Gitiles
Code Review Sign In
gerrit-public.fairphone.software / platform / external / python / google-api-python-client / 715bd7f9ca9a324a05ee05a6476af383e54930f9 / . / docs / dyn / containeranalysis_v1alpha1.projects.notes.html
blob: 922ea435f0ff37b301ea082eb8f876bff1f2bcf0 [file] [log] [blame]
Bu Sun Kim715bd7f2019-06-14 16:50:42 -0700[diff] [blame^]1<html><body>
2<style>
3
4body, h1, h2, h3, div, span, p, pre, a {
5 margin: 0;
6 padding: 0;
7 border: 0;
8 font-weight: inherit;
9 font-style: inherit;
10 font-size: 100%;
11 font-family: inherit;
12 vertical-align: baseline;
13}
14
15body {
16 font-size: 13px;
17 padding: 1em;
18}
19
20h1 {
21 font-size: 26px;
22 margin-bottom: 1em;
23}
24
25h2 {
26 font-size: 24px;
27 margin-bottom: 1em;
28}
29
30h3 {
31 font-size: 20px;
32 margin-bottom: 1em;
33 margin-top: 1em;
34}
35
36pre, code {
37 line-height: 1.5;
38 font-family: Monaco, 'DejaVu Sans Mono', 'Bitstream Vera Sans Mono', 'Lucida Console', monospace;
39}
40
41pre {
42 margin-top: 0.5em;
43}
44
45h1, h2, h3, p {
46 font-family: Arial, sans serif;
47}
48
49h1, h2, h3 {
50 border-bottom: solid #CCC 1px;
51}
52
53.toc_element {
54 margin-top: 0.5em;
55}
56
57.firstline {
58 margin-left: 2 em;
59}
60
61.method {
62 margin-top: 1em;
63 border: solid 1px #CCC;
64 padding: 1em;
65 background: #EEE;
66}
67
68.details {
69 font-weight: bold;
70 font-size: 14px;
71}
72
73</style>
74
75<h1><a href="containeranalysis_v1alpha1.html">Container Analysis API</a> . <a href="containeranalysis_v1alpha1.projects.html">projects</a> . <a href="containeranalysis_v1alpha1.projects.notes.html">notes</a></h1>
76<h2>Instance Methods</h2>
77<p class="toc_element">
78 <code><a href="containeranalysis_v1alpha1.projects.notes.occurrences.html">occurrences()</a></code>
79</p>
80<p class="firstline">Returns the occurrences Resource.</p>
81
82<p class="toc_element">
83 <code><a href="#create">create(parent, body, name=None, noteId=None, x__xgafv=None)</a></code></p>
84<p class="firstline">Creates a new `Note`.</p>
85<p class="toc_element">
86 <code><a href="#delete">delete(name, x__xgafv=None)</a></code></p>
87<p class="firstline">Deletes the given `Note` from the system.</p>
88<p class="toc_element">
89 <code><a href="#get">get(name, x__xgafv=None)</a></code></p>
90<p class="firstline">Returns the requested `Note`.</p>
91<p class="toc_element">
92 <code><a href="#getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</a></code></p>
93<p class="firstline">Gets the access control policy for a note or an `Occurrence` resource.</p>
94<p class="toc_element">
95 <code><a href="#list">list(parent, name=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</a></code></p>
96<p class="firstline">Lists all `Notes` for a given project.</p>
97<p class="toc_element">
98 <code><a href="#list_next">list_next(previous_request, previous_response)</a></code></p>
99<p class="firstline">Retrieves the next page of results.</p>
100<p class="toc_element">
101 <code><a href="#patch">patch(name, body, updateMask=None, x__xgafv=None)</a></code></p>
102<p class="firstline">Updates an existing `Note`.</p>
103<p class="toc_element">
104 <code><a href="#setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</a></code></p>
105<p class="firstline">Sets the access control policy on the specified `Note` or `Occurrence`.</p>
106<p class="toc_element">
107 <code><a href="#testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</a></code></p>
108<p class="firstline">Returns the permissions that a caller has on the specified note or</p>
109<h3>Method Details</h3>
110<div class="method">
111 <code class="details" id="create">create(parent, body, name=None, noteId=None, x__xgafv=None)</code>
112 <pre>Creates a new `Note`.
113
114Args:
115 parent: string, This field contains the project Id for example:
116"projects/{project_id} (required)
117 body: object, The request body. (required)
118 The object takes the form of:
119
120{ # Provides a detailed description of a `Note`.
121 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build.
122 # the provenance message in linked BuildDetails.
123 "builderVersion": "A String", # Version of the builder which produced this Note.
124 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this
125 # `BuilderDetails`.
126 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
127 # findings are valid and unchanged. If `key_type` is empty, this defaults
128 # to PEM encoded public keys.
129 #
130 # This field may be empty if `key_id` references an external key.
131 #
132 # For Cloud Build based signatures, this is a PEM encoded public
133 # key. To verify the Cloud Build signature, place the contents of
134 # this field into a file (public.pem). The signature field is base64-decoded
135 # into its binary representation in signature.bin, and the provenance bytes
136 # from `BuildDetails` are base64-decoded into a binary representation in
137 # signed.bin. OpenSSL can then verify the signature:
138 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
139 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
140 # `key_id`
141 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key
142 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the
143 # CN for a cert), or a reference to an external key (such as a reference to a
144 # key in Cloud Key Management Service).
145 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string.
146 },
147 },
148 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This
149 # field can be used as a filter in list requests.
150 "name": "A String", # The name of the note in the form
151 # "providers/{provider_id}/notes/{NOTE_ID}"
152 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note.
153 "cvssScore": 3.14, # The CVSS score for this Vulnerability.
154 "severity": "A String", # Note provider assigned impact of the vulnerability
155 "details": [ # All information about the package to specifically identify this
156 # vulnerability. One entry per (version range and cpe_uri) the
157 # package vulnerability has manifested in.
158 { # Identifies all occurrences of this vulnerability in the package for a
159 # specific distro/location
160 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
161 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
162 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in
163 # which the vulnerability manifests. Examples include distro or storage
164 # location for vulnerable jar.
165 # This field can be used as a filter in list requests.
166 "description": "A String", # A vendor-specific description of this note.
167 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists.
168 # For a discussion of this in Debian/Ubuntu:
169 # http://serverfault.com/questions/604541/debian-packages-version-convention
170 # For a discussion of this in Redhat/Fedora/Centos:
171 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
172 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
173 # If kind is not NORMAL, then the other fields are ignored.
174 "revision": "A String", # The iteration of the package build from the above version.
175 "name": "A String", # The main part of the version name.
176 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
177 },
178 "package": "A String", # The name of the package where the vulnerability was found.
179 # This field can be used as a filter in list requests.
180 "packageType": "A String", # The type of package; whether native or non native(ruby gems,
181 # node.js packages etc)
182 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to
183 # obsolete details.
184 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead.
185 #
186 # The max version of the package in which the vulnerability exists.
187 # For a discussion of this in Debian/Ubuntu:
188 # http://serverfault.com/questions/604541/debian-packages-version-convention
189 # For a discussion of this in Redhat/Fedora/Centos:
190 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
191 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
192 # If kind is not NORMAL, then the other fields are ignored.
193 "revision": "A String", # The iteration of the package build from the above version.
194 "name": "A String", # The main part of the version name.
195 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
196 },
197 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version.
198 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
199 # format. Examples include distro or storage location for vulnerable jar.
200 # This field can be used as a filter in list requests.
201 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
202 # filter in list requests.
203 # For a discussion of this in Debian/Ubuntu:
204 # http://serverfault.com/questions/604541/debian-packages-version-convention
205 # For a discussion of this in Redhat/Fedora/Centos:
206 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
207 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
208 # If kind is not NORMAL, then the other fields are ignored.
209 "revision": "A String", # The iteration of the package build from the above version.
210 "name": "A String", # The main part of the version name.
211 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
212 },
213 "package": "A String", # The package being described.
214 },
215 },
216 ],
217 },
218 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers.
219 # various channels.
220 # e.g. glibc (aka libc6) is distributed by many, at various versions.
221 "distribution": [ # The various channels by which a package is distributed.
222 { # This represents a particular channel of distribution for a given package.
223 # e.g. Debian's jessie-backports dpkg mirror
224 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
225 # denoting the package manager version distributing a package.
226 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
227 "description": "A String", # The distribution channel-specific description of this package.
228 "url": "A String", # The distribution channel-specific homepage for this package.
229 "architecture": "A String", # The CPU architecture for which packages in this distribution
230 # channel were built
231 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in
232 # this distribution channel.
233 # For a discussion of this in Debian/Ubuntu:
234 # http://serverfault.com/questions/604541/debian-packages-version-convention
235 # For a discussion of this in Redhat/Fedora/Centos:
236 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
237 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
238 # If kind is not NORMAL, then the other fields are ignored.
239 "revision": "A String", # The iteration of the package build from the above version.
240 "name": "A String", # The main part of the version name.
241 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
242 },
243 },
244 ],
245 "name": "A String", # The name of the package.
246 },
247 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
248 # a filter in list requests.
249 "relatedUrl": [ # URLs associated with this note
250 { # Metadata for any related URL information
251 "url": "A String", # Specific URL to associate with the note
252 "label": "A String", # Label to describe usage of the URL
253 },
254 ],
255 "longDescription": "A String", # A detailed description of this `Note`.
256 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
257 # example, an organization might have one `AttestationAuthority` for "QA" and
258 # one for "build". This Note is intended to act strictly as a grouping
259 # mechanism for the attached Occurrences (Attestations). This grouping
260 # mechanism also provides a security boundary, since IAM ACLs gate the ability
261 # for a principle to attach an Occurrence to a given Note. It also provides a
262 # single point of lookup to find all attached Attestation Occurrences, even if
263 # they don't all live in the same project.
