1<html><body> 2<style> 3 4body, h1, h2, h3, div, span, p, pre, a { 5 margin: 0; 6 padding: 0; 7 border: 0; 8 font-weight: inherit; 9 font-style: inherit; 10 font-size: 100%; 11 font-family: inherit; 12 vertical-align: baseline; 13} 14 15body { 16 font-size: 13px; 17 padding: 1em; 18} 19 20h1 { 21 font-size: 26px; 22 margin-bottom: 1em; 23} 24 25h2 { 26 font-size: 24px; 27 margin-bottom: 1em; 28} 29 30h3 { 31 font-size: 20px; 32 margin-bottom: 1em; 33 margin-top: 1em; 34} 35 36pre, code { 37 line-height: 1.5; 38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace; 39} 40 41pre { 42 margin-top: 0.5em; 43} 44 45h1, h2, h3, p { 46 font-family: Arial, sans serif; 47} 48 49h1, h2, h3 { 50 border-bottom: solid #CCC 1px; 51} 52 53.toc_element { 54 margin-top: 0.5em; 55} 56 57.firstline { 58 margin-left: 2 em; 59} 60 61.method { 62 margin-top: 1em; 63 border: solid 1px #CCC; 64 padding: 1em; 65 background: #EEE; 66} 67 68.details { 69 font-weight: bold; 70 font-size: 14px; 71} 72 73</style> 74 75<h1><a href="containeranalysis_v1alpha1.html">Container Analysis API</a> . <a href="containeranalysis_v1alpha1.providers.html">providers</a> . <a href="containeranalysis_v1alpha1.providers.notes.html">notes</a></h1> 76<h2>Instance Methods</h2> 77<p class="toc_element"> 78 <code><a href="containeranalysis_v1alpha1.providers.notes.occurrences.html">occurrences()</a></code> 79</p> 80<p class="firstline">Returns the occurrences Resource.</p> 81 82<p class="toc_element"> 83 <code><a href="#create">create(name, body, parent=None, noteId=None, x__xgafv=None)</a></code></p> 84<p class="firstline">Creates a new `Note`.</p> 85<p class="toc_element"> 86 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p> 87<p class="firstline">Deletes the given `Note` from the system.</p> 88<p class="toc_element"> 89 <code><a href="#get">get(name, x__xgafv=None)</a></code></p> 90<p class="firstline">Returns the requested `Note`.</p> 91<p class="toc_element"> 92 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p> 93<p class="firstline">Gets the access control policy for a note or an `Occurrence` resource.</p> 94<p class="toc_element"> 95 <code><a href="#list">list(name, parent=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</a></code></p> 96<p class="firstline">Lists all `Notes` for a given project.</p> 97<p class="toc_element"> 98 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p> 99<p class="firstline">Retrieves the next page of results.</p> 100<p class="toc_element"> 101 <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p> 102<p class="firstline">Updates an existing `Note`.</p> 103<p class="toc_element"> 104 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p> 105<p class="firstline">Sets the access control policy on the specified `Note` or `Occurrence`.</p> 106<p class="toc_element"> 107 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p> 108<p class="firstline">Returns the permissions that a caller has on the specified note or</p> 109<h3>Method Details</h3> 110<div class="method"> 111 <code class="details" id="create">create(name, body, parent=None, noteId=None, x__xgafv=None)</code> 112 <pre>Creates a new `Note`. 113 114Args: 115 name: string, The name of the project. 116Should be of the form "providers/{provider_id}". 117@Deprecated (required) 118 body: object, The request body. (required) 119 The object takes the form of: 120 121{ # Provides a detailed description of a `Note`. 122 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build. 123 # the provenance message in linked BuildDetails. 124 "builderVersion": "A String", # Version of the builder which produced this Note. 125 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this 126 # `BuilderDetails`. 127 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 128 # findings are valid and unchanged. If `key_type` is empty, this defaults 129 # to PEM encoded public keys. 130 # 131 # This field may be empty if `key_id` references an external key. 132 # 133 # For Cloud Build based signatures, this is a PEM encoded public 134 # key. To verify the Cloud Build signature, place the contents of 135 # this field into a file (public.pem). The signature field is base64-decoded 136 # into its binary representation in signature.bin, and the provenance bytes 137 # from `BuildDetails` are base64-decoded into a binary representation in 138 # signed.bin. OpenSSL can then verify the signature: 139 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 140 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 141 # `key_id` 142 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key 143 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the 144 # CN for a cert), or a reference to an external key (such as a reference to a 145 # key in Cloud Key Management Service). 146 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string. 147 }, 148 }, 149 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This 150 # field can be used as a filter in list requests. 151 "name": "A String", # The name of the note in the form 152 # "providers/{provider_id}/notes/{NOTE_ID}" 153 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note. 154 "cvssScore": 3.14, # The CVSS score for this Vulnerability. 155 "severity": "A String", # Note provider assigned impact of the vulnerability 156 "details": [ # All information about the package to specifically identify this 157 # vulnerability. One entry per (version range and cpe_uri) the 158 # package vulnerability has manifested in. 159 { # Identifies all occurrences of this vulnerability in the package for a 160 # specific distro/location 161 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 162 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 163 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in 164 # which the vulnerability manifests. Examples include distro or storage 165 # location for vulnerable jar. 166 # This field can be used as a filter in list requests. 167 "description": "A String", # A vendor-specific description of this note. 168 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists. 169 # For a discussion of this in Debian/Ubuntu: 170 # http://serverfault.com/questions/604541/debian-packages-version-convention 171 # For a discussion of this in Redhat/Fedora/Centos: 172 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 173 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 174 # If kind is not NORMAL, then the other fields are ignored. 175 "revision": "A String", # The iteration of the package build from the above version. 176 "name": "A String", # The main part of the version name. 177 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 178 }, 179 "package": "A String", # The name of the package where the vulnerability was found. 180 # This field can be used as a filter in list requests. 181 "packageType": "A String", # The type of package; whether native or non native(ruby gems, 182 # node.js packages etc) 183 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to 184 # obsolete details. 185 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead. 186 # 187 # The max version of the package in which the vulnerability exists. 188 # For a discussion of this in Debian/Ubuntu: 189 # http://serverfault.com/questions/604541/debian-packages-version-convention 190 # For a discussion of this in Redhat/Fedora/Centos: 191 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 192 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 193 # If kind is not NORMAL, then the other fields are ignored. 194 "revision": "A String", # The iteration of the package build from the above version. 195 "name": "A String", # The main part of the version name. 196 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 197 }, 198 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version. 199 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 200 # format. Examples include distro or storage location for vulnerable jar. 201 # This field can be used as a filter in list requests. 202 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 203 # filter in list requests. 204 # For a discussion of this in Debian/Ubuntu: 205 # http://serverfault.com/questions/604541/debian-packages-version-convention 206 # For a discussion of this in Redhat/Fedora/Centos: 207 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 208 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 209 # If kind is not NORMAL, then the other fields are ignored. 210 "revision": "A String", # The iteration of the package build from the above version. 211 "name": "A String", # The main part of the version name. 212 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 213 }, 214 "package": "A String", # The package being described. 215 }, 216 }, 217 ], 218 }, 219 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers. 220 # various channels. 221 # e.g. glibc (aka libc6) is distributed by many, at various versions. 222 "distribution": [ # The various channels by which a package is distributed. 223 { # This represents a particular channel of distribution for a given package. 224 # e.g. Debian's jessie-backports dpkg mirror 225 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) 226 # denoting the package manager version distributing a package. 227 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 228 "description": "A String", # The distribution channel-specific description of this package. 229 "url": "A String", # The distribution channel-specific homepage for this package. 230 "architecture": "A String", # The CPU architecture for which packages in this distribution 231 # channel were built 232 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in 233 # this distribution channel. 234 # For a discussion of this in Debian/Ubuntu: 235 # http://serverfault.com/questions/604541/debian-packages-version-convention 236 # For a discussion of this in Redhat/Fedora/Centos: 237 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 238 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 239 # If kind is not NORMAL, then the other fields are ignored. 240 "revision": "A String", # The iteration of the package build from the above version. 241 "name": "A String", # The main part of the version name. 242 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 243 }, 244 }, 245 ], 246 "name": "A String", # The name of the package. 247 }, 248 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 249 # a filter in list requests. 250 "relatedUrl": [ # URLs associated with this note 251 { # Metadata for any related URL information 252 "url": "A String", # Specific URL to associate with the note 253 "label": "A String", # Label to describe usage of the URL 254 }, 255 ], 256 "longDescription": "A String", # A detailed description of this `Note`. 257 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 258 # example, an organization might have one `AttestationAuthority` for "QA" and 259 # one for "build". This Note is intended to act strictly as a grouping 260 # mechanism for the attached Occurrences (Attestations). This grouping 261 # mechanism also provides a security boundary, since IAM ACLs gate the ability 262 # for a principle to attach an Occurrence to a given Note. It also provides a 263 # single point of lookup to find all attached Attestation Occurrences, even if 264 # they don't all live in the same project. 265 "hint": { # This submessage provides human-readable hints about the purpose of the 266 # AttestationAuthority. Because the name of a Note acts as its resource 267 # reference, it is important to disambiguate the canonical name of the Note 268 # (which might be a UUID for security purposes) from "readable" names more 269 # suitable for debug output. Note that these hints should NOT be used to 270 # look up AttestationAuthorities in security sensitive contexts, such as when 271 # looking up Attestations to verify. 272 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa". 