Class ContainerAnalysisClient (2.11.0)

ContainerAnalysisClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.devtools.containeranalysis_v1.services.container_analysis.transports.base.ContainerAnalysisTransport]] = None, client_options: Optional[Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)

Retrieves analysis results of Cloud components such as Docker container images. The Container Analysis API is an implementation of the Grafeas <https://grafeas.io>__ API.

Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note.

For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

Properties

transport

Returns the transport used by the client instance.

Returns
TypeDescription
ContainerAnalysisTransportThe transport used by the client instance.

Methods

ContainerAnalysisClient

ContainerAnalysisClient(*, credentials: Optional[google.auth.credentials.Credentials] = None, transport: Optional[Union[str, google.cloud.devtools.containeranalysis_v1.services.container_analysis.transports.base.ContainerAnalysisTransport]] = None, client_options: Optional[Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)

Instantiates the container analysis client.

Parameters
NameDescription
credentials Optional[google.auth.credentials.Credentials]

The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment.

transport Union[str, ContainerAnalysisTransport]

The transport to use. If set to None, a transport is chosen automatically.

client_options Optional[Union[google.api_core.client_options.ClientOptions, dict]]

Custom options for the client. It won't take effect if a transport instance is provided. (1) The api_endpoint property can be used to override the default endpoint provided by the client. GOOGLE_API_USE_MTLS_ENDPOINT environment variable can also be used to override the endpoint: "always" (always use the default mTLS endpoint), "never" (always use the default regular endpoint) and "auto" (auto switch to the default mTLS endpoint if client certificate is present, this is the default value). However, the api_endpoint property takes precedence if provided. (2) If GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "true", then the client_cert_source property can be used to provide client certificate for mutual TLS transport. If not provided, the default SSL client certificate will be used if present. If GOOGLE_API_USE_CLIENT_CERTIFICATE is "false" or not set, no client certificate will be used.

client_info google.api_core.gapic_v1.client_info.ClientInfo

The client info used to send a user-agent string along with API requests. If None, then default info will be used. Generally, you only need to set this if you're developing your own client library.

Exceptions
TypeDescription
google.auth.exceptions.MutualTLSChannelErrorIf mutual TLS transport creation failed for any reason.

__exit__

__exit__(type, value, traceback)

Releases underlying transport's resources.

common_billing_account_path

common_billing_account_path(billing_account: str)

Returns a fully-qualified billing_account string.

common_folder_path

common_folder_path(folder: str)

Returns a fully-qualified folder string.

common_location_path

common_location_path(project: str, location: str)

Returns a fully-qualified location string.

common_organization_path

common_organization_path(organization: str)

Returns a fully-qualified organization string.

common_project_path

common_project_path(project: str)

Returns a fully-qualified project string.

from_service_account_file

from_service_account_file(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
NameDescription
filename str

The path to the service account private key json file.

Returns
TypeDescription
ContainerAnalysisClientThe constructed client.

from_service_account_info

from_service_account_info(info: dict, *args, **kwargs)

Creates an instance of this client using the provided credentials info.

Parameter
NameDescription
info dict

The service account private key info.

Returns
TypeDescription
ContainerAnalysisClientThe constructed client.

from_service_account_json

from_service_account_json(filename: str, *args, **kwargs)

Creates an instance of this client using the provided credentials file.

Parameter
NameDescription
filename str

The path to the service account private key json file.

Returns
TypeDescription
ContainerAnalysisClientThe constructed client.

get_iam_policy

get_iam_policy(request: Optional[Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]] = None, *, resource: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())

Gets the access control policy for a note or an occurrence resource. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or occurrence, respectively.

The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud.devtools import containeranalysis_v1
from google.iam.v1 import iam_policy_pb2  # type: ignore

def sample_get_iam_policy():
    # Create a client
    client = containeranalysis_v1.ContainerAnalysisClient()

    # Initialize request argument(s)
    request = iam_policy_pb2.GetIamPolicyRequest(
        resource="resource_value",
    )

    # Make the request
    response = client.get_iam_policy(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]

The request object. Request message for GetIamPolicy method.

resource str

REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the resource field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.iam.v1.policy_pb2.PolicyAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ],="" "etag":="" "bwwwja0yfja=", " version":="" 3="" }="" **yaml="" example:**="" bindings:="" -="" members:="" -="" user:\="" mike@example.com="" -="" group:\="" admins@example.com="" -="" domain:google.com="" -="" serviceaccount:\="" my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:\="" eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" etag:="" bwwwja0yfja="version:" 3="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="" [iam="" documentation](\="">

get_mtls_endpoint_and_cert_source

get_mtls_endpoint_and_cert_source(
    client_options: Optional[google.api_core.client_options.ClientOptions] = None,
)

Return the API endpoint and client cert source for mutual TLS.

The client cert source is determined in the following order: (1) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is not "true", the client cert source is None. (2) if client_options.client_cert_source is provided, use the provided one; if the default client cert source exists, use the default one; otherwise the client cert source is None.

The API endpoint is determined in the following order: (1) if client_options.api_endpoint if provided, use the provided one. (2) if GOOGLE_API_USE_CLIENT_CERTIFICATE environment variable is "always", use the default mTLS endpoint; if the environment variable is "never", use the default API endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise use the default API endpoint.

More details can be found at https://google.aip.dev/auth/4114.

Parameter
NameDescription
client_options google.api_core.client_options.ClientOptions

Custom options for the client. Only the api_endpoint and client_cert_source properties may be used in this method.