264 "hint": { # This submessage provides human-readable hints about the purpose of the
265 # AttestationAuthority. Because the name of a Note acts as its resource
266 # reference, it is important to disambiguate the canonical name of the Note
267 # (which might be a UUID for security purposes) from "readable" names more
268 # suitable for debug output. Note that these hints should NOT be used to
269 # look up AttestationAuthorities in security sensitive contexts, such as when
270 # looking up Attestations to verify.
271 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa".
272 },
273 },
274 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
275 # relationship. Linked occurrences are derived from this or an
276 # equivalent image via:
277 # FROM <Basis.resource_url>
278 # Or an equivalent reference, e.g. a tag of the resource_url.
279 "resourceUrl": "A String", # The resource_url for the resource representing the basis of
280 # associated occurrence images.
281 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image.
282 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1
283 # representation.
284 # This field can be used as a filter in list requests.
285 "v2Blob": [ # The ordered list of v2 blobs that represent a given image.
286 "A String",
287 ],
288 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
289 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
290 # Only the name of the final blob is kept.
291 # This field can be used as a filter in list requests.
292 },
293 },
294 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire.
295 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
296 "resourceUri": [ # Resource URI for the artifact being deployed.
297 "A String",
298 ],
299 },
300 "shortDescription": "A String", # A one sentence description of this `Note`.
301 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
302 # filter in list requests.
303 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type.
304 # exists in a provider's project. A `Discovery` occurrence is created in a
305 # consumer's project at the start of analysis. The occurrence's operation will
306 # indicate the status of the analysis. Absence of an occurrence linked to this
307 # note for a resource indicates that analysis hasn't started.
308 "analysisKind": "A String", # The kind of analysis that is handled by this discovery.
309 },
310}
311
312 name: string, The name of the project.
313Should be of the form "providers/{provider_id}".
314@Deprecated
315 noteId: string, The ID to use for this note.
316 x__xgafv: string, V1 error format.
317 Allowed values
318 1 - v1 error format
319 2 - v2 error format
320
321Returns:
322 An object of the form:
323
324 { # Provides a detailed description of a `Note`.
325 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build.
326 # the provenance message in linked BuildDetails.
327 "builderVersion": "A String", # Version of the builder which produced this Note.
328 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this
329 # `BuilderDetails`.
330 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
331 # findings are valid and unchanged. If `key_type` is empty, this defaults
332 # to PEM encoded public keys.
333 #
334 # This field may be empty if `key_id` references an external key.
335 #
336 # For Cloud Build based signatures, this is a PEM encoded public
337 # key. To verify the Cloud Build signature, place the contents of
338 # this field into a file (public.pem). The signature field is base64-decoded
339 # into its binary representation in signature.bin, and the provenance bytes
340 # from `BuildDetails` are base64-decoded into a binary representation in
341 # signed.bin. OpenSSL can then verify the signature:
342 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
343 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
344 # `key_id`
345 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key
346 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the
347 # CN for a cert), or a reference to an external key (such as a reference to a
348 # key in Cloud Key Management Service).
349 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string.
350 },
351 },
352 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This
353 # field can be used as a filter in list requests.
354 "name": "A String", # The name of the note in the form
355 # "providers/{provider_id}/notes/{NOTE_ID}"
356 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note.
357 "cvssScore": 3.14, # The CVSS score for this Vulnerability.
358 "severity": "A String", # Note provider assigned impact of the vulnerability
359 "details": [ # All information about the package to specifically identify this
360 # vulnerability. One entry per (version range and cpe_uri) the
361 # package vulnerability has manifested in.
362 { # Identifies all occurrences of this vulnerability in the package for a
363 # specific distro/location
364 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
365 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
366 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in
367 # which the vulnerability manifests. Examples include distro or storage
368 # location for vulnerable jar.
369 # This field can be used as a filter in list requests.
370 "description": "A String", # A vendor-specific description of this note.
371 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists.
372 # For a discussion of this in Debian/Ubuntu:
373 # http://serverfault.com/questions/604541/debian-packages-version-convention
374 # For a discussion of this in Redhat/Fedora/Centos:
375 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
376 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
377 # If kind is not NORMAL, then the other fields are ignored.
378 "revision": "A String", # The iteration of the package build from the above version.
379 "name": "A String", # The main part of the version name.
380 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
381 },
382 "package": "A String", # The name of the package where the vulnerability was found.
383 # This field can be used as a filter in list requests.
384 "packageType": "A String", # The type of package; whether native or non native(ruby gems,
385 # node.js packages etc)
386 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to
387 # obsolete details.
388 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead.
389 #
390 # The max version of the package in which the vulnerability exists.
391 # For a discussion of this in Debian/Ubuntu:
392 # http://serverfault.com/questions/604541/debian-packages-version-convention
393 # For a discussion of this in Redhat/Fedora/Centos:
394 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
395 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
396 # If kind is not NORMAL, then the other fields are ignored.
397 "revision": "A String", # The iteration of the package build from the above version.
398 "name": "A String", # The main part of the version name.
399 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
400 },
401 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version.
402 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
403 # format. Examples include distro or storage location for vulnerable jar.
404 # This field can be used as a filter in list requests.
405 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
406 # filter in list requests.
407 # For a discussion of this in Debian/Ubuntu:
408 # http://serverfault.com/questions/604541/debian-packages-version-convention
409 # For a discussion of this in Redhat/Fedora/Centos:
410 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
411 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
412 # If kind is not NORMAL, then the other fields are ignored.
413 "revision": "A String", # The iteration of the package build from the above version.
414 "name": "A String", # The main part of the version name.
415 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
416 },
417 "package": "A String", # The package being described.
418 },
419 },
420 ],
421 },
422 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers.
423 # various channels.
424 # e.g. glibc (aka libc6) is distributed by many, at various versions.
425 "distribution": [ # The various channels by which a package is distributed.
426 { # This represents a particular channel of distribution for a given package.
427 # e.g. Debian's jessie-backports dpkg mirror
428 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
429 # denoting the package manager version distributing a package.
430 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
431 "description": "A String", # The distribution channel-specific description of this package.
432 "url": "A String", # The distribution channel-specific homepage for this package.
433 "architecture": "A String", # The CPU architecture for which packages in this distribution
434 # channel were built
435 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in
436 # this distribution channel.
437 # For a discussion of this in Debian/Ubuntu:
438 # http://serverfault.com/questions/604541/debian-packages-version-convention
439 # For a discussion of this in Redhat/Fedora/Centos:
440 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
441 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
442 # If kind is not NORMAL, then the other fields are ignored.
443 "revision": "A String", # The iteration of the package build from the above version.
444 "name": "A String", # The main part of the version name.
445 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
446 },
447 },
448 ],
449 "name": "A String", # The name of the package.
450 },
451 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
452 # a filter in list requests.
453 "relatedUrl": [ # URLs associated with this note
454 { # Metadata for any related URL information
455 "url": "A String", # Specific URL to associate with the note
456 "label": "A String", # Label to describe usage of the URL
457 },
458 ],
459 "longDescription": "A String", # A detailed description of this `Note`.
460 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
461 # example, an organization might have one `AttestationAuthority` for "QA" and
462 # one for "build". This Note is intended to act strictly as a grouping
463 # mechanism for the attached Occurrences (Attestations). This grouping
464 # mechanism also provides a security boundary, since IAM ACLs gate the ability
465 # for a principle to attach an Occurrence to a given Note. It also provides a
466 # single point of lookup to find all attached Attestation Occurrences, even if
467 # they don't all live in the same project.
468 "hint": { # This submessage provides human-readable hints about the purpose of the
469 # AttestationAuthority. Because the name of a Note acts as its resource
470 # reference, it is important to disambiguate the canonical name of the Note
471 # (which might be a UUID for security purposes) from "readable" names more
472 # suitable for debug output. Note that these hints should NOT be used to
473 # look up AttestationAuthorities in security sensitive contexts, such as when
474 # looking up Attestations to verify.
475 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa".
476 },
477 },
478 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
479 # relationship. Linked occurrences are derived from this or an
480 # equivalent image via:
481 # FROM <Basis.resource_url>
482 # Or an equivalent reference, e.g. a tag of the resource_url.
483 "resourceUrl": "A String", # The resource_url for the resource representing the basis of
484 # associated occurrence images.
485 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image.
486 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1
487 # representation.
488 # This field can be used as a filter in list requests.
489 "v2Blob": [ # The ordered list of v2 blobs that represent a given image.
490 "A String",
491 ],
492 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
493 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
494 # Only the name of the final blob is kept.
495 # This field can be used as a filter in list requests.
496 },
497 },
498 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire.
499 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
500 "resourceUri": [ # Resource URI for the artifact being deployed.
501 "A String",
502 ],
503 },
504 "shortDescription": "A String", # A one sentence description of this `Note`.
505 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
506 # filter in list requests.
507 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type.
508 # exists in a provider's project. A `Discovery` occurrence is created in a
509 # consumer's project at the start of analysis. The occurrence's operation will
510 # indicate the status of the analysis. Absence of an occurrence linked to this
511 # note for a resource indicates that analysis hasn't started.
512 "analysisKind": "A String", # The kind of analysis that is handled by this discovery.
513 },
514 }</pre>
515</div>
516
517<div class="method">
518 <code class="details" id="delete">delete(name, x__xgafv=None)</code>
519 <pre>Deletes the given `Note` from the system.
520
521Args:
522 name: string, The name of the note in the form of
523"providers/{provider_id}/notes/{NOTE_ID}" (required)
524 x__xgafv: string, V1 error format.
525 Allowed values
526 1 - v1 error format
527 2 - v2 error format
528
529Returns:
530 An object of the form:
531
532 { # A generic empty message that you can re-use to avoid defining duplicated
533 # empty messages in your APIs. A typical example is to use it as the request
534 # or the response type of an API method. For instance:
535 #
536 # service Foo {
537 # rpc Bar(google.protobuf.Empty) returns (google.protobuf.Empty);
538 # }
539 #
540 # The JSON representation for `Empty` is empty JSON object `{}`.
541 }</pre>
542</div>
543
544<div class="method">
545 <code class="details" id="get">get(name, x__xgafv=None)</code>
546 <pre>Returns the requested `Note`.