273 }, 274 }, 275 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 276 # relationship. Linked occurrences are derived from this or an 277 # equivalent image via: 278 # FROM <Basis.resource_url> 279 # Or an equivalent reference, e.g. a tag of the resource_url. 280 "resourceUrl": "A String", # The resource_url for the resource representing the basis of 281 # associated occurrence images. 282 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image. 283 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 284 # representation. 285 # This field can be used as a filter in list requests. 286 "v2Blob": [ # The ordered list of v2 blobs that represent a given image. 287 "A String", 288 ], 289 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 290 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 291 # Only the name of the final blob is kept. 292 # This field can be used as a filter in list requests. 293 }, 294 }, 295 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire. 296 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 297 "resourceUri": [ # Resource URI for the artifact being deployed. 298 "A String", 299 ], 300 }, 301 "shortDescription": "A String", # A one sentence description of this `Note`. 302 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 303 # filter in list requests. 304 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type. 305 # exists in a provider's project. A `Discovery` occurrence is created in a 306 # consumer's project at the start of analysis. The occurrence's operation will 307 # indicate the status of the analysis. Absence of an occurrence linked to this 308 # note for a resource indicates that analysis hasn't started. 309 "analysisKind": "A String", # The kind of analysis that is handled by this discovery. 310 }, 311} 312 313 parent: string, This field contains the project Id for example: 314"projects/{project_id} 315 noteId: string, The ID to use for this note. 316 x__xgafv: string, V1 error format. 317 Allowed values 318 1 - v1 error format 319 2 - v2 error format 320 321Returns: 322 An object of the form: 323 324 { # Provides a detailed description of a `Note`. 325 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build. 326 # the provenance message in linked BuildDetails. 327 "builderVersion": "A String", # Version of the builder which produced this Note. 328 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this 329 # `BuilderDetails`. 330 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 331 # findings are valid and unchanged. If `key_type` is empty, this defaults 332 # to PEM encoded public keys. 333 # 334 # This field may be empty if `key_id` references an external key. 335 # 336 # For Cloud Build based signatures, this is a PEM encoded public 337 # key. To verify the Cloud Build signature, place the contents of 338 # this field into a file (public.pem). The signature field is base64-decoded 339 # into its binary representation in signature.bin, and the provenance bytes 340 # from `BuildDetails` are base64-decoded into a binary representation in 341 # signed.bin. OpenSSL can then verify the signature: 342 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 343 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 344 # `key_id` 345 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key 346 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the 347 # CN for a cert), or a reference to an external key (such as a reference to a 348 # key in Cloud Key Management Service). 349 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string. 350 }, 351 }, 352 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This 353 # field can be used as a filter in list requests. 354 "name": "A String", # The name of the note in the form 355 # "providers/{provider_id}/notes/{NOTE_ID}" 356 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note. 357 "cvssScore": 3.14, # The CVSS score for this Vulnerability. 358 "severity": "A String", # Note provider assigned impact of the vulnerability 359 "details": [ # All information about the package to specifically identify this 360 # vulnerability. One entry per (version range and cpe_uri) the 361 # package vulnerability has manifested in. 362 { # Identifies all occurrences of this vulnerability in the package for a 363 # specific distro/location 364 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 365 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 366 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in 367 # which the vulnerability manifests. Examples include distro or storage 368 # location for vulnerable jar. 369 # This field can be used as a filter in list requests. 370 "description": "A String", # A vendor-specific description of this note. 371 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists. 372 # For a discussion of this in Debian/Ubuntu: 373 # http://serverfault.com/questions/604541/debian-packages-version-convention 374 # For a discussion of this in Redhat/Fedora/Centos: 375 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 376 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 377 # If kind is not NORMAL, then the other fields are ignored. 378 "revision": "A String", # The iteration of the package build from the above version. 379 "name": "A String", # The main part of the version name. 380 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 381 }, 382 "package": "A String", # The name of the package where the vulnerability was found. 383 # This field can be used as a filter in list requests. 384 "packageType": "A String", # The type of package; whether native or non native(ruby gems, 385 # node.js packages etc) 386 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to 387 # obsolete details. 388 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead. 389 # 390 # The max version of the package in which the vulnerability exists. 391 # For a discussion of this in Debian/Ubuntu: 392 # http://serverfault.com/questions/604541/debian-packages-version-convention 393 # For a discussion of this in Redhat/Fedora/Centos: 394 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 395 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 396 # If kind is not NORMAL, then the other fields are ignored. 397 "revision": "A String", # The iteration of the package build from the above version. 398 "name": "A String", # The main part of the version name. 399 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 400 }, 401 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version. 402 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 403 # format. Examples include distro or storage location for vulnerable jar. 404 # This field can be used as a filter in list requests. 405 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 406 # filter in list requests. 407 # For a discussion of this in Debian/Ubuntu: 408 # http://serverfault.com/questions/604541/debian-packages-version-convention 409 # For a discussion of this in Redhat/Fedora/Centos: 410 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 411 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 412 # If kind is not NORMAL, then the other fields are ignored. 413 "revision": "A String", # The iteration of the package build from the above version. 414 "name": "A String", # The main part of the version name. 415 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 416 }, 417 "package": "A String", # The package being described. 418 }, 419 }, 420 ], 421 }, 422 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers. 423 # various channels. 424 # e.g. glibc (aka libc6) is distributed by many, at various versions. 425 "distribution": [ # The various channels by which a package is distributed. 426 { # This represents a particular channel of distribution for a given package. 427 # e.g. Debian's jessie-backports dpkg mirror 428 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) 429 # denoting the package manager version distributing a package. 430 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 431 "description": "A String", # The distribution channel-specific description of this package. 432 "url": "A String", # The distribution channel-specific homepage for this package. 433 "architecture": "A String", # The CPU architecture for which packages in this distribution 434 # channel were built 435 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in 436 # this distribution channel. 437 # For a discussion of this in Debian/Ubuntu: 438 # http://serverfault.com/questions/604541/debian-packages-version-convention 439 # For a discussion of this in Redhat/Fedora/Centos: 440 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 441 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 442 # If kind is not NORMAL, then the other fields are ignored. 443 "revision": "A String", # The iteration of the package build from the above version. 444 "name": "A String", # The main part of the version name. 445 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 446 }, 447 }, 448 ], 449 "name": "A String", # The name of the package. 450 }, 451 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 452 # a filter in list requests. 453 "relatedUrl": [ # URLs associated with this note 454 { # Metadata for any related URL information 455 "url": "A String", # Specific URL to associate with the note 456 "label": "A String", # Label to describe usage of the URL 457 }, 458 ], 459 "longDescription": "A String", # A detailed description of this `Note`. 460 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 461 # example, an organization might have one `AttestationAuthority` for "QA" and 462 # one for "build". This Note is intended to act strictly as a grouping 463 # mechanism for the attached Occurrences (Attestations). This grouping 464 # mechanism also provides a security boundary, since IAM ACLs gate the ability 465 # for a principle to attach an Occurrence to a given Note. It also provides a 466 # single point of lookup to find all attached Attestation Occurrences, even if 467 # they don't all live in the same project. 468 "hint": { # This submessage provides human-readable hints about the purpose of the 469 # AttestationAuthority. Because the name of a Note acts as its resource 470 # reference, it is important to disambiguate the canonical name of the Note 471 # (which might be a UUID for security purposes) from "readable" names more 472 # suitable for debug output. Note that these hints should NOT be used to 473 # look up AttestationAuthorities in security sensitive contexts, such as when 474 # looking up Attestations to verify. 475 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa". 476 }, 477 }, 478 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 479 # relationship. Linked occurrences are derived from this or an 480 # equivalent image via: 481 # FROM <Basis.resource_url> 482 # Or an equivalent reference, e.g. a tag of the resource_url. 483 "resourceUrl": "A String", # The resource_url for the resource representing the basis of 484 # associated occurrence images. 485 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image. 486 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 487 # representation. 488 # This field can be used as a filter in list requests. 489 "v2Blob": [ # The ordered list of v2 blobs that represent a given image. 490 "A String", 491 ], 492 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 493 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 494 # Only the name of the final blob is kept. 495 # This field can be used as a filter in list requests. 496 }, 497 }, 498 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire. 499 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 500 "resourceUri": [ # Resource URI for the artifact being deployed. 501 "A String", 502 ], 503 }, 504 "shortDescription": "A String", # A one sentence description of this `Note`. 505 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 506 # filter in list requests. 