.base.ContainerAnalysisTransport] = None, client_options: <module 'google.api_core.client_options' from '/workspace/python-containeranalysis/.nox/docfx/lib/python3.9/site-packages/google/api_core/client_options.py'> = None)

Retrieves analysis results of Cloud components such as Docker container images. The Container Analysis API is an implementation of the Grafeas <https://grafeas.io>__ API.

Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note.

For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

Methods

ContainerAnalysisClient

ContainerAnalysisClient(*, credentials: google.auth.credentials.Credentials = None, transport: Union[str, google.cloud.devtools.containeranalysis_v1.services.container_analysis.transports.base.ContainerAnalysisTransport] = None, client_options: <module 'google.api_core.client_options' from '/workspace/python-containeranalysis/.nox/docfx/lib/python3.9/site-packages/google/api_core/client_options.py'> = None)

Instantiate the container analysis client.

Parameters
NameDescription
credentials Optional[google.auth.credentials.Credentials]

The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment.

transport Union[str, .ContainerAnalysisTransport]

The transport to use. If set to None, a transport is chosen automatically.

client_options ClientOptions

Custom options for the client. It won't take effect if a transport instance is provided. (1) The api_endpoint property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS environment variable can also be used to override the endpoint: "always" (always use the default mTLS endpoint), "never" (always use the default regular endpoint, this is the default value for the environment variable) and "auto" (auto switch to the default mTLS endpoint if client SSL credentials is present). However, the api_endpoint property takes precedence if provided. (2) The client_cert_source property is used to provide client SSL credentials for mutual TLS transport. If not provided, the default SSL credentials will be used if present.

Exceptions
TypeDescription
google.auth.exceptions.MutualTLSChannelErrorIf mutual TLS transport creation failed for any reason.

from_service_account_file

from_service_account_file(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
NameDescription
filename str

The path to the service account private key json file.

Returns
TypeDescription
{@api.name}The constructed client.

from_service_account_json

from_service_account_json(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
NameDescription
filename str

The path to the service account private key json file.

Returns
TypeDescription
{@api.name}The constructed client.

get_iam_policy

get_iam_policy(request: Optional[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest] = None, *, resource: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Gets the access control policy for a note or an occurrence resource. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or occurrence, respectively.

The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences.

Parameters
NameDescription
request .iam_policy.GetIamPolicyRequest

The request object. Request message for GetIamPolicy method.

resource str

REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the resource field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
.policy.PolicyDefines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** :: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" ::="" bindings:="" -="" members:="" -="" user:mike@example.com="" -="" group:admins@example.com="" -="" domain:google.com="" -="" serviceaccount:my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="">IAM developer's guide __.

set_iam_policy

set_iam_policy(request: Optional[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest] = None, *, resource: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Sets the access control policy on the specified note or occurrence. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or an occurrence, respectively.

The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences.

Parameters
NameDescription
request .iam_policy.SetIamPolicyRequest

The request object. Request message for SetIamPolicy method.

resource str

REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. This corresponds to the resource field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
.policy.PolicyDefines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings. A binding binds one or more members to a single role. Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition, which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** :: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" ::="" bindings:="" -="" members:="" -="" user:mike@example.com="" -="" group:admins@example.com="" -="" domain:google.com="" -="" serviceaccount:my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="">IAM developer's guide __.

test_iam_permissions

test_iam_permissions(request: Optional[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest] = None, *, resource: Optional[str] = None, permissions: Optional[Sequence[str]] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())

Returns the permissions that a caller has on the specified note or occurrence. Requires list permission on the project (for example, containeranalysis.notes.list).

The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences.

Parameters
NameDescription
request .iam_policy.TestIamPermissionsRequest

The request object. Request message for TestIamPermissions method.

resource str

REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the resource field on the request instance; if request is provided, this should not be set.

permissions :class:Sequence[str]

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview https://cloud.google.com/iam/docs/overview#permissions__. This corresponds to the permissions field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
.iam_policy.TestIamPermissionsResponseResponse message for TestIamPermissions method.