ContainerAnalysisClient(*, credentials: typing.Optional[google.auth.credentials.Credentials] = None, transport: typing.Optional[typing.Union[str, google.cloud.devtools.containeranalysis_v1.services.container_analysis.transports.base.ContainerAnalysisTransport, typing.Callable[[...], google.cloud.devtools.containeranalysis_v1.services.container_analysis.transports.base.ContainerAnalysisTransport]]] = None, client_options: typing.Optional[typing.Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Retrieves analysis results of Cloud components such as Docker
container images. The Container Analysis API is an implementation of
the Grafeas <https://grafeas.io>
__ API.
Analysis results are stored as a series of occurrences. An
Occurrence
contains information about a specific analysis
instance on a resource. An occurrence refers to a Note
. A note
contains details describing the analysis and is generally stored in
a separate project, called a Provider
. Multiple occurrences can
refer to the same note.
For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.
Properties
api_endpoint
Return the API endpoint used by the client instance.
Returns | |
---|---|
Type | Description |
str |
The API endpoint used by the client instance. |
transport
Returns the transport used by the client instance.
Returns | |
---|---|
Type | Description |
ContainerAnalysisTransport |
The transport used by the client instance. |
universe_domain
Return the universe domain used by the client instance.
Returns | |
---|---|
Type | Description |
str |
The universe domain used by the client instance. |
Methods
ContainerAnalysisClient
ContainerAnalysisClient(*, credentials: typing.Optional[google.auth.credentials.Credentials] = None, transport: typing.Optional[typing.Union[str, google.cloud.devtools.containeranalysis_v1.services.container_analysis.transports.base.ContainerAnalysisTransport, typing.Callable[[...], google.cloud.devtools.containeranalysis_v1.services.container_analysis.transports.base.ContainerAnalysisTransport]]] = None, client_options: typing.Optional[typing.Union[google.api_core.client_options.ClientOptions, dict]] = None, client_info: google.api_core.gapic_v1.client_info.ClientInfo = <google.api_core.gapic_v1.client_info.ClientInfo object>)
Instantiates the container analysis client.
Parameters | |
---|---|
Name | Description |
credentials |
Optional[google.auth.credentials.Credentials]
The authorization credentials to attach to requests. These credentials identify the application to the service; if none are specified, the client will attempt to ascertain the credentials from the environment. |
transport |
Optional[Union[str,ContainerAnalysisTransport,Callable[..., ContainerAnalysisTransport]]]
The transport to use, or a Callable that constructs and returns a new transport. If a Callable is given, it will be called with the same set of initialization arguments as used in the ContainerAnalysisTransport constructor. If set to None, a transport is chosen automatically. |
client_options |
Optional[Union[google.api_core.client_options.ClientOptions, dict]]
Custom options for the client. 1. The |
client_info |
google.api_core.gapic_v1.client_info.ClientInfo
The client info used to send a user-agent string along with API requests. If |
Exceptions | |
---|---|
Type | Description |
google.auth.exceptions.MutualTLSChannelError |
If mutual TLS transport creation failed for any reason. |
__exit__
__exit__(type, value, traceback)
Releases underlying transport's resources.
common_billing_account_path
common_billing_account_path(billing_account: str) -> str
Returns a fully-qualified billing_account string.
common_folder_path
common_folder_path(folder: str) -> str
Returns a fully-qualified folder string.
common_location_path
common_location_path(project: str, location: str) -> str
Returns a fully-qualified location string.
common_organization_path
common_organization_path(organization: str) -> str
Returns a fully-qualified organization string.
common_project_path
common_project_path(project: str) -> str
Returns a fully-qualified project string.
from_service_account_file
from_service_account_file(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
ContainerAnalysisClient |
The constructed client. |
from_service_account_info
from_service_account_info(info: dict, *args, **kwargs)
Creates an instance of this client using the provided credentials info.
Parameter | |
---|---|
Name | Description |
info |
dict
The service account private key info. |
Returns | |
---|---|
Type | Description |
ContainerAnalysisClient |
The constructed client. |
from_service_account_json
from_service_account_json(filename: str, *args, **kwargs)
Creates an instance of this client using the provided credentials file.
Parameter | |
---|---|
Name | Description |
filename |
str
The path to the service account private key json file. |
Returns | |
---|---|
Type | Description |
ContainerAnalysisClient |
The constructed client. |
get_iam_policy
get_iam_policy(
request: typing.Optional[
typing.Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]
] = None,
*,
resource: typing.Optional[str] = None,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary.Retry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.iam.v1.policy_pb2.Policy
Gets the access control policy for a note or an occurrence
resource. Requires containeranalysis.notes.setIamPolicy
or
containeranalysis.occurrences.setIamPolicy
permission if the
resource is a note or occurrence, respectively.