507 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type. 508 # exists in a provider's project. A `Discovery` occurrence is created in a 509 # consumer's project at the start of analysis. The occurrence's operation will 510 # indicate the status of the analysis. Absence of an occurrence linked to this 511 # note for a resource indicates that analysis hasn't started. 512 "analysisKind": "A String", # The kind of analysis that is handled by this discovery. 513 }, 514 }</pre> 515</div> 516 517<div class="method"> 518 <code class="details" id="delete">delete(name, x__xgafv=None)</code> 519 <pre>Deletes the given `Note` from the system. 520 521Args: 522 name: string, The name of the note in the form of 523"providers/{provider_id}/notes/{NOTE_ID}" (required) 524 x__xgafv: string, V1 error format. 525 Allowed values 526 1 - v1 error format 527 2 - v2 error format 528 529Returns: 530 An object of the form: 531 532 { # A generic empty message that you can re-use to avoid defining duplicated 533 # empty messages in your APIs. A typical example is to use it as the request 534 # or the response type of an API method. For instance: 535 # 536 # service Foo { 537 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty); 538 # } 539 # 540 # The JSON representation for `Empty` is empty JSON object `{}`. 541 }</pre> 542</div> 543 544<div class="method"> 545 <code class="details" id="get">get(name, x__xgafv=None)</code> 546 <pre>Returns the requested `Note`. 547 548Args: 549 name: string, The name of the note in the form of 550"providers/{provider_id}/notes/{NOTE_ID}" (required) 551 x__xgafv: string, V1 error format. 552 Allowed values 553 1 - v1 error format 554 2 - v2 error format 555 556Returns: 557 An object of the form: 558 559 { # Provides a detailed description of a `Note`. 560 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build. 561 # the provenance message in linked BuildDetails. 562 "builderVersion": "A String", # Version of the builder which produced this Note. 563 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this 564 # `BuilderDetails`. 565 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 566 # findings are valid and unchanged. If `key_type` is empty, this defaults 567 # to PEM encoded public keys. 568 # 569 # This field may be empty if `key_id` references an external key. 570 # 571 # For Cloud Build based signatures, this is a PEM encoded public 572 # key. To verify the Cloud Build signature, place the contents of 573 # this field into a file (public.pem). The signature field is base64-decoded 574 # into its binary representation in signature.bin, and the provenance bytes 575 # from `BuildDetails` are base64-decoded into a binary representation in 576 # signed.bin. OpenSSL can then verify the signature: 577 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 578 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 579 # `key_id` 580 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key 581 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the 582 # CN for a cert), or a reference to an external key (such as a reference to a 583 # key in Cloud Key Management Service). 584 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string. 585 }, 586 }, 587 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This 588 # field can be used as a filter in list requests. 589 "name": "A String", # The name of the note in the form 590 # "providers/{provider_id}/notes/{NOTE_ID}" 591 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note. 592 "cvssScore": 3.14, # The CVSS score for this Vulnerability. 593 "severity": "A String", # Note provider assigned impact of the vulnerability 594 "details": [ # All information about the package to specifically identify this 595 # vulnerability. One entry per (version range and cpe_uri) the 596 # package vulnerability has manifested in. 597 { # Identifies all occurrences of this vulnerability in the package for a 598 # specific distro/location 599 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 600 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 601 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in 602 # which the vulnerability manifests. Examples include distro or storage 603 # location for vulnerable jar. 604 # This field can be used as a filter in list requests. 605 "description": "A String", # A vendor-specific description of this note. 606 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists. 607 # For a discussion of this in Debian/Ubuntu: 608 # http://serverfault.com/questions/604541/debian-packages-version-convention 609 # For a discussion of this in Redhat/Fedora/Centos: 610 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 611 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 612 # If kind is not NORMAL, then the other fields are ignored. 613 "revision": "A String", # The iteration of the package build from the above version. 614 "name": "A String", # The main part of the version name. 615 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 616 }, 617 "package": "A String", # The name of the package where the vulnerability was found. 618 # This field can be used as a filter in list requests. 619 "packageType": "A String", # The type of package; whether native or non native(ruby gems, 620 # node.js packages etc) 621 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to 622 # obsolete details. 623 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead. 624 # 625 # The max version of the package in which the vulnerability exists. 626 # For a discussion of this in Debian/Ubuntu: 627 # http://serverfault.com/questions/604541/debian-packages-version-convention 628 # For a discussion of this in Redhat/Fedora/Centos: 629 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 630 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 631 # If kind is not NORMAL, then the other fields are ignored. 632 "revision": "A String", # The iteration of the package build from the above version. 633 "name": "A String", # The main part of the version name. 634 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 635 }, 636 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version. 637 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 638 # format. Examples include distro or storage location for vulnerable jar. 639 # This field can be used as a filter in list requests. 640 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 641 # filter in list requests. 642 # For a discussion of this in Debian/Ubuntu: 643 # http://serverfault.com/questions/604541/debian-packages-version-convention 644 # For a discussion of this in Redhat/Fedora/Centos: 645 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 646 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 647 # If kind is not NORMAL, then the other fields are ignored. 648 "revision": "A String", # The iteration of the package build from the above version. 649 "name": "A String", # The main part of the version name. 650 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 651 }, 652 "package": "A String", # The package being described. 653 }, 654 }, 655 ], 656 }, 657 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers. 658 # various channels. 659 # e.g. glibc (aka libc6) is distributed by many, at various versions. 660 "distribution": [ # The various channels by which a package is distributed. 661 { # This represents a particular channel of distribution for a given package. 662 # e.g. Debian's jessie-backports dpkg mirror 663 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) 664 # denoting the package manager version distributing a package. 665 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 666 "description": "A String", # The distribution channel-specific description of this package. 667 "url": "A String", # The distribution channel-specific homepage for this package. 668 "architecture": "A String", # The CPU architecture for which packages in this distribution 669 # channel were built 670 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in 671 # this distribution channel. 672 # For a discussion of this in Debian/Ubuntu: 673 # http://serverfault.com/questions/604541/debian-packages-version-convention 674 # For a discussion of this in Redhat/Fedora/Centos: 675 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 676 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 677 # If kind is not NORMAL, then the other fields are ignored. 678 "revision": "A String", # The iteration of the package build from the above version. 679 "name": "A String", # The main part of the version name. 680 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 681 }, 682 }, 683 ], 684 "name": "A String", # The name of the package. 685 }, 686 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 687 # a filter in list requests. 688 "relatedUrl": [ # URLs associated with this note 689 { # Metadata for any related URL information 690 "url": "A String", # Specific URL to associate with the note 691 "label": "A String", # Label to describe usage of the URL 692 }, 693 ], 694 "longDescription": "A String", # A detailed description of this `Note`. 695 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 696 # example, an organization might have one `AttestationAuthority` for "QA" and 697 # one for "build". This Note is intended to act strictly as a grouping 698 # mechanism for the attached Occurrences (Attestations). This grouping 699 # mechanism also provides a security boundary, since IAM ACLs gate the ability 700 # for a principle to attach an Occurrence to a given Note. It also provides a 701 # single point of lookup to find all attached Attestation Occurrences, even if 702 # they don't all live in the same project. 703 "hint": { # This submessage provides human-readable hints about the purpose of the 704 # AttestationAuthority. Because the name of a Note acts as its resource 705 # reference, it is important to disambiguate the canonical name of the Note 706 # (which might be a UUID for security purposes) from "readable" names more 707 # suitable for debug output. Note that these hints should NOT be used to 708 # look up AttestationAuthorities in security sensitive contexts, such as when 709 # looking up Attestations to verify. 710 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa". 711 }, 712 }, 713 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 714 # relationship. Linked occurrences are derived from this or an 715 # equivalent image via: 716 # FROM <Basis.resource_url> 717 # Or an equivalent reference, e.g. a tag of the resource_url. 718 "resourceUrl": "A String", # The resource_url for the resource representing the basis of 719 # associated occurrence images. 720 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image. 721 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 722 # representation. 723 # This field can be used as a filter in list requests. 724 "v2Blob": [ # The ordered list of v2 blobs that represent a given image. 725 "A String", 726 ], 727 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 728 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 729 # Only the name of the final blob is kept. 730 # This field can be used as a filter in list requests. 731 }, 732 }, 733 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire. 734 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 735 "resourceUri": [ # Resource URI for the artifact being deployed. 736 "A String", 737 ], 738 }, 739 "shortDescription": "A String", # A one sentence description of this `Note`. 740 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 741 # filter in list requests. 742 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type. 743 # exists in a provider's project. A `Discovery` occurrence is created in a 744 # consumer's project at the start of analysis. The occurrence's operation will 745 # indicate the status of the analysis. Absence of an occurrence linked to this 746 # note for a resource indicates that analysis hasn't started. 