547
548Args:
549 name: string, The name of the note in the form of
550"providers/{provider_id}/notes/{NOTE_ID}" (required)
551 x__xgafv: string, V1 error format.
552 Allowed values
553 1 - v1 error format
554 2 - v2 error format
555
556Returns:
557 An object of the form:
558
559 { # Provides a detailed description of a `Note`.
560 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build.
561 # the provenance message in linked BuildDetails.
562 "builderVersion": "A String", # Version of the builder which produced this Note.
563 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this
564 # `BuilderDetails`.
565 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
566 # findings are valid and unchanged. If `key_type` is empty, this defaults
567 # to PEM encoded public keys.
568 #
569 # This field may be empty if `key_id` references an external key.
570 #
571 # For Cloud Build based signatures, this is a PEM encoded public
572 # key. To verify the Cloud Build signature, place the contents of
573 # this field into a file (public.pem). The signature field is base64-decoded
574 # into its binary representation in signature.bin, and the provenance bytes
575 # from `BuildDetails` are base64-decoded into a binary representation in
576 # signed.bin. OpenSSL can then verify the signature:
577 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
578 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
579 # `key_id`
580 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key
581 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the
582 # CN for a cert), or a reference to an external key (such as a reference to a
583 # key in Cloud Key Management Service).
584 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string.
585 },
586 },
587 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This
588 # field can be used as a filter in list requests.
589 "name": "A String", # The name of the note in the form
590 # "providers/{provider_id}/notes/{NOTE_ID}"
591 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note.
592 "cvssScore": 3.14, # The CVSS score for this Vulnerability.
593 "severity": "A String", # Note provider assigned impact of the vulnerability
594 "details": [ # All information about the package to specifically identify this
595 # vulnerability. One entry per (version range and cpe_uri) the
596 # package vulnerability has manifested in.
597 { # Identifies all occurrences of this vulnerability in the package for a
598 # specific distro/location
599 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
600 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
601 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in
602 # which the vulnerability manifests. Examples include distro or storage
603 # location for vulnerable jar.
604 # This field can be used as a filter in list requests.
605 "description": "A String", # A vendor-specific description of this note.
606 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists.
607 # For a discussion of this in Debian/Ubuntu:
608 # http://serverfault.com/questions/604541/debian-packages-version-convention
609 # For a discussion of this in Redhat/Fedora/Centos:
610 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
611 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
612 # If kind is not NORMAL, then the other fields are ignored.
613 "revision": "A String", # The iteration of the package build from the above version.
614 "name": "A String", # The main part of the version name.
615 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
616 },
617 "package": "A String", # The name of the package where the vulnerability was found.
618 # This field can be used as a filter in list requests.
619 "packageType": "A String", # The type of package; whether native or non native(ruby gems,
620 # node.js packages etc)
621 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to
622 # obsolete details.
623 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead.
624 #
625 # The max version of the package in which the vulnerability exists.
626 # For a discussion of this in Debian/Ubuntu:
627 # http://serverfault.com/questions/604541/debian-packages-version-convention
628 # For a discussion of this in Redhat/Fedora/Centos:
629 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
630 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
631 # If kind is not NORMAL, then the other fields are ignored.
632 "revision": "A String", # The iteration of the package build from the above version.
633 "name": "A String", # The main part of the version name.
634 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
635 },
636 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version.
637 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
638 # format. Examples include distro or storage location for vulnerable jar.
639 # This field can be used as a filter in list requests.
640 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
641 # filter in list requests.
642 # For a discussion of this in Debian/Ubuntu:
643 # http://serverfault.com/questions/604541/debian-packages-version-convention
644 # For a discussion of this in Redhat/Fedora/Centos:
645 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
646 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
647 # If kind is not NORMAL, then the other fields are ignored.
648 "revision": "A String", # The iteration of the package build from the above version.
649 "name": "A String", # The main part of the version name.
650 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
651 },
652 "package": "A String", # The package being described.
653 },
654 },
655 ],
656 },
657 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers.
658 # various channels.
659 # e.g. glibc (aka libc6) is distributed by many, at various versions.
660 "distribution": [ # The various channels by which a package is distributed.
661 { # This represents a particular channel of distribution for a given package.
662 # e.g. Debian's jessie-backports dpkg mirror
663 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
664 # denoting the package manager version distributing a package.
665 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
666 "description": "A String", # The distribution channel-specific description of this package.
667 "url": "A String", # The distribution channel-specific homepage for this package.
668 "architecture": "A String", # The CPU architecture for which packages in this distribution
669 # channel were built
670 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in
671 # this distribution channel.
672 # For a discussion of this in Debian/Ubuntu:
673 # http://serverfault.com/questions/604541/debian-packages-version-convention
674 # For a discussion of this in Redhat/Fedora/Centos:
675 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
676 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
677 # If kind is not NORMAL, then the other fields are ignored.
678 "revision": "A String", # The iteration of the package build from the above version.
679 "name": "A String", # The main part of the version name.
680 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
681 },
682 },
683 ],
684 "name": "A String", # The name of the package.
685 },
686 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
687 # a filter in list requests.
688 "relatedUrl": [ # URLs associated with this note
689 { # Metadata for any related URL information
690 "url": "A String", # Specific URL to associate with the note
691 "label": "A String", # Label to describe usage of the URL
692 },
693 ],
694 "longDescription": "A String", # A detailed description of this `Note`.
695 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
696 # example, an organization might have one `AttestationAuthority` for "QA" and
697 # one for "build". This Note is intended to act strictly as a grouping
698 # mechanism for the attached Occurrences (Attestations). This grouping
699 # mechanism also provides a security boundary, since IAM ACLs gate the ability
700 # for a principle to attach an Occurrence to a given Note. It also provides a
701 # single point of lookup to find all attached Attestation Occurrences, even if
702 # they don't all live in the same project.
703 "hint": { # This submessage provides human-readable hints about the purpose of the
704 # AttestationAuthority. Because the name of a Note acts as its resource
705 # reference, it is important to disambiguate the canonical name of the Note
706 # (which might be a UUID for security purposes) from "readable" names more
707 # suitable for debug output. Note that these hints should NOT be used to
708 # look up AttestationAuthorities in security sensitive contexts, such as when
709 # looking up Attestations to verify.
710 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa".
711 },
712 },
713 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
714 # relationship. Linked occurrences are derived from this or an
715 # equivalent image via:
716 # FROM <Basis.resource_url>
717 # Or an equivalent reference, e.g. a tag of the resource_url.
718 "resourceUrl": "A String", # The resource_url for the resource representing the basis of
719 # associated occurrence images.
720 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image.
721 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1
722 # representation.
723 # This field can be used as a filter in list requests.
724 "v2Blob": [ # The ordered list of v2 blobs that represent a given image.
725 "A String",
726 ],
727 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
728 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
729 # Only the name of the final blob is kept.
730 # This field can be used as a filter in list requests.
731 },
732 },
733 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire.
734 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
735 "resourceUri": [ # Resource URI for the artifact being deployed.
736 "A String",
737 ],
738 },
739 "shortDescription": "A String", # A one sentence description of this `Note`.
740 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
741 # filter in list requests.
742 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type.
743 # exists in a provider's project. A `Discovery` occurrence is created in a
744 # consumer's project at the start of analysis. The occurrence's operation will
745 # indicate the status of the analysis. Absence of an occurrence linked to this
746 # note for a resource indicates that analysis hasn't started.
747 "analysisKind": "A String", # The kind of analysis that is handled by this discovery.
748 },
749 }</pre>
750</div>
751
752<div class="method">
753 <code class="details" id="getIamPolicy">getIamPolicy(resource, body=None, x__xgafv=None)</code>
754 <pre>Gets the access control policy for a note or an `Occurrence` resource.
755Requires `containeranalysis.notes.setIamPolicy` or
756`containeranalysis.occurrences.setIamPolicy` permission if the resource is
757a note or occurrence, respectively.
758Attempting to call this method on a resource without the required
759permission will result in a `PERMISSION_DENIED` error. Attempting to call
760this method on a non-existent resource will result in a `NOT_FOUND` error
761if the user has list permission on the project, or a `PERMISSION_DENIED`
762error otherwise. The resource takes the following formats:
763`projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for occurrences and
764projects/{PROJECT_ID}/notes/{NOTE_ID} for notes
765
766Args:
767 resource: string, REQUIRED: The resource for which the policy is being requested.
768See the operation documentation for the appropriate value for this field. (required)
769 body: object, The request body.
770 The object takes the form of:
771
772{ # Request message for `GetIamPolicy` method.
773 }
774
775 x__xgafv: string, V1 error format.
776 Allowed values
777 1 - v1 error format
778 2 - v2 error format
779
780Returns:
781 An object of the form:
782
783 { # Defines an Identity and Access Management (IAM) policy. It is used to
784 # specify access control policies for Cloud Platform resources.
785 #
786 #
787 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
788 # `members` to a `role`, where the members can be user accounts, Google groups,
789 # Google domains, and service accounts. A `role` is a named list of permissions
790 # defined by IAM.
791 #
792 # **JSON Example**
793 #
794 # {
795 # "bindings": [
796 # {
797 # "role": "roles/owner",
798 # "members": [
799 # "user:mike@example.com",
800 # "group:admins@example.com",
801 # "domain:google.com",
802 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
803 # ]
804 # },
805 # {
806 # "role": "roles/viewer",
807 # "members": ["user:sean@example.com"]
808 # }
809 # ]
810 # }
811 #
812 # **YAML Example**
813 #
814 # bindings:
815 # - members:
816 # - user:mike@example.com
817 # - group:admins@example.com
818 # - domain:google.com
819 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
820 # role: roles/owner
821 # - members:
822 # - user:sean@example.com
823 # role: roles/viewer
824 #
825 #
826 # For a description of IAM and its features, see the
827 # [IAM developer's guide](https://cloud.google.com/iam/docs).
828 "bindings": [ # Associates a list of `members` to a `role`.