The resource takes the format
projects/[PROJECT_ID]/notes/[NOTE_ID]
for notes and
projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]
for
occurrences.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud.devtools import containeranalysis_v1
from google.iam.v1 import iam_policy_pb2 # type: ignore
def sample_get_iam_policy():
# Create a client
client = containeranalysis_v1.ContainerAnalysisClient()
# Initialize request argument(s)
request = iam_policy_pb2.GetIamPolicyRequest(
resource="resource_value",
)
# Make the request
response = client.get_iam_policy(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.iam.v1.iam_policy_pb2.GetIamPolicyRequest, dict]
The request object. Request message for |
resource |
str
REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
Returns | |
---|---|
Type | Description |
google.iam.v1.policy_pb2.Policy |
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** :literal:\ { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ],="" "etag":="" "bwwwja0yfja=", " version":="" 3="">\ \ **YAML example:** :literal:\ bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01t00:00:00.000z')="" etag:="" bwwwja0yfja="version:">\ \ For a description of IAM and its features, see the [IAM documentation](\ https://cloud.google.com/iam/docs/). |
get_mtls_endpoint_and_cert_source
get_mtls_endpoint_and_cert_source(
client_options: typing.Optional[
google.api_core.client_options.ClientOptions
] = None,
)
Deprecated. Return the API endpoint and client cert source for mutual TLS.
The client cert source is determined in the following order:
(1) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is not "true", the
client cert source is None.
(2) if client_options.client_cert_source
is provided, use the provided one; if the
default client cert source exists, use the default one; otherwise the client cert
source is None.
The API endpoint is determined in the following order:
(1) if client_options.api_endpoint
if provided, use the provided one.
(2) if GOOGLE_API_USE_CLIENT_CERTIFICATE
environment variable is "always", use the
default mTLS endpoint; if the environment variable is "never", use the default API
endpoint; otherwise if client cert source exists, use the default mTLS endpoint, otherwise
use the default API endpoint.
More details can be found at https://google.aip.dev/auth/4114.
Parameter | |
---|---|
Name | Description |
client_options |
google.api_core.client_options.ClientOptions
Custom options for the client. Only the |
Exceptions | |
---|---|
Type | Description |
google.auth.exceptions.MutualTLSChannelError |
If any errors happen. |
Returns | |
---|---|
Type | Description |
Tuple[str, Callable[[], Tuple[bytes, bytes]]] |
returns the API endpoint and the client cert source to use. |
get_vulnerability_occurrences_summary
get_vulnerability_occurrences_summary(
request: typing.Optional[
typing.Union[
google.cloud.devtools.containeranalysis_v1.types.containeranalysis.GetVulnerabilityOccurrencesSummaryRequest,
dict,
]
] = None,
*,
parent: typing.Optional[str] = None,
filter: typing.Optional[str] = None,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary.Retry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> (
google.cloud.devtools.containeranalysis_v1.types.containeranalysis.VulnerabilityOccurrencesSummary
)
Gets a summary of the number and severity of occurrences.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud.devtools import containeranalysis_v1
def sample_get_vulnerability_occurrences_summary():
# Create a client
client = containeranalysis_v1.ContainerAnalysisClient()
# Initialize request argument(s)
request = containeranalysis_v1.GetVulnerabilityOccurrencesSummaryRequest(
parent="parent_value",
)
# Make the request
response = client.get_vulnerability_occurrences_summary(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.cloud.devtools.containeranalysis_v1.types.GetVulnerabilityOccurrencesSummaryRequest, dict]
The request object. Request to get a vulnerability summary for some set of occurrences. |
parent |
str
Required. The name of the project to get a vulnerability summary for in the form of |
filter |
str
The filter expression. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
Returns | |
---|---|
Type | Description |
google.cloud.devtools.containeranalysis_v1.types.VulnerabilityOccurrencesSummary |
A summary of how many vulnerability occurrences there are per resource and severity type. |
parse_common_billing_account_path
parse_common_billing_account_path(path: str) -> typing.Dict[str, str]
Parse a billing_account path into its component segments.
parse_common_folder_path
parse_common_folder_path(path: str) -> typing.Dict[str, str]
Parse a folder path into its component segments.
parse_common_location_path
parse_common_location_path(path: str) -> typing.Dict[str, str]
Parse a location path into its component segments.
parse_common_organization_path
parse_common_organization_path(path: str) -> typing.Dict[str, str]
Parse a organization path into its component segments.
parse_common_project_path
parse_common_project_path(path: str) -> typing.Dict[str, str]
Parse a project path into its component segments.
set_iam_policy
set_iam_policy(
request: typing.Optional[
typing.Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]
] = None,
*,
resource: typing.Optional[str] = None,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary.Retry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.iam.v1.policy_pb2.Policy
Sets the access control policy on the specified note or
occurrence. Requires containeranalysis.notes.setIamPolicy
or
containeranalysis.occurrences.setIamPolicy
permission if the
resource is a note or an occurrence, respectively.