747 "analysisKind": "A String", # The kind of analysis that is handled by this discovery. 748 }, 749 }</pre> 750</div> 751 752<div class="method"> 753 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code> 754 <pre>Gets the access control policy for a note or an `Occurrence` resource. 755Requires `containeranalysis.notes.setIamPolicy` or 756`containeranalysis.occurrences.setIamPolicy` permission if the resource is 757a note or occurrence, respectively. 758Attempting to call this method on a resource without the required 759permission will result in a `PERMISSION_DENIED` error. Attempting to call 760this method on a non-existent resource will result in a `NOT_FOUND` error 761if the user has list permission on the project, or a `PERMISSION_DENIED` 762error otherwise. The resource takes the following formats: 763`projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for occurrences and 764projects/{PROJECT_ID}/notes/{NOTE_ID} for notes 765 766Args: 767 resource: string, REQUIRED: The resource for which the policy is being requested. 768See the operation documentation for the appropriate value for this field. (required) 769 body: object, The request body. 770 The object takes the form of: 771 772{ # Request message for `GetIamPolicy` method. 773 } 774 775 x__xgafv: string, V1 error format. 776 Allowed values 777 1 - v1 error format 778 2 - v2 error format 779 780Returns: 781 An object of the form: 782 783 { # Defines an Identity and Access Management (IAM) policy. It is used to 784 # specify access control policies for Cloud Platform resources. 785 # 786 # 787 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 788 # `members` to a `role`, where the members can be user accounts, Google groups, 789 # Google domains, and service accounts. A `role` is a named list of permissions 790 # defined by IAM. 791 # 792 # **JSON Example** 793 # 794 # { 795 # "bindings": [ 796 # { 797 # "role": "roles/owner", 798 # "members": [ 799 # "user:mike@example.com", 800 # "group:admins@example.com", 801 # "domain:google.com", 802 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 803 # ] 804 # }, 805 # { 806 # "role": "roles/viewer", 807 # "members": ["user:sean@example.com"] 808 # } 809 # ] 810 # } 811 # 812 # **YAML Example** 813 # 814 # bindings: 815 # - members: 816 # - user:mike@example.com 817 # - group:admins@example.com 818 # - domain:google.com 819 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 820 # role: roles/owner 821 # - members: 822 # - user:sean@example.com 823 # role: roles/viewer 824 # 825 # 826 # For a description of IAM and its features, see the 827 # [IAM developer's guide](https://cloud.google.com/iam/docs). 828 "bindings": [ # Associates a list of `members` to a `role`. 829 # `bindings` with no members will result in an error. 830 { # Associates `members` with a `role`. 831 "role": "A String", # Role that is assigned to `members`. 832 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 833 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 834 # `members` can have the following values: 835 # 836 # * `allUsers`: A special identifier that represents anyone who is 837 # on the internet; with or without a Google account. 838 # 839 # * `allAuthenticatedUsers`: A special identifier that represents anyone 840 # who is authenticated with a Google account or a service account. 841 # 842 # * `user:{emailid}`: An email address that represents a specific Google 843 # account. For example, `alice@gmail.com` . 844 # 845 # 846 # * `serviceAccount:{emailid}`: An email address that represents a service 847 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 848 # 849 # * `group:{emailid}`: An email address that represents a Google group. 850 # For example, `admins@example.com`. 851 # 852 # 853 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 854 # users of that domain. For example, `google.com` or `example.com`. 855 # 856 "A String", 857 ], 858 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 859 # NOTE: An unsatisfied condition will not allow user access via current 860 # binding. Different bindings, including their conditions, are examined 861 # independently. 862 # 863 # title: "User account presence" 864 # description: "Determines whether the request has a user account" 865 # expression: "size(request.user) > 0" 866 "description": "A String", # An optional description of the expression. This is a longer text which 867 # describes the expression, e.g. when hovered over it in a UI. 868 "expression": "A String", # Textual representation of an expression in 869 # Common Expression Language syntax. 870 # 871 # The application context of the containing message determines which 872 # well-known feature set of CEL is supported. 873 "location": "A String", # An optional string indicating the location of the expression for error 874 # reporting, e.g. a file name and a position in the file. 875 "title": "A String", # An optional title for the expression, i.e. a short string describing 876 # its purpose. This can be used e.g. in UIs which allow to enter the 877 # expression. 878 }, 879 }, 880 ], 881 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 882 { # Specifies the audit configuration for a service. 883 # The configuration determines which permission types are logged, and what 884 # identities, if any, are exempted from logging. 885 # An AuditConfig must have one or more AuditLogConfigs. 886 # 887 # If there are AuditConfigs for both `allServices` and a specific service, 888 # the union of the two AuditConfigs is used for that service: the log_types 889 # specified in each AuditConfig are enabled, and the exempted_members in each 890 # AuditLogConfig are exempted. 891 # 892 # Example Policy with multiple AuditConfigs: 893 # 894 # { 895 # "audit_configs": [ 896 # { 897 # "service": "allServices" 898 # "audit_log_configs": [ 899 # { 900 # "log_type": "DATA_READ", 901 # "exempted_members": [ 902 # "user:foo@gmail.com" 903 # ] 904 # }, 905 # { 906 # "log_type": "DATA_WRITE", 907 # }, 908 # { 909 # "log_type": "ADMIN_READ", 910 # } 911 # ] 912 # }, 913 # { 914 # "service": "fooservice.googleapis.com" 915 # "audit_log_configs": [ 916 # { 917 # "log_type": "DATA_READ", 918 # }, 919 # { 920 # "log_type": "DATA_WRITE", 921 # "exempted_members": [ 922 # "user:bar@gmail.com" 923 # ] 924 # } 925 # ] 926 # } 927 # ] 928 # } 929 # 930 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 931 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 932 # bar@gmail.com from DATA_WRITE logging. 933 "auditLogConfigs": [ # The configuration for logging of each type of permission. 934 { # Provides the configuration for logging a type of permissions. 935 # Example: 936 # 937 # { 938 # "audit_log_configs": [ 939 # { 940 # "log_type": "DATA_READ", 941 # "exempted_members": [ 942 # "user:foo@gmail.com" 943 # ] 944 # }, 945 # { 946 # "log_type": "DATA_WRITE", 947 # } 948 # ] 949 # } 950 # 951 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 952 # foo@gmail.com from DATA_READ logging. 953 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 954 # permission. 955 # Follows the same format of Binding.members. 956 "A String", 957 ], 958 "logType": "A String", # The log type that this config enables. 959 }, 960 ], 961 "service": "A String", # Specifies a service that will be enabled for audit logging. 962 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 963 # `allServices` is a special value that covers all services. 964 }, 965 ], 966 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 967 # prevent simultaneous updates of a policy from overwriting each other. 968 # It is strongly suggested that systems make use of the `etag` in the 969 # read-modify-write cycle to perform policy updates in order to avoid race 970 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 971 # systems are expected to put that etag in the request to `setIamPolicy` to 972 # ensure that their change will be applied to the same version of the policy. 973 # 974 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 975 # policy is overwritten blindly. 976 "version": 42, # Deprecated. 977 }</pre> 978</div> 979 980<div class="method"> 981 <code class="details" id="list">list(name, parent=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</code> 982 <pre>Lists all `Notes` for a given project. 983 984Args: 985 name: string, The name field will contain the project Id for example: 986"providers/{provider_id} 987@Deprecated (required) 988 parent: string, This field contains the project Id for example: "projects/{PROJECT_ID}". 989 pageSize: integer, Number of notes to return in the list. 990 pageToken: string, Token to provide to skip to a particular spot in the list. 991 x__xgafv: string, V1 error format. 992 Allowed values 993 1 - v1 error format 994 2 - v2 error format 995 filter: string, The filter expression. 996 997Returns: 998 An object of the form: 999 1000 { # Response including listed notes. 1001 "nextPageToken": "A String", # The next pagination token in the list response. It should be used as 1002 # page_token for the following request. An empty value means no more result. 1003 "notes": [ # The occurrences requested 1004 { # Provides a detailed description of a `Note`. 1005 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build. 1006 # the provenance message in linked BuildDetails. 1007 "builderVersion": "A String", # Version of the builder which produced this Note. 1008 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this 1009 # `BuilderDetails`. 1010 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 1011 # findings are valid and unchanged. If `key_type` is empty, this defaults 1012 # to PEM encoded public keys. 1013 # 1014 # This field may be empty if `key_id` references an external key. 1015 # 1016 # For Cloud Build based signatures, this is a PEM encoded public 1017 # key. To verify the Cloud Build signature, place the contents of 1018 # this field into a file (public.pem). The signature field is base64-decoded 1019 # into its binary representation in signature.bin, and the provenance bytes 1020 # from `BuildDetails` are base64-decoded into a binary representation in 1021 # signed.bin. OpenSSL can then verify the signature: 1022 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 1023 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 1024 # `key_id` 1025 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key 1026 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the 1027 # CN for a cert), or a reference to an external key (such as a reference to a 1028 # key in Cloud Key Management Service). 1029 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string. 1030 }, 1031 }, 1032 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This 1033 # field can be used as a filter in list requests. 1034 "name": "A String", # The name of the note in the form 1035 # "providers/{provider_id}/notes/{NOTE_ID}" 1036 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note. 1037 "cvssScore": 3.14, # The CVSS score for this Vulnerability. 1038 "severity": "A String", # Note provider assigned impact of the vulnerability 1039 "details": [ # All information about the package to specifically identify this 1040 # vulnerability. One entry per (version range and cpe_uri) the 1041 # package vulnerability has manifested in. 1042 { # Identifies all occurrences of this vulnerability in the package for a 1043 # specific distro/location 1044 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 1045 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 1046 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in 1047 # which the vulnerability manifests. Examples include distro or storage 1048 # location for vulnerable jar. 1049 # This field can be used as a filter in list requests. 