829 # `bindings` with no members will result in an error.
830 { # Associates `members` with a `role`.
831 "role": "A String", # Role that is assigned to `members`.
832 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
833 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
834 # `members` can have the following values:
835 #
836 # * `allUsers`: A special identifier that represents anyone who is
837 # on the internet; with or without a Google account.
838 #
839 # * `allAuthenticatedUsers`: A special identifier that represents anyone
840 # who is authenticated with a Google account or a service account.
841 #
842 # * `user:{emailid}`: An email address that represents a specific Google
843 # account. For example, `alice@gmail.com` .
844 #
845 #
846 # * `serviceAccount:{emailid}`: An email address that represents a service
847 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
848 #
849 # * `group:{emailid}`: An email address that represents a Google group.
850 # For example, `admins@example.com`.
851 #
852 #
853 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
854 # users of that domain. For example, `google.com` or `example.com`.
855 #
856 "A String",
857 ],
858 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
859 # NOTE: An unsatisfied condition will not allow user access via current
860 # binding. Different bindings, including their conditions, are examined
861 # independently.
862 #
863 # title: "User account presence"
864 # description: "Determines whether the request has a user account"
865 # expression: "size(request.user) > 0"
866 "description": "A String", # An optional description of the expression. This is a longer text which
867 # describes the expression, e.g. when hovered over it in a UI.
868 "expression": "A String", # Textual representation of an expression in
869 # Common Expression Language syntax.
870 #
871 # The application context of the containing message determines which
872 # well-known feature set of CEL is supported.
873 "location": "A String", # An optional string indicating the location of the expression for error
874 # reporting, e.g. a file name and a position in the file.
875 "title": "A String", # An optional title for the expression, i.e. a short string describing
876 # its purpose. This can be used e.g. in UIs which allow to enter the
877 # expression.
878 },
879 },
880 ],
881 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
882 { # Specifies the audit configuration for a service.
883 # The configuration determines which permission types are logged, and what
884 # identities, if any, are exempted from logging.
885 # An AuditConfig must have one or more AuditLogConfigs.
886 #
887 # If there are AuditConfigs for both `allServices` and a specific service,
888 # the union of the two AuditConfigs is used for that service: the log_types
889 # specified in each AuditConfig are enabled, and the exempted_members in each
890 # AuditLogConfig are exempted.
891 #
892 # Example Policy with multiple AuditConfigs:
893 #
894 # {
895 # "audit_configs": [
896 # {
897 # "service": "allServices"
898 # "audit_log_configs": [
899 # {
900 # "log_type": "DATA_READ",
901 # "exempted_members": [
902 # "user:foo@gmail.com"
903 # ]
904 # },
905 # {
906 # "log_type": "DATA_WRITE",
907 # },
908 # {
909 # "log_type": "ADMIN_READ",
910 # }
911 # ]
912 # },
913 # {
914 # "service": "fooservice.googleapis.com"
915 # "audit_log_configs": [
916 # {
917 # "log_type": "DATA_READ",
918 # },
919 # {
920 # "log_type": "DATA_WRITE",
921 # "exempted_members": [
922 # "user:bar@gmail.com"
923 # ]
924 # }
925 # ]
926 # }
927 # ]
928 # }
929 #
930 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
931 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
932 # bar@gmail.com from DATA_WRITE logging.
933 "auditLogConfigs": [ # The configuration for logging of each type of permission.
934 { # Provides the configuration for logging a type of permissions.
935 # Example:
936 #
937 # {
938 # "audit_log_configs": [
939 # {
940 # "log_type": "DATA_READ",
941 # "exempted_members": [
942 # "user:foo@gmail.com"
943 # ]
944 # },
945 # {
946 # "log_type": "DATA_WRITE",
947 # }
948 # ]
949 # }
950 #
951 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
952 # foo@gmail.com from DATA_READ logging.
953 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
954 # permission.
955 # Follows the same format of Binding.members.
956 "A String",
957 ],
958 "logType": "A String", # The log type that this config enables.
959 },
960 ],
961 "service": "A String", # Specifies a service that will be enabled for audit logging.
962 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
963 # `allServices` is a special value that covers all services.
964 },
965 ],
966 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
967 # prevent simultaneous updates of a policy from overwriting each other.
968 # It is strongly suggested that systems make use of the `etag` in the
969 # read-modify-write cycle to perform policy updates in order to avoid race
970 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
971 # systems are expected to put that etag in the request to `setIamPolicy` to
972 # ensure that their change will be applied to the same version of the policy.
973 #
974 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
975 # policy is overwritten blindly.
976 "version": 42, # Deprecated.
977 }</pre>
978</div>
979
980<div class="method">
981 <code class="details" id="list">list(parent, name=None, pageSize=None, pageToken=None, x__xgafv=None, filter=None)</code>
982 <pre>Lists all `Notes` for a given project.
983
984Args:
985 parent: string, This field contains the project Id for example: "projects/{PROJECT_ID}". (required)
986 name: string, The name field will contain the project Id for example:
987"providers/{provider_id}
988@Deprecated
989 pageSize: integer, Number of notes to return in the list.
990 pageToken: string, Token to provide to skip to a particular spot in the list.
991 x__xgafv: string, V1 error format.
992 Allowed values
993 1 - v1 error format
994 2 - v2 error format
995 filter: string, The filter expression.
996
997Returns:
998 An object of the form:
999
1000 { # Response including listed notes.
1001 "nextPageToken": "A String", # The next pagination token in the list response. It should be used as
1002 # page_token for the following request. An empty value means no more result.
1003 "notes": [ # The occurrences requested
1004 { # Provides a detailed description of a `Note`.
1005 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build.
1006 # the provenance message in linked BuildDetails.
1007 "builderVersion": "A String", # Version of the builder which produced this Note.
1008 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this
1009 # `BuilderDetails`.
1010 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
1011 # findings are valid and unchanged. If `key_type` is empty, this defaults
1012 # to PEM encoded public keys.
1013 #
1014 # This field may be empty if `key_id` references an external key.
1015 #
1016 # For Cloud Build based signatures, this is a PEM encoded public
1017 # key. To verify the Cloud Build signature, place the contents of
1018 # this field into a file (public.pem). The signature field is base64-decoded
1019 # into its binary representation in signature.bin, and the provenance bytes
1020 # from `BuildDetails` are base64-decoded into a binary representation in
1021 # signed.bin. OpenSSL can then verify the signature:
1022 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
1023 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
1024 # `key_id`
1025 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key
1026 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the
1027 # CN for a cert), or a reference to an external key (such as a reference to a
1028 # key in Cloud Key Management Service).
1029 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string.
1030 },
1031 },
1032 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This
1033 # field can be used as a filter in list requests.
1034 "name": "A String", # The name of the note in the form
1035 # "providers/{provider_id}/notes/{NOTE_ID}"
1036 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note.
1037 "cvssScore": 3.14, # The CVSS score for this Vulnerability.
1038 "severity": "A String", # Note provider assigned impact of the vulnerability
1039 "details": [ # All information about the package to specifically identify this
1040 # vulnerability. One entry per (version range and cpe_uri) the
1041 # package vulnerability has manifested in.
1042 { # Identifies all occurrences of this vulnerability in the package for a
1043 # specific distro/location
1044 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
1045 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
1046 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in
1047 # which the vulnerability manifests. Examples include distro or storage
1048 # location for vulnerable jar.
1049 # This field can be used as a filter in list requests.
1050 "description": "A String", # A vendor-specific description of this note.
1051 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists.
1052 # For a discussion of this in Debian/Ubuntu:
1053 # http://serverfault.com/questions/604541/debian-packages-version-convention
1054 # For a discussion of this in Redhat/Fedora/Centos:
1055 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1056 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1057 # If kind is not NORMAL, then the other fields are ignored.
1058 "revision": "A String", # The iteration of the package build from the above version.
1059 "name": "A String", # The main part of the version name.
1060 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1061 },
1062 "package": "A String", # The name of the package where the vulnerability was found.
1063 # This field can be used as a filter in list requests.
1064 "packageType": "A String", # The type of package; whether native or non native(ruby gems,
1065 # node.js packages etc)
1066 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to
1067 # obsolete details.
1068 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead.
1069 #
1070 # The max version of the package in which the vulnerability exists.
1071 # For a discussion of this in Debian/Ubuntu:
1072 # http://serverfault.com/questions/604541/debian-packages-version-convention
1073 # For a discussion of this in Redhat/Fedora/Centos:
1074 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1075 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1076 # If kind is not NORMAL, then the other fields are ignored.
1077 "revision": "A String", # The iteration of the package build from the above version.
1078 "name": "A String", # The main part of the version name.
1079 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1080 },
1081 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version.
1082 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
1083 # format. Examples include distro or storage location for vulnerable jar.
1084 # This field can be used as a filter in list requests.
1085 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
1086 # filter in list requests.
1087 # For a discussion of this in Debian/Ubuntu:
1088 # http://serverfault.com/questions/604541/debian-packages-version-convention
1089 # For a discussion of this in Redhat/Fedora/Centos:
1090 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1091 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1092 # If kind is not NORMAL, then the other fields are ignored.
1093 "revision": "A String", # The iteration of the package build from the above version.
1094 "name": "A String", # The main part of the version name.
1095 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1096 },
1097 "package": "A String", # The package being described.
1098 },
1099 },
1100 ],
1101 },
1102 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers.
1103 # various channels.
1104 # e.g. glibc (aka libc6) is distributed by many, at various versions.
1105 "distribution": [ # The various channels by which a package is distributed.
1106 { # This represents a particular channel of distribution for a given package.
1107 # e.g. Debian's jessie-backports dpkg mirror
1108 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
1109 # denoting the package manager version distributing a package.
1110 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
1111 "description": "A String", # The distribution channel-specific description of this package.
1112 "url": "A String", # The distribution channel-specific homepage for this package.
1113 "architecture": "A String", # The CPU architecture for which packages in this distribution
1114 # channel were built
1115 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in
1116 # this distribution channel.