The resource takes the format
projects/[PROJECT_ID]/notes/[NOTE_ID]
for notes and
projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]
for
occurrences.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud.devtools import containeranalysis_v1
from google.iam.v1 import iam_policy_pb2 # type: ignore
def sample_set_iam_policy():
# Create a client
client = containeranalysis_v1.ContainerAnalysisClient()
# Initialize request argument(s)
request = iam_policy_pb2.SetIamPolicyRequest(
resource="resource_value",
)
# Make the request
response = client.set_iam_policy(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.iam.v1.iam_policy_pb2.SetIamPolicyRequest, dict]
The request object. Request message for |
resource |
str
REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field. This corresponds to the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
Returns | |
---|---|
Type | Description |
google.iam.v1.policy_pb2.Policy |
An Identity and Access Management (IAM) policy, which specifies access controls for Google Cloud resources. A Policy is a collection of bindings. A binding binds one or more members, or principals, to a single role. Principals can be user accounts, service accounts, Google groups, and domains (such as G Suite). A role is a named list of permissions; each role can be an IAM predefined role or a user-created custom role. For some types of Google Cloud resources, a binding can also specify a condition, which is a logical expression that allows access to a resource only if the expression evaluates to true. A condition can add constraints based on attributes of the request, the resource, or both. To learn which resources support conditions in their IAM policies, see the [IAM documentation](\ https://cloud.google.com/iam/help/conditions/resource-policies). **JSON example:** :literal:\ { "bindings": [ { "role": "roles/resourcemanager.organizationAdmin", "members": [ "user:mike@example.com", "group:admins@example.com", "domain:google.com", "serviceAccount:my-project-id@appspot.gserviceaccount.com" ] }, { "role": "roles/resourcemanager.organizationViewer", "members": [ "user:eve@example.com" ], "condition": { "title": "expirable access", "description": "Does not grant access after Sep 2020", "expression": "request.time < timestamp('2020-10-01t00:00:00.000z')",="" }="" }="" ],="" "etag":="" "bwwwja0yfja=", " version":="" 3="">\ \ **YAML example:** :literal:\ bindings: - members: - user:mike@example.com - group:admins@example.com - domain:google.com - serviceAccount:my-project-id@appspot.gserviceaccount.com role: roles/resourcemanager.organizationAdmin - members: - user:eve@example.com role: roles/resourcemanager.organizationViewer condition: title: expirable access description: Does not grant access after Sep 2020 expression: request.time < timestamp('2020-10-01t00:00:00.000z')="" etag:="" bwwwja0yfja="version:">\ \ For a description of IAM and its features, see the [IAM documentation](\ https://cloud.google.com/iam/docs/). |
test_iam_permissions
test_iam_permissions(
request: typing.Optional[
typing.Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]
] = None,
*,
resource: typing.Optional[str] = None,
permissions: typing.Optional[typing.MutableSequence[str]] = None,
retry: typing.Optional[
typing.Union[
google.api_core.retry.retry_unary.Retry,
google.api_core.gapic_v1.method._MethodDefault,
]
] = _MethodDefault._DEFAULT_VALUE,
timeout: typing.Union[float, object] = _MethodDefault._DEFAULT_VALUE,
metadata: typing.Sequence[typing.Tuple[str, typing.Union[str, bytes]]] = ()
) -> google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse
Returns the permissions that a caller has on the specified note
or occurrence. Requires list permission on the project (for
example, containeranalysis.notes.list
).
The resource takes the format
projects/[PROJECT_ID]/notes/[NOTE_ID]
for notes and
projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID]
for
occurrences.
# This snippet has been automatically generated and should be regarded as a
# code template only.
# It will require modifications to work:
# - It may require correct/in-range values for request initialization.
# - It may require specifying regional endpoints when creating the service
# client as shown in:
# https://googleapis.dev/python/google-api-core/latest/client_options.html
from google.cloud.devtools import containeranalysis_v1
from google.iam.v1 import iam_policy_pb2 # type: ignore
def sample_test_iam_permissions():
# Create a client
client = containeranalysis_v1.ContainerAnalysisClient()
# Initialize request argument(s)
request = iam_policy_pb2.TestIamPermissionsRequest(
resource="resource_value",
permissions=['permissions_value1', 'permissions_value2'],
)
# Make the request
response = client.test_iam_permissions(request=request)
# Handle the response
print(response)
Parameters | |
---|---|
Name | Description |
request |
Union[google.iam.v1.iam_policy_pb2.TestIamPermissionsRequest, dict]
The request object. Request message for |
resource |
str
REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field. This corresponds to the |
permissions |
MutableSequence[str]
The set of permissions to check for the |
retry |
google.api_core.retry.Retry
Designation of what errors, if any, should be retried. |
timeout |
float
The timeout for this request. |
metadata |
Sequence[Tuple[str, Union[str, bytes]]]
Key/value pairs which should be sent along with the request as metadata. Normally, each value must be of type |
Returns | |
---|---|
Type | Description |
google.iam.v1.iam_policy_pb2.TestIamPermissionsResponse |
Response message for TestIamPermissions method. |