1050 "description": "A String", # A vendor-specific description of this note. 1051 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists. 1052 # For a discussion of this in Debian/Ubuntu: 1053 # http://serverfault.com/questions/604541/debian-packages-version-convention 1054 # For a discussion of this in Redhat/Fedora/Centos: 1055 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1056 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1057 # If kind is not NORMAL, then the other fields are ignored. 1058 "revision": "A String", # The iteration of the package build from the above version. 1059 "name": "A String", # The main part of the version name. 1060 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1061 }, 1062 "package": "A String", # The name of the package where the vulnerability was found. 1063 # This field can be used as a filter in list requests. 1064 "packageType": "A String", # The type of package; whether native or non native(ruby gems, 1065 # node.js packages etc) 1066 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to 1067 # obsolete details. 1068 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead. 1069 # 1070 # The max version of the package in which the vulnerability exists. 1071 # For a discussion of this in Debian/Ubuntu: 1072 # http://serverfault.com/questions/604541/debian-packages-version-convention 1073 # For a discussion of this in Redhat/Fedora/Centos: 1074 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1075 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1076 # If kind is not NORMAL, then the other fields are ignored. 1077 "revision": "A String", # The iteration of the package build from the above version. 1078 "name": "A String", # The main part of the version name. 1079 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1080 }, 1081 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version. 1082 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 1083 # format. Examples include distro or storage location for vulnerable jar. 1084 # This field can be used as a filter in list requests. 1085 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 1086 # filter in list requests. 1087 # For a discussion of this in Debian/Ubuntu: 1088 # http://serverfault.com/questions/604541/debian-packages-version-convention 1089 # For a discussion of this in Redhat/Fedora/Centos: 1090 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1091 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1092 # If kind is not NORMAL, then the other fields are ignored. 1093 "revision": "A String", # The iteration of the package build from the above version. 1094 "name": "A String", # The main part of the version name. 1095 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1096 }, 1097 "package": "A String", # The package being described. 1098 }, 1099 }, 1100 ], 1101 }, 1102 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers. 1103 # various channels. 1104 # e.g. glibc (aka libc6) is distributed by many, at various versions. 1105 "distribution": [ # The various channels by which a package is distributed. 1106 { # This represents a particular channel of distribution for a given package. 1107 # e.g. Debian's jessie-backports dpkg mirror 1108 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) 1109 # denoting the package manager version distributing a package. 1110 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 1111 "description": "A String", # The distribution channel-specific description of this package. 1112 "url": "A String", # The distribution channel-specific homepage for this package. 1113 "architecture": "A String", # The CPU architecture for which packages in this distribution 1114 # channel were built 1115 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in 1116 # this distribution channel. 1117 # For a discussion of this in Debian/Ubuntu: 1118 # http://serverfault.com/questions/604541/debian-packages-version-convention 1119 # For a discussion of this in Redhat/Fedora/Centos: 1120 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1121 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1122 # If kind is not NORMAL, then the other fields are ignored. 1123 "revision": "A String", # The iteration of the package build from the above version. 1124 "name": "A String", # The main part of the version name. 1125 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1126 }, 1127 }, 1128 ], 1129 "name": "A String", # The name of the package. 1130 }, 1131 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 1132 # a filter in list requests. 1133 "relatedUrl": [ # URLs associated with this note 1134 { # Metadata for any related URL information 1135 "url": "A String", # Specific URL to associate with the note 1136 "label": "A String", # Label to describe usage of the URL 1137 }, 1138 ], 1139 "longDescription": "A String", # A detailed description of this `Note`. 1140 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 1141 # example, an organization might have one `AttestationAuthority` for "QA" and 1142 # one for "build". This Note is intended to act strictly as a grouping 1143 # mechanism for the attached Occurrences (Attestations). This grouping 1144 # mechanism also provides a security boundary, since IAM ACLs gate the ability 1145 # for a principle to attach an Occurrence to a given Note. It also provides a 1146 # single point of lookup to find all attached Attestation Occurrences, even if 1147 # they don't all live in the same project. 1148 "hint": { # This submessage provides human-readable hints about the purpose of the 1149 # AttestationAuthority. Because the name of a Note acts as its resource 1150 # reference, it is important to disambiguate the canonical name of the Note 1151 # (which might be a UUID for security purposes) from "readable" names more 1152 # suitable for debug output. Note that these hints should NOT be used to 1153 # look up AttestationAuthorities in security sensitive contexts, such as when 1154 # looking up Attestations to verify. 1155 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa". 1156 }, 1157 }, 1158 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 1159 # relationship. Linked occurrences are derived from this or an 1160 # equivalent image via: 1161 # FROM <Basis.resource_url> 1162 # Or an equivalent reference, e.g. a tag of the resource_url. 1163 "resourceUrl": "A String", # The resource_url for the resource representing the basis of 1164 # associated occurrence images. 1165 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image. 1166 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 1167 # representation. 1168 # This field can be used as a filter in list requests. 1169 "v2Blob": [ # The ordered list of v2 blobs that represent a given image. 1170 "A String", 1171 ], 1172 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 1173 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 1174 # Only the name of the final blob is kept. 1175 # This field can be used as a filter in list requests. 1176 }, 1177 }, 1178 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire. 1179 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 1180 "resourceUri": [ # Resource URI for the artifact being deployed. 1181 "A String", 1182 ], 1183 }, 1184 "shortDescription": "A String", # A one sentence description of this `Note`. 1185 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 1186 # filter in list requests. 1187 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type. 1188 # exists in a provider's project. A `Discovery` occurrence is created in a 1189 # consumer's project at the start of analysis. The occurrence's operation will 1190 # indicate the status of the analysis. Absence of an occurrence linked to this 1191 # note for a resource indicates that analysis hasn't started. 1192 "analysisKind": "A String", # The kind of analysis that is handled by this discovery. 1193 }, 1194 }, 1195 ], 1196 }</pre> 1197</div> 1198 1199<div class="method"> 1200 <code class="details" id="list_next">list_next(previous_request, previous_response)</code> 1201 <pre>Retrieves the next page of results. 1202 1203Args: 1204 previous_request: The request for the previous page. (required) 1205 previous_response: The response from the request for the previous page. (required) 1206 1207Returns: 1208 A request object that you can call 'execute()' on to request the next 1209 page. Returns None if there are no more items in the collection. 1210 </pre> 1211</div> 1212 1213<div class="method"> 1214 <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code> 1215 <pre>Updates an existing `Note`. 1216 1217Args: 1218 name: string, The name of the note. 1219Should be of the form "projects/{provider_id}/notes/{note_id}". (required) 1220 body: object, The request body. (required) 1221 The object takes the form of: 1222 1223{ # Provides a detailed description of a `Note`. 1224 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build. 1225 # the provenance message in linked BuildDetails. 1226 "builderVersion": "A String", # Version of the builder which produced this Note. 1227 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this 1228 # `BuilderDetails`. 1229 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 1230 # findings are valid and unchanged. If `key_type` is empty, this defaults 1231 # to PEM encoded public keys. 1232 # 1233 # This field may be empty if `key_id` references an external key. 1234 # 1235 # For Cloud Build based signatures, this is a PEM encoded public 1236 # key. To verify the Cloud Build signature, place the contents of 1237 # this field into a file (public.pem). The signature field is base64-decoded 1238 # into its binary representation in signature.bin, and the provenance bytes 1239 # from `BuildDetails` are base64-decoded into a binary representation in 1240 # signed.bin. OpenSSL can then verify the signature: 1241 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 1242 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 1243 # `key_id` 1244 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key 1245 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the 1246 # CN for a cert), or a reference to an external key (such as a reference to a 1247 # key in Cloud Key Management Service). 1248 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string. 1249 }, 1250 }, 1251 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This 1252 # field can be used as a filter in list requests. 1253 "name": "A String", # The name of the note in the form 1254 # "providers/{provider_id}/notes/{NOTE_ID}" 1255 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note. 1256 "cvssScore": 3.14, # The CVSS score for this Vulnerability. 1257 "severity": "A String", # Note provider assigned impact of the vulnerability 1258 "details": [ # All information about the package to specifically identify this 1259 # vulnerability. One entry per (version range and cpe_uri) the 1260 # package vulnerability has manifested in. 1261 { # Identifies all occurrences of this vulnerability in the package for a 1262 # specific distro/location 1263 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 1264 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 1265 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in 1266 # which the vulnerability manifests. Examples include distro or storage 1267 # location for vulnerable jar. 1268 # This field can be used as a filter in list requests. 1269 "description": "A String", # A vendor-specific description of this note. 1270 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists. 1271 # For a discussion of this in Debian/Ubuntu: 1272 # http://serverfault.com/questions/604541/debian-packages-version-convention 1273 # For a discussion of this in Redhat/Fedora/Centos: 1274 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1275 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1276 # If kind is not NORMAL, then the other fields are ignored. 