Exceptions
TypeDescription
google.auth.exceptions.MutualTLSChannelErrorIf any errors happen.
Returns
TypeDescription
Tuple[str, Callable[[], Tuple[bytes, bytes]]]returns the API endpoint and the client cert source to use.

get_vulnerability_occurrences_summary

get_vulnerability_occurrences_summary(request: Optional[Union[google.cloud.devtools.containeranalysis_v1.types.containeranalysis.GetVulnerabilityOccurrencesSummaryRequest, dict]] = None, *, parent: Optional[str] = None, filter: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())

Gets a summary of the number and severity of occurrences.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud.devtools import containeranalysis_v1

def sample_get_vulnerability_occurrences_summary():
    # Create a client
    client = containeranalysis_v1.ContainerAnalysisClient()

    # Initialize request argument(s)
    request = containeranalysis_v1.GetVulnerabilityOccurrencesSummaryRequest(
        parent="parent_value",
    )

    # Make the request
    response = client.get_vulnerability_occurrences_summary(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.cloud.devtools.containeranalysis_v1.types.GetVulnerabilityOccurrencesSummaryRequest, dict]

The request object. Request to get a vulnerability summary for some set of occurrences.

parent str

Required. The name of the project to get a vulnerability summary for in the form of projects/[PROJECT_ID]. This corresponds to the parent field on the request instance; if request is provided, this should not be set.

filter str

The filter expression. This corresponds to the filter field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.cloud.devtools.containeranalysis_v1.types.VulnerabilityOccurrencesSummaryA summary of how many vulnerability occurrences there are per resource and severity type.

parse_common_billing_account_path

parse_common_billing_account_path(path: str)

Parse a billing_account path into its component segments.

parse_common_folder_path

parse_common_folder_path(path: str)

Parse a folder path into its component segments.

parse_common_location_path

parse_common_location_path(path: str)

Parse a location path into its component segments.

parse_common_organization_path

parse_common_organization_path(path: str)

Parse a organization path into its component segments.

parse_common_project_path

parse_common_project_path(path: str)

Parse a project path into its component segments.

set_iam_policy

set_iam_policy(request: Optional[Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]] = None, *, resource: Optional[str] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())

Sets the access control policy on the specified note or occurrence. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or an occurrence, respectively.

The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud.devtools import containeranalysis_v1
from google.iam.v1 import iam_policy_pb2  # type: ignore

def sample_set_iam_policy():
    # Create a client
    client = containeranalysis_v1.ContainerAnalysisClient()

    # Initialize request argument(s)
    request = iam_policy_pb2.SetIamPolicyRequest(
        resource="resource_value",
    )

    # Make the request
    response = client.set_iam_policy(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]

The request object. Request message for SetIamPolicy method.

resource str

REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. This corresponds to the resource field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.iam.v1.policy_pb2.PolicyAn Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ],="" "etag":="" "bwwwja0yfja=", " version":="" 3="" }="" **yaml="" example:**="" bindings:="" -="" members:="" -="" user:\="" mike@example.com="" -="" group:\="" admins@example.com="" -="" domain:google.com="" -="" serviceaccount:\="" my-project-id@appspot.gserviceaccount.com="" role:="" roles/resourcemanager.organizationadmin="" -="" members:="" -="" user:\="" eve@example.com="" role:="" roles/resourcemanager.organizationviewer="" condition:="" title:="" expirable="" access="" description:="" does="" not="" grant="" access="" after="" sep="" 2020="" expression:="" request.time="">< timestamp('2020-10-01t00:00:00.000z')="" etag:="" bwwwja0yfja="version:" 3="" for="" a="" description="" of="" iam="" and="" its="" features,="" see="" the="" [iam="" documentation](\="">

test_iam_permissions

test_iam_permissions(request: Optional[Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]] = None, *, resource: Optional[str] = None, permissions: Optional[MutableSequence[str]] = None, retry: Union[google.api_core.retry.Retry, google.api_core.gapic_v1.method._MethodDefault] = <_MethodDefault._DEFAULT_VALUE: <object object>>, timeout: Union[float, object] = <_MethodDefault._DEFAULT_VALUE: <object object>>, metadata: Sequence[Tuple[str, str]] = ())

Returns the permissions that a caller has on the specified note or occurrence. Requires list permission on the project (for example, containeranalysis.notes.list).

The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences.

# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
#   client as shown in:
#   https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud.devtools import containeranalysis_v1
from google.iam.v1 import iam_policy_pb2  # type: ignore

def sample_test_iam_permissions():
    # Create a client
    client = containeranalysis_v1.ContainerAnalysisClient()

    # Initialize request argument(s)
    request = iam_policy_pb2.TestIamPermissionsRequest(
        resource="resource_value",
        permissions=['permissions_value1', 'permissions_value2'],
    )

    # Make the request
    response = client.test_iam_permissions(request=request)

    # Handle the response
    print(response)
Parameters
NameDescription
request Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]

The request object. Request message for TestIamPermissions method.

resource str

REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the resource field on the request instance; if request is provided, this should not be set.

permissions MutableSequence[str]

The set of permissions to check for the resource. Permissions with wildcards (such as '' or 'storage.') are not allowed. For more information see IAM Overview https://cloud.google.com/iam/docs/overview#permissions__. This corresponds to the permissions field on the request instance; if request is provided, this should not be set.

retry google.api_core.retry.Retry

Designation of what errors, if any, should be retried.

timeout float

The timeout for this request.

metadata Sequence[Tuple[str, str]]

Strings which should be sent along with the request as metadata.

Returns
TypeDescription
google.iam.v1.iam_policy_pb2.TestIamPermissionsResponseResponse message for TestIamPermissions method.