1117 # For a discussion of this in Debian/Ubuntu:
1118 # http://serverfault.com/questions/604541/debian-packages-version-convention
1119 # For a discussion of this in Redhat/Fedora/Centos:
1120 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1121 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1122 # If kind is not NORMAL, then the other fields are ignored.
1123 "revision": "A String", # The iteration of the package build from the above version.
1124 "name": "A String", # The main part of the version name.
1125 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1126 },
1127 },
1128 ],
1129 "name": "A String", # The name of the package.
1130 },
1131 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
1132 # a filter in list requests.
1133 "relatedUrl": [ # URLs associated with this note
1134 { # Metadata for any related URL information
1135 "url": "A String", # Specific URL to associate with the note
1136 "label": "A String", # Label to describe usage of the URL
1137 },
1138 ],
1139 "longDescription": "A String", # A detailed description of this `Note`.
1140 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
1141 # example, an organization might have one `AttestationAuthority` for "QA" and
1142 # one for "build". This Note is intended to act strictly as a grouping
1143 # mechanism for the attached Occurrences (Attestations). This grouping
1144 # mechanism also provides a security boundary, since IAM ACLs gate the ability
1145 # for a principle to attach an Occurrence to a given Note. It also provides a
1146 # single point of lookup to find all attached Attestation Occurrences, even if
1147 # they don't all live in the same project.
1148 "hint": { # This submessage provides human-readable hints about the purpose of the
1149 # AttestationAuthority. Because the name of a Note acts as its resource
1150 # reference, it is important to disambiguate the canonical name of the Note
1151 # (which might be a UUID for security purposes) from "readable" names more
1152 # suitable for debug output. Note that these hints should NOT be used to
1153 # look up AttestationAuthorities in security sensitive contexts, such as when
1154 # looking up Attestations to verify.
1155 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa".
1156 },
1157 },
1158 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
1159 # relationship. Linked occurrences are derived from this or an
1160 # equivalent image via:
1161 # FROM <Basis.resource_url>
1162 # Or an equivalent reference, e.g. a tag of the resource_url.
1163 "resourceUrl": "A String", # The resource_url for the resource representing the basis of
1164 # associated occurrence images.
1165 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image.
1166 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1
1167 # representation.
1168 # This field can be used as a filter in list requests.
1169 "v2Blob": [ # The ordered list of v2 blobs that represent a given image.
1170 "A String",
1171 ],
1172 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
1173 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
1174 # Only the name of the final blob is kept.
1175 # This field can be used as a filter in list requests.
1176 },
1177 },
1178 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire.
1179 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
1180 "resourceUri": [ # Resource URI for the artifact being deployed.
1181 "A String",
1182 ],
1183 },
1184 "shortDescription": "A String", # A one sentence description of this `Note`.
1185 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
1186 # filter in list requests.
1187 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type.
1188 # exists in a provider's project. A `Discovery` occurrence is created in a
1189 # consumer's project at the start of analysis. The occurrence's operation will
1190 # indicate the status of the analysis. Absence of an occurrence linked to this
1191 # note for a resource indicates that analysis hasn't started.
1192 "analysisKind": "A String", # The kind of analysis that is handled by this discovery.
1193 },
1194 },
1195 ],
1196 }</pre>
1197</div>
1198
1199<div class="method">
1200 <code class="details" id="list_next">list_next(previous_request, previous_response)</code>
1201 <pre>Retrieves the next page of results.
1202
1203Args:
1204 previous_request: The request for the previous page. (required)
1205 previous_response: The response from the request for the previous page. (required)
1206
1207Returns:
1208 A request object that you can call 'execute()' on to request the next
1209 page. Returns None if there are no more items in the collection.
1210 </pre>
1211</div>
1212
1213<div class="method">
1214 <code class="details" id="patch">patch(name, body, updateMask=None, x__xgafv=None)</code>
1215 <pre>Updates an existing `Note`.
1216
1217Args:
1218 name: string, The name of the note.
1219Should be of the form "projects/{provider_id}/notes/{note_id}". (required)
1220 body: object, The request body. (required)
1221 The object takes the form of:
1222
1223{ # Provides a detailed description of a `Note`.
1224 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build.
1225 # the provenance message in linked BuildDetails.
1226 "builderVersion": "A String", # Version of the builder which produced this Note.
1227 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this
1228 # `BuilderDetails`.
1229 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
1230 # findings are valid and unchanged. If `key_type` is empty, this defaults
1231 # to PEM encoded public keys.
1232 #
1233 # This field may be empty if `key_id` references an external key.
1234 #
1235 # For Cloud Build based signatures, this is a PEM encoded public
1236 # key. To verify the Cloud Build signature, place the contents of
1237 # this field into a file (public.pem). The signature field is base64-decoded
1238 # into its binary representation in signature.bin, and the provenance bytes
1239 # from `BuildDetails` are base64-decoded into a binary representation in
1240 # signed.bin. OpenSSL can then verify the signature:
1241 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
1242 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
1243 # `key_id`
1244 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key
1245 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the
1246 # CN for a cert), or a reference to an external key (such as a reference to a
1247 # key in Cloud Key Management Service).
1248 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string.
1249 },
1250 },
1251 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This
1252 # field can be used as a filter in list requests.
1253 "name": "A String", # The name of the note in the form
1254 # "providers/{provider_id}/notes/{NOTE_ID}"
1255 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note.
1256 "cvssScore": 3.14, # The CVSS score for this Vulnerability.
1257 "severity": "A String", # Note provider assigned impact of the vulnerability
1258 "details": [ # All information about the package to specifically identify this
1259 # vulnerability. One entry per (version range and cpe_uri) the
1260 # package vulnerability has manifested in.
1261 { # Identifies all occurrences of this vulnerability in the package for a
1262 # specific distro/location
1263 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
1264 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
1265 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in
1266 # which the vulnerability manifests. Examples include distro or storage
1267 # location for vulnerable jar.
1268 # This field can be used as a filter in list requests.
1269 "description": "A String", # A vendor-specific description of this note.
1270 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists.
1271 # For a discussion of this in Debian/Ubuntu:
1272 # http://serverfault.com/questions/604541/debian-packages-version-convention
1273 # For a discussion of this in Redhat/Fedora/Centos:
1274 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1275 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1276 # If kind is not NORMAL, then the other fields are ignored.
1277 "revision": "A String", # The iteration of the package build from the above version.
1278 "name": "A String", # The main part of the version name.
1279 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1280 },
1281 "package": "A String", # The name of the package where the vulnerability was found.
1282 # This field can be used as a filter in list requests.
1283 "packageType": "A String", # The type of package; whether native or non native(ruby gems,
1284 # node.js packages etc)
1285 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to
1286 # obsolete details.
1287 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead.
1288 #
1289 # The max version of the package in which the vulnerability exists.
1290 # For a discussion of this in Debian/Ubuntu:
1291 # http://serverfault.com/questions/604541/debian-packages-version-convention
1292 # For a discussion of this in Redhat/Fedora/Centos:
1293 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1294 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1295 # If kind is not NORMAL, then the other fields are ignored.
1296 "revision": "A String", # The iteration of the package build from the above version.
1297 "name": "A String", # The main part of the version name.
1298 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1299 },
1300 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version.
1301 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
1302 # format. Examples include distro or storage location for vulnerable jar.
1303 # This field can be used as a filter in list requests.
1304 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
1305 # filter in list requests.
1306 # For a discussion of this in Debian/Ubuntu:
1307 # http://serverfault.com/questions/604541/debian-packages-version-convention
1308 # For a discussion of this in Redhat/Fedora/Centos:
1309 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1310 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1311 # If kind is not NORMAL, then the other fields are ignored.
1312 "revision": "A String", # The iteration of the package build from the above version.
1313 "name": "A String", # The main part of the version name.
1314 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1315 },
1316 "package": "A String", # The package being described.
1317 },
1318 },
1319 ],
1320 },
1321 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers.
1322 # various channels.
1323 # e.g. glibc (aka libc6) is distributed by many, at various versions.
1324 "distribution": [ # The various channels by which a package is distributed.
1325 { # This represents a particular channel of distribution for a given package.
1326 # e.g. Debian's jessie-backports dpkg mirror
1327 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
1328 # denoting the package manager version distributing a package.
1329 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
1330 "description": "A String", # The distribution channel-specific description of this package.
1331 "url": "A String", # The distribution channel-specific homepage for this package.
1332 "architecture": "A String", # The CPU architecture for which packages in this distribution
1333 # channel were built
1334 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in
1335 # this distribution channel.
1336 # For a discussion of this in Debian/Ubuntu:
1337 # http://serverfault.com/questions/604541/debian-packages-version-convention
1338 # For a discussion of this in Redhat/Fedora/Centos:
1339 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1340 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1341 # If kind is not NORMAL, then the other fields are ignored.
1342 "revision": "A String", # The iteration of the package build from the above version.
1343 "name": "A String", # The main part of the version name.
1344 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1345 },
1346 },
1347 ],
1348 "name": "A String", # The name of the package.
1349 },
1350 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
1351 # a filter in list requests.
1352 "relatedUrl": [ # URLs associated with this note
1353 { # Metadata for any related URL information
1354 "url": "A String", # Specific URL to associate with the note
1355 "label": "A String", # Label to describe usage of the URL
1356 },
1357 ],
1358 "longDescription": "A String", # A detailed description of this `Note`.
1359 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
1360 # example, an organization might have one `AttestationAuthority` for "QA" and
1361 # one for "build". This Note is intended to act strictly as a grouping
1362 # mechanism for the attached Occurrences (Attestations). This grouping
1363 # mechanism also provides a security boundary, since IAM ACLs gate the ability
1364 # for a principle to attach an Occurrence to a given Note. It also provides a
1365 # single point of lookup to find all attached Attestation Occurrences, even if
1366 # they don't all live in the same project.