1277 "revision": "A String", # The iteration of the package build from the above version. 1278 "name": "A String", # The main part of the version name. 1279 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1280 }, 1281 "package": "A String", # The name of the package where the vulnerability was found. 1282 # This field can be used as a filter in list requests. 1283 "packageType": "A String", # The type of package; whether native or non native(ruby gems, 1284 # node.js packages etc) 1285 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to 1286 # obsolete details. 1287 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead. 1288 # 1289 # The max version of the package in which the vulnerability exists. 1290 # For a discussion of this in Debian/Ubuntu: 1291 # http://serverfault.com/questions/604541/debian-packages-version-convention 1292 # For a discussion of this in Redhat/Fedora/Centos: 1293 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1294 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1295 # If kind is not NORMAL, then the other fields are ignored. 1296 "revision": "A String", # The iteration of the package build from the above version. 1297 "name": "A String", # The main part of the version name. 1298 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1299 }, 1300 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version. 1301 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 1302 # format. Examples include distro or storage location for vulnerable jar. 1303 # This field can be used as a filter in list requests. 1304 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 1305 # filter in list requests. 1306 # For a discussion of this in Debian/Ubuntu: 1307 # http://serverfault.com/questions/604541/debian-packages-version-convention 1308 # For a discussion of this in Redhat/Fedora/Centos: 1309 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1310 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1311 # If kind is not NORMAL, then the other fields are ignored. 1312 "revision": "A String", # The iteration of the package build from the above version. 1313 "name": "A String", # The main part of the version name. 1314 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1315 }, 1316 "package": "A String", # The package being described. 1317 }, 1318 }, 1319 ], 1320 }, 1321 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers. 1322 # various channels. 1323 # e.g. glibc (aka libc6) is distributed by many, at various versions. 1324 "distribution": [ # The various channels by which a package is distributed. 1325 { # This represents a particular channel of distribution for a given package. 1326 # e.g. Debian's jessie-backports dpkg mirror 1327 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) 1328 # denoting the package manager version distributing a package. 1329 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 1330 "description": "A String", # The distribution channel-specific description of this package. 1331 "url": "A String", # The distribution channel-specific homepage for this package. 1332 "architecture": "A String", # The CPU architecture for which packages in this distribution 1333 # channel were built 1334 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in 1335 # this distribution channel. 1336 # For a discussion of this in Debian/Ubuntu: 1337 # http://serverfault.com/questions/604541/debian-packages-version-convention 1338 # For a discussion of this in Redhat/Fedora/Centos: 1339 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1340 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1341 # If kind is not NORMAL, then the other fields are ignored. 1342 "revision": "A String", # The iteration of the package build from the above version. 1343 "name": "A String", # The main part of the version name. 1344 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1345 }, 1346 }, 1347 ], 1348 "name": "A String", # The name of the package. 1349 }, 1350 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 1351 # a filter in list requests. 1352 "relatedUrl": [ # URLs associated with this note 1353 { # Metadata for any related URL information 1354 "url": "A String", # Specific URL to associate with the note 1355 "label": "A String", # Label to describe usage of the URL 1356 }, 1357 ], 1358 "longDescription": "A String", # A detailed description of this `Note`. 1359 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 1360 # example, an organization might have one `AttestationAuthority` for "QA" and 1361 # one for "build". This Note is intended to act strictly as a grouping 1362 # mechanism for the attached Occurrences (Attestations). This grouping 1363 # mechanism also provides a security boundary, since IAM ACLs gate the ability 1364 # for a principle to attach an Occurrence to a given Note. It also provides a 1365 # single point of lookup to find all attached Attestation Occurrences, even if 1366 # they don't all live in the same project. 1367 "hint": { # This submessage provides human-readable hints about the purpose of the 1368 # AttestationAuthority. Because the name of a Note acts as its resource 1369 # reference, it is important to disambiguate the canonical name of the Note 1370 # (which might be a UUID for security purposes) from "readable" names more 1371 # suitable for debug output. Note that these hints should NOT be used to 1372 # look up AttestationAuthorities in security sensitive contexts, such as when 1373 # looking up Attestations to verify. 1374 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa". 1375 }, 1376 }, 1377 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 1378 # relationship. Linked occurrences are derived from this or an 1379 # equivalent image via: 1380 # FROM <Basis.resource_url> 1381 # Or an equivalent reference, e.g. a tag of the resource_url. 1382 "resourceUrl": "A String", # The resource_url for the resource representing the basis of 1383 # associated occurrence images. 1384 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image. 1385 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 1386 # representation. 1387 # This field can be used as a filter in list requests. 1388 "v2Blob": [ # The ordered list of v2 blobs that represent a given image. 1389 "A String", 1390 ], 1391 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 1392 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 1393 # Only the name of the final blob is kept. 1394 # This field can be used as a filter in list requests. 1395 }, 1396 }, 1397 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire. 1398 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 1399 "resourceUri": [ # Resource URI for the artifact being deployed. 1400 "A String", 1401 ], 1402 }, 1403 "shortDescription": "A String", # A one sentence description of this `Note`. 1404 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 1405 # filter in list requests. 1406 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type. 1407 # exists in a provider's project. A `Discovery` occurrence is created in a 1408 # consumer's project at the start of analysis. The occurrence's operation will 1409 # indicate the status of the analysis. Absence of an occurrence linked to this 1410 # note for a resource indicates that analysis hasn't started. 1411 "analysisKind": "A String", # The kind of analysis that is handled by this discovery. 1412 }, 1413} 1414 1415 updateMask: string, The fields to update. 1416 x__xgafv: string, V1 error format. 1417 Allowed values 1418 1 - v1 error format 1419 2 - v2 error format 1420 1421Returns: 1422 An object of the form: 1423 1424 { # Provides a detailed description of a `Note`. 1425 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build. 1426 # the provenance message in linked BuildDetails. 1427 "builderVersion": "A String", # Version of the builder which produced this Note. 1428 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this 1429 # `BuilderDetails`. 1430 "publicKey": "A String", # Public key of the builder which can be used to verify that the related 1431 # findings are valid and unchanged. If `key_type` is empty, this defaults 1432 # to PEM encoded public keys. 1433 # 1434 # This field may be empty if `key_id` references an external key. 1435 # 1436 # For Cloud Build based signatures, this is a PEM encoded public 1437 # key. To verify the Cloud Build signature, place the contents of 1438 # this field into a file (public.pem). The signature field is base64-decoded 1439 # into its binary representation in signature.bin, and the provenance bytes 1440 # from `BuildDetails` are base64-decoded into a binary representation in 1441 # signed.bin. OpenSSL can then verify the signature: 1442 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin` 1443 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in 1444 # `key_id` 1445 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key 1446 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the 1447 # CN for a cert), or a reference to an external key (such as a reference to a 1448 # key in Cloud Key Management Service). 1449 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string. 1450 }, 1451 }, 1452 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This 1453 # field can be used as a filter in list requests. 1454 "name": "A String", # The name of the note in the form 1455 # "providers/{provider_id}/notes/{NOTE_ID}" 1456 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note. 1457 "cvssScore": 3.14, # The CVSS score for this Vulnerability. 1458 "severity": "A String", # Note provider assigned impact of the vulnerability 1459 "details": [ # All information about the package to specifically identify this 1460 # vulnerability. One entry per (version range and cpe_uri) the 1461 # package vulnerability has manifested in. 1462 { # Identifies all occurrences of this vulnerability in the package for a 1463 # specific distro/location 1464 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2 1465 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability. 1466 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in 1467 # which the vulnerability manifests. Examples include distro or storage 1468 # location for vulnerable jar. 1469 # This field can be used as a filter in list requests. 1470 "description": "A String", # A vendor-specific description of this note. 1471 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists. 1472 # For a discussion of this in Debian/Ubuntu: 1473 # http://serverfault.com/questions/604541/debian-packages-version-convention 1474 # For a discussion of this in Redhat/Fedora/Centos: 1475 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1476 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1477 # If kind is not NORMAL, then the other fields are ignored. 1478 "revision": "A String", # The iteration of the package build from the above version. 1479 "name": "A String", # The main part of the version name. 1480 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1481 }, 1482 "package": "A String", # The name of the package where the vulnerability was found. 1483 # This field can be used as a filter in list requests. 1484 "packageType": "A String", # The type of package; whether native or non native(ruby gems, 1485 # node.js packages etc) 1486 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to 1487 # obsolete details. 1488 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead. 1489 # 1490 # The max version of the package in which the vulnerability exists. 1491 # For a discussion of this in Debian/Ubuntu: 1492 # http://serverfault.com/questions/604541/debian-packages-version-convention 1493 # For a discussion of this in Redhat/Fedora/Centos: 1494 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1495 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1496 # If kind is not NORMAL, then the other fields are ignored. 1497 "revision": "A String", # The iteration of the package build from the above version. 