Client for Container Analysis API#

class google.cloud.devtools.containeranalysis_v1.ContainerAnalysisClient(transport=None, channel=None, credentials=None, client_config=None, client_info=None, client_options=None)[source]#

Retrieves analysis results of Cloud components such as Docker container images. The Container Analysis API is an implementation of the Grafeas API.

Analysis results are stored as a series of occurrences. An Occurrence contains information about a specific analysis instance on a resource. An occurrence refers to a Note. A note contains details describing the analysis and is generally stored in a separate project, called a Provider. Multiple occurrences can refer to the same note.

For example, an SSL vulnerability could affect multiple images. In this case, there would be one note for the vulnerability and an occurrence for each image with the vulnerability referring to that note.

Constructor.

Parameters
  • (Union[ContainerAnalysisGrpcTransport, (transport) – Callable[[~.Credentials, type], ~.ContainerAnalysisGrpcTransport]): A transport instance, responsible for actually making the API calls. The default transport uses the gRPC protocol. This argument may also be a callable which returns a transport instance. Callables will be sent the credentials as the first argument and the default transport class as the second argument.

  • channel (grpc.Channel) – DEPRECATED. A Channel instance through which to make calls. This argument is mutually exclusive with credentials; providing both will raise an exception.

  • credentials (google.auth.credentials.Credentials) – The authorization credentials to attach to requests. These credentials identify this application to the service. If none are specified, the client will attempt to ascertain the credentials from the environment. This argument is mutually exclusive with providing a transport instance to transport; doing so will raise an exception.

  • client_config (dict) – DEPRECATED. A dictionary of call options for each method. If not specified, the default configuration is used.

  • client_info (google.api_core.gapic_v1.client_info.ClientInfo) – The client info used to send a user-agent string along with API requests. If None, then default info will be used. Generally, you only need to set this if you’re developing your own client library.

  • client_options (Union[dict, google.api_core.client_options.ClientOptions]) – Client options used to set user options on the client. API Endpoint should be set through client_options.

classmethod from_service_account_file(filename, *args, **kwargs)[source]#

Creates an instance of this client using the provided credentials file.

Parameters
  • filename (str) – The path to the service account private key json file.

  • args – Additional arguments to pass to the constructor.

  • kwargs – Additional arguments to pass to the constructor.

Returns

The constructed client.

Return type

ContainerAnalysisClient

classmethod from_service_account_json(filename, *args, **kwargs)#

Creates an instance of this client using the provided credentials file.

Parameters
  • filename (str) – The path to the service account private key json file.

  • args – Additional arguments to pass to the constructor.

  • kwargs – Additional arguments to pass to the constructor.

Returns

The constructed client.

Return type

ContainerAnalysisClient

get_grafeas_client()[source]#

Returns an equivalent grafeas client.

Returns

A GrafeasClient instance.

get_iam_policy(resource, options_=None, retry=<object object>, timeout=<object object>, metadata=None)[source]#

Gets the access control policy for a note or an occurrence resource. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or occurrence, respectively.

The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences.

Example

>>> from google.cloud.devtools import containeranalysis_v1
>>>
>>> client = containeranalysis_v1.ContainerAnalysisClient()
>>>
>>> resource = client.note_path('[PROJECT]', '[NOTE]')
>>>
>>> response = client.get_iam_policy(resource)
Parameters
  • resource (str) – REQUIRED: The resource for which the policy is being requested. See the operation documentation for the appropriate value for this field.

  • options_ (Union[dict, GetPolicyOptions]) –

    OPTIONAL: A GetPolicyOptions object for specifying options to GetIamPolicy. This field is only used by Cloud IAM.

    If a dict is provided, it must be of the same form as the protobuf message GetPolicyOptions

  • retry (Optional[google.api_core.retry.Retry]) – A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

  • timeout (Optional[float]) – The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

  • metadata (Optional[Sequence[Tuple[str, str]]]) – Additional metadata that is provided to the method.

Returns

A Policy instance.

Raises
classmethod note_path(project, note)[source]#

Return a fully-qualified note string.

classmethod occurrence_path(project, occurrence)[source]#

Return a fully-qualified occurrence string.

set_iam_policy(resource, policy, retry=<object object>, timeout=<object object>, metadata=None)[source]#

Sets the access control policy on the specified note or occurrence. Requires containeranalysis.notes.setIamPolicy or containeranalysis.occurrences.setIamPolicy permission if the resource is a note or an occurrence, respectively.

The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences.

Example

>>> from google.cloud.devtools import containeranalysis_v1
>>>
>>> client = containeranalysis_v1.ContainerAnalysisClient()
>>>
>>> resource = client.note_path('[PROJECT]', '[NOTE]')
>>>
>>> # TODO: Initialize `policy`:
>>> policy = {}
>>>
>>> response = client.set_iam_policy(resource, policy)
Parameters
  • resource (str) – REQUIRED: The resource for which the policy is being specified. See the operation documentation for the appropriate value for this field.

  • policy (Union[dict, Policy]) –

    REQUIRED: The complete policy to be applied to the resource. The size of the policy is limited to a few 10s of KB. An empty policy is a valid policy but certain Cloud Platform services (such as Projects) might reject them.

    If a dict is provided, it must be of the same form as the protobuf message Policy

  • retry (Optional[google.api_core.retry.Retry]) – A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

  • timeout (Optional[float]) – The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

  • metadata (Optional[Sequence[Tuple[str, str]]]) – Additional metadata that is provided to the method.

Returns

A Policy instance.

Raises
test_iam_permissions(resource, permissions, retry=<object object>, timeout=<object object>, metadata=None)[source]#

Returns the permissions that a caller has on the specified note or occurrence. Requires list permission on the project (for example, containeranalysis.notes.list).

The resource takes the format projects/[PROJECT_ID]/notes/[NOTE_ID] for notes and projects/[PROJECT_ID]/occurrences/[OCCURRENCE_ID] for occurrences.

Example

>>> from google.cloud.devtools import containeranalysis_v1
>>>
>>> client = containeranalysis_v1.ContainerAnalysisClient()
>>>
>>> resource = client.note_path('[PROJECT]', '[NOTE]')
>>>
>>> # TODO: Initialize `permissions`:
>>> permissions = []
>>>
>>> response = client.test_iam_permissions(resource, permissions)
Parameters
  • resource (str) – REQUIRED: The resource for which the policy detail is being requested. See the operation documentation for the appropriate value for this field.

  • permissions (list[str]) – The set of permissions to check for the resource. Permissions with wildcards (such as ‘*’ or ‘storage.*’) are not allowed. For more information see IAM Overview.

  • retry (Optional[google.api_core.retry.Retry]) – A retry object used to retry requests. If None is specified, requests will be retried using a default configuration.

  • timeout (Optional[float]) – The amount of time, in seconds, to wait for the request to complete. Note that if retry is specified, the timeout applies to each individual attempt.

  • metadata (Optional[Sequence[Tuple[str, str]]]) – Additional metadata that is provided to the method.

Returns

A TestIamPermissionsResponse instance.

Raises