1367 "hint": { # This submessage provides human-readable hints about the purpose of the
1368 # AttestationAuthority. Because the name of a Note acts as its resource
1369 # reference, it is important to disambiguate the canonical name of the Note
1370 # (which might be a UUID for security purposes) from "readable" names more
1371 # suitable for debug output. Note that these hints should NOT be used to
1372 # look up AttestationAuthorities in security sensitive contexts, such as when
1373 # looking up Attestations to verify.
1374 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa".
1375 },
1376 },
1377 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
1378 # relationship. Linked occurrences are derived from this or an
1379 # equivalent image via:
1380 # FROM <Basis.resource_url>
1381 # Or an equivalent reference, e.g. a tag of the resource_url.
1382 "resourceUrl": "A String", # The resource_url for the resource representing the basis of
1383 # associated occurrence images.
1384 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image.
1385 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1
1386 # representation.
1387 # This field can be used as a filter in list requests.
1388 "v2Blob": [ # The ordered list of v2 blobs that represent a given image.
1389 "A String",
1390 ],
1391 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
1392 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
1393 # Only the name of the final blob is kept.
1394 # This field can be used as a filter in list requests.
1395 },
1396 },
1397 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire.
1398 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
1399 "resourceUri": [ # Resource URI for the artifact being deployed.
1400 "A String",
1401 ],
1402 },
1403 "shortDescription": "A String", # A one sentence description of this `Note`.
1404 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
1405 # filter in list requests.
1406 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type.
1407 # exists in a provider's project. A `Discovery` occurrence is created in a
1408 # consumer's project at the start of analysis. The occurrence's operation will
1409 # indicate the status of the analysis. Absence of an occurrence linked to this
1410 # note for a resource indicates that analysis hasn't started.
1411 "analysisKind": "A String", # The kind of analysis that is handled by this discovery.
1412 },
1413}
1414
1415 updateMask: string, The fields to update.
1416 x__xgafv: string, V1 error format.
1417 Allowed values
1418 1 - v1 error format
1419 2 - v2 error format
1420
1421Returns:
1422 An object of the form:
1423
1424 { # Provides a detailed description of a `Note`.
1425 "buildType": { # Note holding the version of the provider's builder and the signature of # Build provenance type for a verifiable build.
1426 # the provenance message in linked BuildDetails.
1427 "builderVersion": "A String", # Version of the builder which produced this Note.
1428 "signature": { # Message encapsulating the signature of the verified build. # Signature of the build in Occurrences pointing to the Note containing this
1429 # `BuilderDetails`.
1430 "publicKey": "A String", # Public key of the builder which can be used to verify that the related
1431 # findings are valid and unchanged. If `key_type` is empty, this defaults
1432 # to PEM encoded public keys.
1433 #
1434 # This field may be empty if `key_id` references an external key.
1435 #
1436 # For Cloud Build based signatures, this is a PEM encoded public
1437 # key. To verify the Cloud Build signature, place the contents of
1438 # this field into a file (public.pem). The signature field is base64-decoded
1439 # into its binary representation in signature.bin, and the provenance bytes
1440 # from `BuildDetails` are base64-decoded into a binary representation in
1441 # signed.bin. OpenSSL can then verify the signature:
1442 # `openssl sha256 -verify public.pem -signature signature.bin signed.bin`
1443 "keyType": "A String", # The type of the key, either stored in `public_key` or referenced in
1444 # `key_id`
1445 "keyId": "A String", # An Id for the key used to sign. This could be either an Id for the key
1446 # stored in `public_key` (such as the Id or fingerprint for a PGP key, or the
1447 # CN for a cert), or a reference to an external key (such as a reference to a
1448 # key in Cloud Key Management Service).
1449 "signature": "A String", # Signature of the related `BuildProvenance`, encoded in a base64 string.
1450 },
1451 },
1452 "kind": "A String", # Output only. This explicitly denotes which kind of note is specified. This
1453 # field can be used as a filter in list requests.
1454 "name": "A String", # The name of the note in the form
1455 # "providers/{provider_id}/notes/{NOTE_ID}"
1456 "vulnerabilityType": { # VulnerabilityType provides metadata about a security vulnerability. # A package vulnerability type of note.
1457 "cvssScore": 3.14, # The CVSS score for this Vulnerability.
1458 "severity": "A String", # Note provider assigned impact of the vulnerability
1459 "details": [ # All information about the package to specifically identify this
1460 # vulnerability. One entry per (version range and cpe_uri) the
1461 # package vulnerability has manifested in.
1462 { # Identifies all occurrences of this vulnerability in the package for a
1463 # specific distro/location
1464 # For example: glibc in cpe:/o:debian:debian_linux:8 for versions 2.1 - 2.2
1465 "severityName": "A String", # The severity (eg: distro assigned severity) for this vulnerability.
1466 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/) in
1467 # which the vulnerability manifests. Examples include distro or storage
1468 # location for vulnerable jar.
1469 # This field can be used as a filter in list requests.
1470 "description": "A String", # A vendor-specific description of this note.
1471 "minAffectedVersion": { # Version contains structured information about the version of the package. # The min version of the package in which the vulnerability exists.
1472 # For a discussion of this in Debian/Ubuntu:
1473 # http://serverfault.com/questions/604541/debian-packages-version-convention
1474 # For a discussion of this in Redhat/Fedora/Centos:
1475 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1476 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1477 # If kind is not NORMAL, then the other fields are ignored.
1478 "revision": "A String", # The iteration of the package build from the above version.
1479 "name": "A String", # The main part of the version name.
1480 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1481 },
1482 "package": "A String", # The name of the package where the vulnerability was found.
1483 # This field can be used as a filter in list requests.
1484 "packageType": "A String", # The type of package; whether native or non native(ruby gems,
1485 # node.js packages etc)
1486 "isObsolete": True or False, # Whether this Detail is obsolete. Occurrences are expected not to point to
1487 # obsolete details.
1488 "maxAffectedVersion": { # Version contains structured information about the version of the package. # Deprecated, do not use. Use fixed_location instead.
1489 #
1490 # The max version of the package in which the vulnerability exists.
1491 # For a discussion of this in Debian/Ubuntu:
1492 # http://serverfault.com/questions/604541/debian-packages-version-convention
1493 # For a discussion of this in Redhat/Fedora/Centos:
1494 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1495 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1496 # If kind is not NORMAL, then the other fields are ignored.
1497 "revision": "A String", # The iteration of the package build from the above version.
1498 "name": "A String", # The main part of the version name.
1499 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1500 },
1501 "fixedLocation": { # The location of the vulnerability # The fix for this specific package version.
1502 "cpeUri": "A String", # The cpe_uri in [cpe format] (https://cpe.mitre.org/specification/)
1503 # format. Examples include distro or storage location for vulnerable jar.
1504 # This field can be used as a filter in list requests.
1505 "version": { # Version contains structured information about the version of the package. # The version of the package being described. This field can be used as a
1506 # filter in list requests.
1507 # For a discussion of this in Debian/Ubuntu:
1508 # http://serverfault.com/questions/604541/debian-packages-version-convention
1509 # For a discussion of this in Redhat/Fedora/Centos:
1510 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1511 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1512 # If kind is not NORMAL, then the other fields are ignored.
1513 "revision": "A String", # The iteration of the package build from the above version.
1514 "name": "A String", # The main part of the version name.
1515 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1516 },
1517 "package": "A String", # The package being described.
1518 },
1519 },
1520 ],
1521 },
1522 "package": { # This represents a particular package that is distributed over # A note describing a package hosted by various package managers.
1523 # various channels.
1524 # e.g. glibc (aka libc6) is distributed by many, at various versions.
1525 "distribution": [ # The various channels by which a package is distributed.
1526 { # This represents a particular channel of distribution for a given package.
1527 # e.g. Debian's jessie-backports dpkg mirror
1528 "cpeUri": "A String", # The cpe_uri in [cpe format](https://cpe.mitre.org/specification/)
1529 # denoting the package manager version distributing a package.
1530 "maintainer": "A String", # A freeform string denoting the maintainer of this package.
1531 "description": "A String", # The distribution channel-specific description of this package.
1532 "url": "A String", # The distribution channel-specific homepage for this package.
1533 "architecture": "A String", # The CPU architecture for which packages in this distribution
1534 # channel were built
1535 "latestVersion": { # Version contains structured information about the version of the package. # The latest available version of this package in
1536 # this distribution channel.
1537 # For a discussion of this in Debian/Ubuntu:
1538 # http://serverfault.com/questions/604541/debian-packages-version-convention
1539 # For a discussion of this in Redhat/Fedora/Centos:
1540 # http://blog.jasonantman.com/2014/07/how-yum-and-rpm-compare-versions/
1541 "kind": "A String", # Distinguish between sentinel MIN/MAX versions and normal versions.
1542 # If kind is not NORMAL, then the other fields are ignored.
1543 "revision": "A String", # The iteration of the package build from the above version.
1544 "name": "A String", # The main part of the version name.
1545 "epoch": 42, # Used to correct mistakes in the version numbering scheme.
1546 },
1547 },
1548 ],
1549 "name": "A String", # The name of the package.
1550 },
1551 "updateTime": "A String", # Output only. The time this note was last updated. This field can be used as
1552 # a filter in list requests.
1553 "relatedUrl": [ # URLs associated with this note
1554 { # Metadata for any related URL information
1555 "url": "A String", # Specific URL to associate with the note
1556 "label": "A String", # Label to describe usage of the URL
1557 },
1558 ],
1559 "longDescription": "A String", # A detailed description of this `Note`.
1560 "attestationAuthority": { # Note kind that represents a logical attestation "role" or "authority". For # A note describing an attestation role.
1561 # example, an organization might have one `AttestationAuthority` for "QA" and
1562 # one for "build". This Note is intended to act strictly as a grouping
1563 # mechanism for the attached Occurrences (Attestations). This grouping
1564 # mechanism also provides a security boundary, since IAM ACLs gate the ability
1565 # for a principle to attach an Occurrence to a given Note. It also provides a
1566 # single point of lookup to find all attached Attestation Occurrences, even if
1567 # they don't all live in the same project.
