ContainerAnalysisClient(*, credentials: google.auth.credentials.Credentials = None, transport: Union[str, google.cloud.devtools.containeranalysis_v1.services.container_analysis.transports.base.ContainerAnalysisTransport] = None, client_options: <module 'google.api_core.client_options' from '/workspace/python-containeranalysis/.nox/docfx/lib/python3.9/site-packages/google/api_core/client_options.py'> = None)
Retrieves analysis results of Cloud components such as Docker
container images. The Container Analysis API is an implementation of
the Grafeas <https://grafeas.io>
__ API.
Analysis results are stored as a series of occurrences. An
Occurrence
contains information about a specific analysis
instance on a resource. An occurrence refers to a Note
. A note
contains details describing the analysis and is generally stored in
a separate project, called a Provider
. Multiple occurrences can
refer to the same note.
For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.
Methods
ContainerAnalysisClient
ContainerAnalysisClient(*, credentials: google.auth.credentials.Credentials = None, transport: Union[str, google.cloud.devtools.containeranalysis_v1.services.container_analysis.transports.base.ContainerAnalysisTransport] = None, client_options: <module 'google.api_core.client_options' from '/workspace/python-containeranalysis/.nox/docfx/lib/python3.9/site-packages/google/api_core/client_options.py'> = None)
Instantiate the container analysis client.
Parameters | |
---|---|
Name | Description |
credentials |
Optional[google.auth.credentials.Credentials]
The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. |
transport |
Union[str,
The transport to use. If set to None, a transport is chosen automatically. |
client_options |
ClientOptions
Custom options for the client. It won't take effect if a |
Exceptions | |
---|---|
Type | Description |
google.auth.exceptions.MutualTLSChannelError | If mutual TLS transport creation failed for any reason. |
from_service_account_file
from_service_account_file(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
{@api.name} | The constructed client. |
from_service_account_json
from_service_account_json(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
{@api.name} | The constructed client. |
get_iam_policy
get_iam_policy(request: Optional[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest] = None, *, resource: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Gets the access control policy for a note or an occurrence
resource. Requires containeranalysis.notes.setIamPolicy
or
containeranalysis.occurrences.setIamPolicy
permission if the
resource is a note or occurrence, respectively.
The resource takes the format
projects/[PROJECT_ID]/notes/[NOTE_ID]
for notes and
projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]
for
occurrences.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for |
resource |
REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings . A binding binds one or more members to a single role . Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition , which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** :: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" ::="" bindings:="" -="" members:="" -="" user:mike@example.com="" -="" group:admins@example.com="" -="" domain:google.com="" -="" serviceaccount:my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="">IAM developer's guide __. |
set_iam_policy
set_iam_policy(request: Optional[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest] = None, *, resource: Optional[str] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Sets the access control policy on the specified note or
occurrence. Requires containeranalysis.notes.setIamPolicy
or
containeranalysis.occurrences.setIamPolicy
permission if the
resource is a note or an occurrence, respectively.
The resource takes the format
projects/[PROJECT_ID]/notes/[NOTE_ID]
for notes and
projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]
for
occurrences.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for |
resource |
REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Defines an Identity and Access Management (IAM) policy. It is used to specify access control policies for Cloud Platform resources. A Policy is a collection of bindings . A binding binds one or more members to a single role . Members can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions (defined by IAM or configured by users). A binding can optionally specify a condition , which is a logic expression that further constrains the role binding based on attributes about the request and/or target resource. **JSON Example** :: { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": ["user:eve@example.com"], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ]="" }="" **yaml="" example**="" ::="" bindings:="" -="" members:="" -="" user:mike@example.com="" -="" group:admins@example.com="" -="" domain:google.com="" -="" serviceaccount:my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="">IAM developer's guide __. |
test_iam_permissions
test_iam_permissions(request: Optional[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest] = None, *, resource: Optional[str] = None, permissions: Optional[Sequence[str]] = None, retry: google.api_core.retry.Retry = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Optional[float] = None, metadata: Sequence[Tuple[str, str]] = ())
Returns the permissions that a caller has on the specified note
or occurrence. Requires list permission on the project (for
example, containeranalysis.notes.list
).
The resource takes the format
projects/[PROJECT_ID]/notes/[NOTE_ID]
for notes and
projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]
for
occurrences.
Parameters | |
---|---|
Name | Description |
request |
The request object. Request message for |
resource |
REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the |
permissions |
:class:
The set of permissions to check for the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, str]]
Strings which should be sent along with the request as metadata. |
Returns | |
---|---|
Type | Description |
| Response message for TestIamPermissions method. |