1498 "name": "A String", # The main part of the version name. 1499 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1500 }, 1501 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version. 1502 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) 1503 # format. Examples include distro or storage location for vulnerable jar. 1504 # This field can be used as a filter in list requests. 1505 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a 1506 # filter in list requests. 1507 # For a discussion of this in Debian/Ubuntu: 1508 # http://serverfault.com/questions/604541/debian-packages-version-convention 1509 # For a discussion of this in Redhat/Fedora/Centos: 1510 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1511 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1512 # If kind is not NORMAL, then the other fields are ignored. 1513 "revision": "A String", # The iteration of the package build from the above version. 1514 "name": "A String", # The main part of the version name. 1515 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1516 }, 1517 "package": "A String", # The package being described. 1518 }, 1519 }, 1520 ], 1521 }, 1522 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers. 1523 # various channels. 1524 # e.g. glibc (aka libc6) is distributed by many, at various versions. 1525 "distribution": [ # The various channels by which a package is distributed. 1526 { # This represents a particular channel of distribution for a given package. 1527 # e.g. Debian's jessie-backports dpkg mirror 1528 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/) 1529 # denoting the package manager version distributing a package. 1530 "maintainer": "A String", # A freeform string denoting the maintainer of this package. 1531 "description": "A String", # The distribution channel-specific description of this package. 1532 "url": "A String", # The distribution channel-specific homepage for this package. 1533 "architecture": "A String", # The CPU architecture for which packages in this distribution 1534 # channel were built 1535 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in 1536 # this distribution channel. 1537 # For a discussion of this in Debian/Ubuntu: 1538 # http://serverfault.com/questions/604541/debian-packages-version-convention 1539 # For a discussion of this in Redhat/Fedora/Centos: 1540 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/ 1541 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions. 1542 # If kind is not NORMAL, then the other fields are ignored. 1543 "revision": "A String", # The iteration of the package build from the above version. 1544 "name": "A String", # The main part of the version name. 1545 "epoch": 42, # Used to correct mistakes in the version numbering scheme. 1546 }, 1547 }, 1548 ], 1549 "name": "A String", # The name of the package. 1550 }, 1551 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as 1552 # a filter in list requests. 1553 "relatedUrl": [ # URLs associated with this note 1554 { # Metadata for any related URL information 1555 "url": "A String", # Specific URL to associate with the note 1556 "label": "A String", # Label to describe usage of the URL 1557 }, 1558 ], 1559 "longDescription": "A String", # A detailed description of this `Note`. 1560 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role. 1561 # example, an organization might have one `AttestationAuthority` for "QA" and 1562 # one for "build". This Note is intended to act strictly as a grouping 1563 # mechanism for the attached Occurrences (Attestations). This grouping 1564 # mechanism also provides a security boundary, since IAM ACLs gate the ability 1565 # for a principle to attach an Occurrence to a given Note. It also provides a 1566 # single point of lookup to find all attached Attestation Occurrences, even if 1567 # they don't all live in the same project. 1568 "hint": { # This submessage provides human-readable hints about the purpose of the 1569 # AttestationAuthority. Because the name of a Note acts as its resource 1570 # reference, it is important to disambiguate the canonical name of the Note 1571 # (which might be a UUID for security purposes) from "readable" names more 1572 # suitable for debug output. Note that these hints should NOT be used to 1573 # look up AttestationAuthorities in security sensitive contexts, such as when 1574 # looking up Attestations to verify. 1575 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa". 1576 }, 1577 }, 1578 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image. 1579 # relationship. Linked occurrences are derived from this or an 1580 # equivalent image via: 1581 # FROM <Basis.resource_url> 1582 # Or an equivalent reference, e.g. a tag of the resource_url. 1583 "resourceUrl": "A String", # The resource_url for the resource representing the basis of 1584 # associated occurrence images. 1585 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image. 1586 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1 1587 # representation. 1588 # This field can be used as a filter in list requests. 1589 "v2Blob": [ # The ordered list of v2 blobs that represent a given image. 1590 "A String", 1591 ], 1592 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via: 1593 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1]) 1594 # Only the name of the final blob is kept. 1595 # This field can be used as a filter in list requests. 1596 }, 1597 }, 1598 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire. 1599 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed. 1600 "resourceUri": [ # Resource URI for the artifact being deployed. 1601 "A String", 1602 ], 1603 }, 1604 "shortDescription": "A String", # A one sentence description of this `Note`. 1605 "createTime": "A String", # Output only. The time this note was created. This field can be used as a 1606 # filter in list requests. 1607 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type. 1608 # exists in a provider's project. A `Discovery` occurrence is created in a 1609 # consumer's project at the start of analysis. The occurrence's operation will 1610 # indicate the status of the analysis. Absence of an occurrence linked to this 1611 # note for a resource indicates that analysis hasn't started. 1612 "analysisKind": "A String", # The kind of analysis that is handled by this discovery. 1613 }, 1614 }</pre> 1615</div> 1616 1617<div class="method"> 1618 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code> 1619 <pre>Sets the access control policy on the specified `Note` or `Occurrence`. 1620Requires `containeranalysis.notes.setIamPolicy` or 1621`containeranalysis.occurrences.setIamPolicy` permission if the resource is 1622a `Note` or an `Occurrence`, respectively. 1623Attempting to call this method without these permissions will result in a ` 1624`PERMISSION_DENIED` error. 1625Attempting to call this method on a non-existent resource will result in a 1626`NOT_FOUND` error if the user has `containeranalysis.notes.list` permission 1627on a `Note` or `containeranalysis.occurrences.list` on an `Occurrence`, or 1628a `PERMISSION_DENIED` error otherwise. The resource takes the following 1629formats: `projects/{projectid}/occurrences/{occurrenceid}` for occurrences 1630and projects/{projectid}/notes/{noteid} for notes 1631 1632Args: 1633 resource: string, REQUIRED: The resource for which the policy is being specified. 1634See the operation documentation for the appropriate value for this field. (required) 1635 body: object, The request body. (required) 1636 The object takes the form of: 1637 1638{ # Request message for `SetIamPolicy` method. 1639 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of 1640 # the policy is limited to a few 10s of KB. An empty policy is a 1641 # valid policy but certain Cloud Platform services (such as Projects) 1642 # might reject them. 1643 # specify access control policies for Cloud Platform resources. 1644 # 1645 # 1646 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 1647 # `members` to a `role`, where the members can be user accounts, Google groups, 1648 # Google domains, and service accounts. A `role` is a named list of permissions 1649 # defined by IAM. 1650 # 1651 # **JSON Example** 1652 # 1653 # { 1654 # "bindings": [ 1655 # { 1656 # "role": "roles/owner", 1657 # "members": [ 1658 # "user:mike@example.com", 1659 # "group:admins@example.com", 1660 # "domain:google.com", 1661 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 1662 # ] 1663 # }, 1664 # { 1665 # "role": "roles/viewer", 1666 # "members": ["user:sean@example.com"] 1667 # } 1668 # ] 1669 # } 1670 # 1671 # **YAML Example** 1672 # 1673 # bindings: 1674 # - members: 1675 # - user:mike@example.com 1676 # - group:admins@example.com 1677 # - domain:google.com 1678 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 1679 # role: roles/owner 1680 # - members: 1681 # - user:sean@example.com 1682 # role: roles/viewer 1683 # 1684 # 1685 # For a description of IAM and its features, see the 1686 # [IAM developer's guide](https://cloud.google.com/iam/docs). 1687 "bindings": [ # Associates a list of `members` to a `role`. 1688 # `bindings` with no members will result in an error. 1689 { # Associates `members` with a `role`. 1690 "role": "A String", # Role that is assigned to `members`. 1691 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1692 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1693 # `members` can have the following values: 1694 # 1695 # * `allUsers`: A special identifier that represents anyone who is 1696 # on the internet; with or without a Google account. 1697 # 1698 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1699 # who is authenticated with a Google account or a service account. 1700 # 1701 # * `user:{emailid}`: An email address that represents a specific Google 1702 # account. For example, `alice@gmail.com` . 1703 # 1704 # 1705 # * `serviceAccount:{emailid}`: An email address that represents a service 1706 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 1707 # 1708 # * `group:{emailid}`: An email address that represents a Google group. 1709 # For example, `admins@example.com`. 1710 # 1711 # 1712 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 1713 # users of that domain. For example, `google.com` or `example.com`. 1714 # 1715 "A String", 1716 ], 1717 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 1718 # NOTE: An unsatisfied condition will not allow user access via current 1719 # binding. Different bindings, including their conditions, are examined 1720 # independently. 1721 # 1722 # title: "User account presence" 1723 # description: "Determines whether the request has a user account" 1724 # expression: "size(request.user) > 0" 1725 "description": "A String", # An optional description of the expression. This is a longer text which 1726 # describes the expression, e.g. when hovered over it in a UI. 1727 "expression": "A String", # Textual representation of an expression in 1728 # Common Expression Language syntax. 1729 # 1730 # The application context of the containing message determines which 1731 # well-known feature set of CEL is supported. 1732 "location": "A String", # An optional string indicating the location of the expression for error 1733 # reporting, e.g. a file name and a position in the file. 1734 "title": "A String", # An optional title for the expression, i.e. a short string describing 1735 # its purpose. This can be used e.g. in UIs which allow to enter the 1736 # expression. 1737 }, 1738 }, 1739 ], 1740 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 1741 { # Specifies the audit configuration for a service. 1742 # The configuration determines which permission types are logged, and what 1743 # identities, if any, are exempted from logging. 1744 # An AuditConfig must have one or more AuditLogConfigs. 