1568 "hint": { # This submessage provides human-readable hints about the purpose of the
1569 # AttestationAuthority. Because the name of a Note acts as its resource
1570 # reference, it is important to disambiguate the canonical name of the Note
1571 # (which might be a UUID for security purposes) from "readable" names more
1572 # suitable for debug output. Note that these hints should NOT be used to
1573 # look up AttestationAuthorities in security sensitive contexts, such as when
1574 # looking up Attestations to verify.
1575 "humanReadableName": "A String", # The human readable name of this Attestation Authority, for example "qa".
1576 },
1577 },
1578 "baseImage": { # Basis describes the base image portion (Note) of the DockerImage # A note describing a base image.
1579 # relationship. Linked occurrences are derived from this or an
1580 # equivalent image via:
1581 # FROM <Basis.resource_url>
1582 # Or an equivalent reference, e.g. a tag of the resource_url.
1583 "resourceUrl": "A String", # The resource_url for the resource representing the basis of
1584 # associated occurrence images.
1585 "fingerprint": { # A set of properties that uniquely identify a given Docker image. # The fingerprint of the base image.
1586 "v1Name": "A String", # The layer-id of the final layer in the Docker image's v1
1587 # representation.
1588 # This field can be used as a filter in list requests.
1589 "v2Blob": [ # The ordered list of v2 blobs that represent a given image.
1590 "A String",
1591 ],
1592 "v2Name": "A String", # Output only. The name of the image's v2 blobs computed via:
1593 # [bottom] := v2_blobbottom := sha256(v2_blob[N] + " " + v2_name[N+1])
1594 # Only the name of the final blob is kept.
1595 # This field can be used as a filter in list requests.
1596 },
1597 },
1598 "expirationTime": "A String", # Time of expiration for this note, null if note does not expire.
1599 "deployable": { # An artifact that can be deployed in some runtime. # A note describing something that can be deployed.
1600 "resourceUri": [ # Resource URI for the artifact being deployed.
1601 "A String",
1602 ],
1603 },
1604 "shortDescription": "A String", # A one sentence description of this `Note`.
1605 "createTime": "A String", # Output only. The time this note was created. This field can be used as a
1606 # filter in list requests.
1607 "discovery": { # A note that indicates a type of analysis a provider would perform. This note # A note describing a provider/analysis type.
1608 # exists in a provider's project. A `Discovery` occurrence is created in a
1609 # consumer's project at the start of analysis. The occurrence's operation will
1610 # indicate the status of the analysis. Absence of an occurrence linked to this
1611 # note for a resource indicates that analysis hasn't started.
1612 "analysisKind": "A String", # The kind of analysis that is handled by this discovery.
1613 },
1614 }</pre>
1615</div>
1616
1617<div class="method">
1618 <code class="details" id="setIamPolicy">setIamPolicy(resource, body, x__xgafv=None)</code>
1619 <pre>Sets the access control policy on the specified `Note` or `Occurrence`.
1620Requires `containeranalysis.notes.setIamPolicy` or
1621`containeranalysis.occurrences.setIamPolicy` permission if the resource is
1622a `Note` or an `Occurrence`, respectively.
1623Attempting to call this method without these permissions will result in a `
1624`PERMISSION_DENIED` error.
1625Attempting to call this method on a non-existent resource will result in a
1626`NOT_FOUND` error if the user has `containeranalysis.notes.list` permission
1627on a `Note` or `containeranalysis.occurrences.list` on an `Occurrence`, or
1628a `PERMISSION_DENIED` error otherwise. The resource takes the following
1629formats: `projects/{projectid}/occurrences/{occurrenceid}` for occurrences
1630and projects/{projectid}/notes/{noteid} for notes
1631
1632Args:
1633 resource: string, REQUIRED: The resource for which the policy is being specified.
1634See the operation documentation for the appropriate value for this field. (required)
1635 body: object, The request body. (required)
1636 The object takes the form of:
1637
1638{ # Request message for `SetIamPolicy` method.
1639 "policy": { # Defines an Identity and Access Management (IAM) policy. It is used to # REQUIRED: The complete policy to be applied to the `resource`. The size of
1640 # the policy is limited to a few 10s of KB. An empty policy is a
1641 # valid policy but certain Cloud Platform services (such as Projects)
1642 # might reject them.
1643 # specify access control policies for Cloud Platform resources.
1644 #
1645 #
1646 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
1647 # `members` to a `role`, where the members can be user accounts, Google groups,
1648 # Google domains, and service accounts. A `role` is a named list of permissions
1649 # defined by IAM.
1650 #
1651 # **JSON Example**
1652 #
1653 # {
1654 # "bindings": [
1655 # {
1656 # "role": "roles/owner",
1657 # "members": [
1658 # "user:mike@example.com",
1659 # "group:admins@example.com",
1660 # "domain:google.com",
1661 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
1662 # ]
1663 # },
1664 # {
1665 # "role": "roles/viewer",
1666 # "members": ["user:sean@example.com"]
1667 # }
1668 # ]
1669 # }
1670 #
1671 # **YAML Example**
1672 #
1673 # bindings:
1674 # - members:
1675 # - user:mike@example.com
1676 # - group:admins@example.com
1677 # - domain:google.com
1678 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
1679 # role: roles/owner
1680 # - members:
1681 # - user:sean@example.com
1682 # role: roles/viewer
1683 #
1684 #
1685 # For a description of IAM and its features, see the
1686 # [IAM developer's guide](https://cloud.google.com/iam/docs).
1687 "bindings": [ # Associates a list of `members` to a `role`.
1688 # `bindings` with no members will result in an error.
1689 { # Associates `members` with a `role`.
1690 "role": "A String", # Role that is assigned to `members`.
1691 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1692 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
1693 # `members` can have the following values:
1694 #
1695 # * `allUsers`: A special identifier that represents anyone who is
1696 # on the internet; with or without a Google account.
1697 #
1698 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1699 # who is authenticated with a Google account or a service account.
1700 #
1701 # * `user:{emailid}`: An email address that represents a specific Google
1702 # account. For example, `alice@gmail.com` .
1703 #
1704 #
1705 # * `serviceAccount:{emailid}`: An email address that represents a service
1706 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1707 #
1708 # * `group:{emailid}`: An email address that represents a Google group.
1709 # For example, `admins@example.com`.
1710 #
1711 #
1712 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1713 # users of that domain. For example, `google.com` or `example.com`.
1714 #
1715 "A String",
1716 ],
1717 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
1718 # NOTE: An unsatisfied condition will not allow user access via current
1719 # binding. Different bindings, including their conditions, are examined
1720 # independently.
1721 #
1722 # title: "User account presence"
1723 # description: "Determines whether the request has a user account"
1724 # expression: "size(request.user) > 0"
1725 "description": "A String", # An optional description of the expression. This is a longer text which
1726 # describes the expression, e.g. when hovered over it in a UI.
1727 "expression": "A String", # Textual representation of an expression in
1728 # Common Expression Language syntax.
1729 #
1730 # The application context of the containing message determines which
1731 # well-known feature set of CEL is supported.
1732 "location": "A String", # An optional string indicating the location of the expression for error
1733 # reporting, e.g. a file name and a position in the file.
1734 "title": "A String", # An optional title for the expression, i.e. a short string describing
1735 # its purpose. This can be used e.g. in UIs which allow to enter the
1736 # expression.
1737 },
1738 },
1739 ],
1740 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
1741 { # Specifies the audit configuration for a service.
1742 # The configuration determines which permission types are logged, and what
1743 # identities, if any, are exempted from logging.
1744 # An AuditConfig must have one or more AuditLogConfigs.
1745 #
1746 # If there are AuditConfigs for both `allServices` and a specific service,
1747 # the union of the two AuditConfigs is used for that service: the log_types
1748 # specified in each AuditConfig are enabled, and the exempted_members in each
1749 # AuditLogConfig are exempted.
1750 #
1751 # Example Policy with multiple AuditConfigs:
1752 #
1753 # {
1754 # "audit_configs": [
1755 # {
1756 # "service": "allServices"
1757 # "audit_log_configs": [
1758 # {
1759 # "log_type": "DATA_READ",
1760 # "exempted_members": [
1761 # "user:foo@gmail.com"
1762 # ]
1763 # },
1764 # {
1765 # "log_type": "DATA_WRITE",
1766 # },
1767 # {
1768 # "log_type": "ADMIN_READ",
1769 # }
1770 # ]
1771 # },
1772 # {
1773 # "service": "fooservice.googleapis.com"
1774 # "audit_log_configs": [
1775 # {
1776 # "log_type": "DATA_READ",
1777 # },
1778 # {
1779 # "log_type": "DATA_WRITE",
1780 # "exempted_members": [
1781 # "user:bar@gmail.com"
1782 # ]
1783 # }
1784 # ]
1785 # }
1786 # ]
1787 # }
1788 #
1789 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
1790 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
1791 # bar@gmail.com from DATA_WRITE logging.
1792 "auditLogConfigs": [ # The configuration for logging of each type of permission.
1793 { # Provides the configuration for logging a type of permissions.
1794 # Example:
1795 #
1796 # {
1797 # "audit_log_configs": [
1798 # {
1799 # "log_type": "DATA_READ",
1800 # "exempted_members": [
1801 # "user:foo@gmail.com"
1802 # ]
1803 # },
1804 # {
1805 # "log_type": "DATA_WRITE",
1806 # }
1807 # ]
1808 # }
1809 #
1810 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
1811 # foo@gmail.com from DATA_READ logging.
1812 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
1813 # permission.
1814 # Follows the same format of Binding.members.
1815 "A String",
1816 ],
1817 "logType": "A String", # The log type that this config enables.
1818 },
1819 ],
1820 "service": "A String", # Specifies a service that will be enabled for audit logging.
1821 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
1822 # `allServices` is a special value that covers all services.
1823 },
1824 ],
1825 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
1826 # prevent simultaneous updates of a policy from overwriting each other.
1827 # It is strongly suggested that systems make use of the `etag` in the
1828 # read-modify-write cycle to perform policy updates in order to avoid race
1829 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
1830 # systems are expected to put that etag in the request to `setIamPolicy` to
1831 # ensure that their change will be applied to the same version of the policy.
1832 #
1833 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
1834 # policy is overwritten blindly.
1835 "version": 42, # Deprecated.
1836 },
1837 "updateMask": "A String", # OPTIONAL: A FieldMask specifying which fields of the policy to modify. Only
1838 # the fields in the mask will be modified. If no mask is provided, the
1839 # following default mask is used:
1840 # paths: "bindings, etag"
1841 # This field is only used by Cloud IAM.
1842 }
1843
1844 x__xgafv: string, V1 error format.
1845 Allowed values
1846 1 - v1 error format
1847 2 - v2 error format
1848
1849Returns:
1850 An object of the form:
1851
1852 { # Defines an Identity and Access Management (IAM) policy. It is used to
1853 # specify access control policies for Cloud Platform resources.
1854 #
1855 #
1856 # A `Policy` consists of a list of `bindings`. A `binding` binds a list of
1857 # `members` to a `role`, where the members can be user accounts, Google groups,
1858 # Google domains, and service accounts. A `role` is a named list of permissions
1859 # defined by IAM.
1860 #
1861 # **JSON Example**
1862 #
1863 # {
1864 # "bindings": [
1865 # {
1866 # "role": "roles/owner",
1867 # "members": [
1868 # "user:mike@example.com",
1869 # "group:admins@example.com",
1870 # "domain:google.com",
1871 # "serviceAccount:my-other-app@appspot.gserviceaccount.com"
1872 # ]
1873 # },
1874 # {
1875 # "role": "roles/viewer",
1876 # "members": ["user:sean@example.com"]
1877 # }
1878 # ]
1879 # }
1880 #
1881 # **YAML Example**
1882 #
1883 # bindings:
1884 # - members:
1885 # - user:mike@example.com
1886 # - group:admins@example.com
1887 # - domain:google.com
1888 # - serviceAccount:my-other-app@appspot.gserviceaccount.com
1889 # role: roles/owner
1890 # - members:
1891 # - user:sean@example.com
1892 # role: roles/viewer
1893 #
1894 #
1895 # For a description of IAM and its features, see the
1896 # [IAM developer's guide](https://cloud.google.com/iam/docs).
1897 "bindings": [ # Associates a list of `members` to a `role`.
1898 # `bindings` with no members will result in an error.
1899 { # Associates `members` with a `role`.
1900 "role": "A String", # Role that is assigned to `members`.
1901 # For example, `roles/viewer`, `roles/editor`, or `roles/owner`.
1902 "members": [ # Specifies the identities requesting access for a Cloud Platform resource.
1903 # `members` can have the following values:
1904 #
1905 # * `allUsers`: A special identifier that represents anyone who is
1906 # on the internet; with or without a Google account.
1907 #
1908 # * `allAuthenticatedUsers`: A special identifier that represents anyone
1909 # who is authenticated with a Google account or a service account.
1910 #
1911 # * `user:{emailid}`: An email address that represents a specific Google
1912 # account. For example, `alice@gmail.com` .
1913 #
1914 #
1915 # * `serviceAccount:{emailid}`: An email address that represents a service
1916 # account. For example, `my-other-app@appspot.gserviceaccount.com`.
1917 #
1918 # * `group:{emailid}`: An email address that represents a Google group.
1919 # For example, `admins@example.com`.
1920 #
1921 #
1922 # * `domain:{domain}`: The G Suite domain (primary) that represents all the
1923 # users of that domain. For example, `google.com` or `example.com`.
1924 #
1925 "A String",
1926 ],
1927 "condition": { # Represents an expression text. Example: # The condition that is associated with this binding.
1928 # NOTE: An unsatisfied condition will not allow user access via current
1929 # binding. Different bindings, including their conditions, are examined
1930 # independently.
1931 #
1932 # title: "User account presence"
1933 # description: "Determines whether the request has a user account"
1934 # expression: "size(request.user) > 0"
1935 "description": "A String", # An optional description of the expression. This is a longer text which
1936 # describes the expression, e.g. when hovered over it in a UI.
1937 "expression": "A String", # Textual representation of an expression in
1938 # Common Expression Language syntax.
1939 #
1940 # The application context of the containing message determines which
1941 # well-known feature set of CEL is supported.
1942 "location": "A String", # An optional string indicating the location of the expression for error
1943 # reporting, e.g. a file name and a position in the file.
1944 "title": "A String", # An optional title for the expression, i.e. a short string describing
1945 # its purpose. This can be used e.g. in UIs which allow to enter the
1946 # expression.
1947 },
1948 },
1949 ],
1950 "auditConfigs": [ # Specifies cloud audit logging configuration for this policy.
1951 { # Specifies the audit configuration for a service.
1952 # The configuration determines which permission types are logged, and what
1953 # identities, if any, are exempted from logging.
1954 # An AuditConfig must have one or more AuditLogConfigs.
1955 #
1956 # If there are AuditConfigs for both `allServices` and a specific service,
1957 # the union of the two AuditConfigs is used for that service: the log_types
1958 # specified in each AuditConfig are enabled, and the exempted_members in each
1959 # AuditLogConfig are exempted.
1960 #
1961 # Example Policy with multiple AuditConfigs:
1962 #
1963 # {
1964 # "audit_configs": [
1965 # {
1966 # "service": "allServices"
1967 # "audit_log_configs": [
1968 # {
1969 # "log_type": "DATA_READ",
1970 # "exempted_members": [
1971 # "user:foo@gmail.com"
1972 # ]
1973 # },
1974 # {
1975 # "log_type": "DATA_WRITE",
1976 # },
1977 # {
1978 # "log_type": "ADMIN_READ",
1979 # }
1980 # ]
1981 # },
1982 # {
1983 # "service": "fooservice.googleapis.com"
1984 # "audit_log_configs": [
1985 # {
1986 # "log_type": "DATA_READ",
1987 # },
1988 # {
1989 # "log_type": "DATA_WRITE",
1990 # "exempted_members": [
1991 # "user:bar@gmail.com"
1992 # ]
1993 # }
1994 # ]
1995 # }
1996 # ]
1997 # }
1998 #
1999 # For fooservice, this policy enables DATA_READ, DATA_WRITE and ADMIN_READ
2000 # logging. It also exempts foo@gmail.com from DATA_READ logging, and
2001 # bar@gmail.com from DATA_WRITE logging.
2002 "auditLogConfigs": [ # The configuration for logging of each type of permission.
2003 { # Provides the configuration for logging a type of permissions.
2004 # Example:
2005 #
2006 # {
2007 # "audit_log_configs": [
2008 # {
2009 # "log_type": "DATA_READ",
2010 # "exempted_members": [
2011 # "user:foo@gmail.com"
2012 # ]
2013 # },
2014 # {
2015 # "log_type": "DATA_WRITE",
2016 # }
2017 # ]
2018 # }
2019 #
2020 # This enables 'DATA_READ' and 'DATA_WRITE' logging, while exempting
2021 # foo@gmail.com from DATA_READ logging.
2022 "exemptedMembers": [ # Specifies the identities that do not cause logging for this type of
2023 # permission.
2024 # Follows the same format of Binding.members.
2025 "A String",
2026 ],
2027 "logType": "A String", # The log type that this config enables.
2028 },
2029 ],
2030 "service": "A String", # Specifies a service that will be enabled for audit logging.
2031 # For example, `storage.googleapis.com`, `cloudsql.googleapis.com`.
2032 # `allServices` is a special value that covers all services.
2033 },
2034 ],
2035 "etag": "A String", # `etag` is used for optimistic concurrency control as a way to help
2036 # prevent simultaneous updates of a policy from overwriting each other.
2037 # It is strongly suggested that systems make use of the `etag` in the
2038 # read-modify-write cycle to perform policy updates in order to avoid race
2039 # conditions: An `etag` is returned in the response to `getIamPolicy`, and
2040 # systems are expected to put that etag in the request to `setIamPolicy` to
2041 # ensure that their change will be applied to the same version of the policy.
2042 #
2043 # If no `etag` is provided in the call to `setIamPolicy`, then the existing
2044 # policy is overwritten blindly.
2045 "version": 42, # Deprecated.
2046 }</pre>
2047</div>
2048
2049<div class="method">
2050 <code class="details" id="testIamPermissions">testIamPermissions(resource, body, x__xgafv=None)</code>
2051 <pre>Returns the permissions that a caller has on the specified note or
2052occurrence resource. Requires list permission on the project (for example,
2053"storage.objects.list" on the containing bucket for testing permission of
2054an object). Attempting to call this method on a non-existent resource will
2055result in a `NOT_FOUND` error if the user has list permission on the
2056project, or a `PERMISSION_DENIED` error otherwise. The resource takes the
2057following formats: `projects/{PROJECT_ID}/occurrences/{OCCURRENCE_ID}` for
2058`Occurrences` and `projects/{PROJECT_ID}/notes/{NOTE_ID}` for `Notes`
2059
2060Args:
2061 resource: string, REQUIRED: The resource for which the policy detail is being requested.
2062See the operation documentation for the appropriate value for this field. (required)
2063 body: object, The request body. (required)
2064 The object takes the form of:
2065
2066{ # Request message for `TestIamPermissions` method.
2067 "permissions": [ # The set of permissions to check for the `resource`. Permissions with
2068 # wildcards (such as '*' or 'storage.*') are not allowed. For more
2069 # information see
2070 # [IAM Overview](https://cloud.google.com/iam/docs/overview#permissions).
2071 "A String",
2072 ],
2073 }
2074
2075 x__xgafv: string, V1 error format.
2076 Allowed values
2077 1 - v1 error format
2078 2 - v2 error format
2079
2080Returns:
2081 An object of the form:
2082
2083 { # Response message for `TestIamPermissions` method.
2084 "permissions": [ # A subset of `TestPermissionsRequest.permissions` that the caller is
2085 # allowed.
2086 "A String",
2087 ],
2088 }</pre>
2089</div>
2090
2091</body></html>