1745 # 1746 # If there are AuditConfigs for both `allServices` and a specific service, 1747 # the union of the two AuditConfigs is used for that service: the log_types 1748 # specified in each AuditConfig are enabled, and the exempted_members in each 1749 # AuditLogConfig are exempted. 1750 # 1751 # Example Policy with multiple AuditConfigs: 1752 # 1753 # { 1754 # "audit_configs": [ 1755 # { 1756 # "service": "allServices" 1757 # "audit_log_configs": [ 1758 # { 1759 # "log_type": "DATA_READ", 1760 # "exempted_members": [ 1761 # "user:foo@gmail.com" 1762 # ] 1763 # }, 1764 # { 1765 # "log_type": "DATA_WRITE", 1766 # }, 1767 # { 1768 # "log_type": "ADMIN_READ", 1769 # } 1770 # ] 1771 # }, 1772 # { 1773 # "service": "fooservice.googleapis.com" 1774 # "audit_log_configs": [ 1775 # { 1776 # "log_type": "DATA_READ", 1777 # }, 1778 # { 1779 # "log_type": "DATA_WRITE", 1780 # "exempted_members": [ 1781 # "user:bar@gmail.com" 1782 # ] 1783 # } 1784 # ] 1785 # } 1786 # ] 1787 # } 1788 # 1789 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 1790 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 1791 # bar@gmail.com from DATA_WRITE logging. 1792 "auditLogConfigs": [ # The configuration for logging of each type of permission. 1793 { # Provides the configuration for logging a type of permissions. 1794 # Example: 1795 # 1796 # { 1797 # "audit_log_configs": [ 1798 # { 1799 # "log_type": "DATA_READ", 1800 # "exempted_members": [ 1801 # "user:foo@gmail.com" 1802 # ] 1803 # }, 1804 # { 1805 # "log_type": "DATA_WRITE", 1806 # } 1807 # ] 1808 # } 1809 # 1810 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 1811 # foo@gmail.com from DATA_READ logging. 1812 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 1813 # permission. 1814 # Follows the same format of Binding.members. 1815 "A String", 1816 ], 1817 "logType": "A String", # The log type that this config enables. 1818 }, 1819 ], 1820 "service": "A String", # Specifies a service that will be enabled for audit logging. 1821 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 1822 # `allServices` is a special value that covers all services. 1823 }, 1824 ], 1825 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 1826 # prevent simultaneous updates of a policy from overwriting each other. 1827 # It is strongly suggested that systems make use of the `etag` in the 1828 # read-modify-write cycle to perform policy updates in order to avoid race 1829 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 1830 # systems are expected to put that etag in the request to `setIamPolicy` to 1831 # ensure that their change will be applied to the same version of the policy. 1832 # 1833 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 1834 # policy is overwritten blindly. 1835 "version": 42, # Deprecated. 1836 }, 1837 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only 1838 # the fields in the mask will be modified. If no mask is provided, the 1839 # following default mask is used: 1840 # paths: "bindings, etag" 1841 # This field is only used by Cloud IAM. 1842 } 1843 1844 x__xgafv: string, V1 error format. 1845 Allowed values 1846 1 - v1 error format 1847 2 - v2 error format 1848 1849Returns: 1850 An object of the form: 1851 1852 { # Defines an Identity and Access Management (IAM) policy. It is used to 1853 # specify access control policies for Cloud Platform resources. 1854 # 1855 # 1856 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of 1857 # `members` to a `role`, where the members can be user accounts, Google groups, 1858 # Google domains, and service accounts. A `role` is a named list of permissions 1859 # defined by IAM. 1860 # 1861 # **JSON Example** 1862 # 1863 # { 1864 # "bindings": [ 1865 # { 1866 # "role": "roles/owner", 1867 # "members": [ 1868 # "user:mike@example.com", 1869 # "group:admins@example.com", 1870 # "domain:google.com", 1871 # "serviceAccount:my-other-app@appspot.gserviceaccount.com" 1872 # ] 1873 # }, 1874 # { 1875 # "role": "roles/viewer", 1876 # "members": ["user:sean@example.com"] 1877 # } 1878 # ] 1879 # } 1880 # 1881 # **YAML Example** 1882 # 1883 # bindings: 1884 # - members: 1885 # - user:mike@example.com 1886 # - group:admins@example.com 1887 # - domain:google.com 1888 # - serviceAccount:my-other-app@appspot.gserviceaccount.com 1889 # role: roles/owner 1890 # - members: 1891 # - user:sean@example.com 1892 # role: roles/viewer 1893 # 1894 # 1895 # For a description of IAM and its features, see the 1896 # [IAM developer's guide](https://cloud.google.com/iam/docs). 1897 "bindings": [ # Associates a list of `members` to a `role`. 1898 # `bindings` with no members will result in an error. 1899 { # Associates `members` with a `role`. 1900 "role": "A String", # Role that is assigned to `members`. 1901 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`. 1902 "members": [ # Specifies the identities requesting access for a Cloud Platform resource. 1903 # `members` can have the following values: 1904 # 1905 # * `allUsers`: A special identifier that represents anyone who is 1906 # on the internet; with or without a Google account. 1907 # 1908 # * `allAuthenticatedUsers`: A special identifier that represents anyone 1909 # who is authenticated with a Google account or a service account. 1910 # 1911 # * `user:{emailid}`: An email address that represents a specific Google 1912 # account. For example, `alice@gmail.com` . 1913 # 1914 # 1915 # * `serviceAccount:{emailid}`: An email address that represents a service 1916 # account. For example, `my-other-app@appspot.gserviceaccount.com`. 1917 # 1918 # * `group:{emailid}`: An email address that represents a Google group. 1919 # For example, `admins@example.com`. 1920 # 1921 # 1922 # * `domain:{domain}`: The G Suite domain (primary) that represents all the 1923 # users of that domain. For example, `google.com` or `example.com`. 1924 # 1925 "A String", 1926 ], 1927 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding. 1928 # NOTE: An unsatisfied condition will not allow user access via current 1929 # binding. Different bindings, including their conditions, are examined 1930 # independently. 1931 # 1932 # title: "User account presence" 1933 # description: "Determines whether the request has a user account" 1934 # expression: "size(request.user) > 0" 1935 "description": "A String", # An optional description of the expression. This is a longer text which 1936 # describes the expression, e.g. when hovered over it in a UI. 1937 "expression": "A String", # Textual representation of an expression in 1938 # Common Expression Language syntax. 1939 # 1940 # The application context of the containing message determines which 1941 # well-known feature set of CEL is supported. 1942 "location": "A String", # An optional string indicating the location of the expression for error 1943 # reporting, e.g. a file name and a position in the file. 1944 "title": "A String", # An optional title for the expression, i.e. a short string describing 1945 # its purpose. This can be used e.g. in UIs which allow to enter the 1946 # expression. 1947 }, 1948 }, 1949 ], 1950 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy. 1951 { # Specifies the audit configuration for a service. 1952 # The configuration determines which permission types are logged, and what 1953 # identities, if any, are exempted from logging. 1954 # An AuditConfig must have one or more AuditLogConfigs. 1955 # 1956 # If there are AuditConfigs for both `allServices` and a specific service, 1957 # the union of the two AuditConfigs is used for that service: the log_types 1958 # specified in each AuditConfig are enabled, and the exempted_members in each 1959 # AuditLogConfig are exempted. 1960 # 1961 # Example Policy with multiple AuditConfigs: 1962 # 1963 # { 1964 # "audit_configs": [ 1965 # { 1966 # "service": "allServices" 1967 # "audit_log_configs": [ 1968 # { 1969 # "log_type": "DATA_READ", 1970 # "exempted_members": [ 1971 # "user:foo@gmail.com" 1972 # ] 1973 # }, 1974 # { 1975 # "log_type": "DATA_WRITE", 1976 # }, 1977 # { 1978 # "log_type": "ADMIN_READ", 1979 # } 1980 # ] 1981 # }, 1982 # { 1983 # "service": "fooservice.googleapis.com" 1984 # "audit_log_configs": [ 1985 # { 1986 # "log_type": "DATA_READ", 1987 # }, 1988 # { 1989 # "log_type": "DATA_WRITE", 1990 # "exempted_members": [ 1991 # "user:bar@gmail.com" 1992 # ] 1993 # } 1994 # ] 1995 # } 1996 # ] 1997 # } 1998 # 1999 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ 2000 # logging. It also exempts foo@gmail.com from DATA_READ logging, and 2001 # bar@gmail.com from DATA_WRITE logging. 2002 "auditLogConfigs": [ # The configuration for logging of each type of permission. 2003 { # Provides the configuration for logging a type of permissions. 2004 # Example: 2005 # 2006 # { 2007 # "audit_log_configs": [ 2008 # { 2009 # "log_type": "DATA_READ", 2010 # "exempted_members": [ 2011 # "user:foo@gmail.com" 2012 # ] 2013 # }, 2014 # { 2015 # "log_type": "DATA_WRITE", 2016 # } 2017 # ] 2018 # } 2019 # 2020 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting 2021 # foo@gmail.com from DATA_READ logging. 2022 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of 2023 # permission. 2024 # Follows the same format of Binding.members. 2025 "A String", 2026 ], 2027 "logType": "A String", # The log type that this config enables. 2028 }, 2029 ], 2030 "service": "A String", # Specifies a service that will be enabled for audit logging. 2031 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`. 2032 # `allServices` is a special value that covers all services. 2033 }, 2034 ], 2035 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help 2036 # prevent simultaneous updates of a policy from overwriting each other. 2037 # It is strongly suggested that systems make use of the `etag` in the 2038 # read-modify-write cycle to perform policy updates in order to avoid race 2039 # conditions: An `etag` is returned in the response to `getIamPolicy`, and 2040 # systems are expected to put that etag in the request to `setIamPolicy` to 2041 # ensure that their change will be applied to the same version of the policy. 2042 # 2043 # If no `etag` is provided in the call to `setIamPolicy`, then the existing 2044 # policy is overwritten blindly. 2045 "version": 42, # Deprecated. 2046 }</pre> 2047</div> 2048 2049<div class="method"> 2050 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code> 2051 <pre>Returns the permissions that a caller has on the specified note or 2052occurrence resource. Requires list permission on the project (for example, 2053"storage.objects.list" on the containing bucket for testing permission of 2054an object). Attempting to call this method on a non-existent resource will 2055result in a `NOT_FOUND` error if the user has list permission on the 2056project, or a `PERMISSION_DENIED` error otherwise. The resource takes the 2057following formats: `projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for 2058`Occurrences` and `projects/{PROJECT_ID}/notes/{NOTE_ID}` for `Notes` 2059 2060Args: 2061 resource: string, REQUIRED: The resource for which the policy detail is being requested. 2062See the operation documentation for the appropriate value for this field. (required) 2063 body: object, The request body. (required) 2064 The object takes the form of: 2065 2066{ # Request message for `TestIamPermissions` method. 2067 "permissions": [ # The set of permissions to check for the `resource`. Permissions with 2068 # wildcards (such as '*' or 'storage.*') are not allowed. For more 2069 # information see 2070 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions). 2071 "A String", 2072 ], 2073 } 2074 2075 x__xgafv: string, V1 error format. 2076 Allowed values 2077 1 - v1 error format 2078 2 - v2 error format 2079 2080Returns: 2081 An object of the form: 2082 2083 { # Response message for `TestIamPermissions` method. 2084 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is 2085 # allowed. 2086 "A String", 2087 ], 2088 }</pre> 2089</div> 2090 2091</body></html>