Home
Products
Red Hat Advanced Cluster Security for Kubernetes
4.5
API reference
Chapter 29. ImageIntegrationService

Chapter 29. ImageIntegrationService

29.1. UpdateImageIntegration
Copy link

PATCH /v1/imageintegrations/{config.id}

UpdateImageIntegration modifies a given image integration, with optional stored credential reconciliation.

29.1.2. Parameters
Copy link

29.1.2.1. Path Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
config.id		X	null

29.1.2.2. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	V1UpdateImageIntegrationRequest	X

29.1.4. Content Type
Copy link

application/json

29.1.5. Responses
Copy link

Expand

Table 29.1. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

29.1.7. Common object reference
Copy link

29.1.7.1. ECRConfigAuthorizationData
Copy link

An authorization data represents the IAM authentication credentials and can be used to access any Amazon ECR registry that the IAM principal has access to.

Expand

Field Name	Type	Format
username	String
password	String
expiresAt	Date	date-time

29.1.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

29.1.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

29.1.7.3. QuayConfigRobotAccount
Copy link

Robot account is Quay's named tokens that can be granted permissions on multiple repositories under an organization. It's Quay's recommended authentication model when possible (i.e. registry integration)

Expand

Field Name	Required	Nullable	Type	Description	Format
username			String
password			String	The server will mask the value of this password in responses and logs.

29.1.7.4. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

29.1.7.5. StorageAzureConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
wifEnabled	Boolean

29.1.7.6. StorageClairConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.1.7.7. StorageClairV4Config
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.1.7.8. StorageClairifyConfig
Copy link

Expand

Field Name	Type	Format
endpoint	String
grpcEndpoint	String
numConcurrentScans	Integer	int32

29.1.7.9. StorageDockerConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean

29.1.7.10. StorageECRConfig
Copy link

Expand

Field Name	Type	Description
registryId	String
accessKeyId	String	The access key ID for the integration. The server will mask the value of this credential in responses and logs.
secretAccessKey	String	The secret access key for the integration. The server will mask the value of this credential in responses and logs.
region	String
useIam	Boolean
endpoint	String
useAssumeRole	Boolean
assumeRoleId	String
assumeRoleExternalId	String
authorizationData	ECRConfigAuthorizationData

29.1.7.11. StorageGoogleConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
serviceAccount	String	The service account for the integration. The server will mask the value of this credential in responses and logs.
project	String
wifEnabled	Boolean

29.1.7.12. StorageIBMRegistryConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
apiKey			String	The API key for the integration. The server will mask the value of this credential in responses and logs.

29.1.7.13. StorageImageIntegration
Copy link

Next Tag: 25

Expand

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
type			String
categories			List of StorageImageIntegrationCategory
clairify			StorageClairifyConfig
scannerV4			StorageScannerV4Config
docker			StorageDockerConfig
quay			StorageQuayConfig
ecr			StorageECRConfig
google			StorageGoogleConfig
clair			StorageClairConfig
clairV4			StorageClairV4Config
ibm			StorageIBMRegistryConfig
azure			StorageAzureConfig
autogenerated			Boolean
clusterId			String
skipTestIntegration			Boolean
source			StorageImageIntegrationSource

29.1.7.14. StorageImageIntegrationCategory
Copy link

NODE_SCANNER: Image and Node integrations are currently done on the same form in the UI so the image integration is also currently used for node integrations. This decision was made because we currently only support one node scanner (our scanner).

Expand

Enum Values
REGISTRY
SCANNER
NODE_SCANNER

29.1.7.15. StorageImageIntegrationSource
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
clusterId			String
namespace			String
imagePullSecretName			String

29.1.7.16. StorageQuayConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
oauthToken	String	The OAuth token for the integration. Required if this is a scanner integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean
registryRobotCredentials	QuayConfigRobotAccount

29.1.7.17. StorageScannerV4Config
Copy link

Expand

Field Name	Type	Format
numConcurrentScans	Integer	int32
indexerEndpoint	String
matcherEndpoint	String

29.1.7.18. V1UpdateImageIntegrationRequest
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
config			StorageImageIntegration
updatePassword			Boolean	When false, use the stored credentials of an existing image integration given its ID.

29.2. GetImageIntegrations
Copy link

GET /v1/imageintegrations

GetImageIntegrations returns all image integrations that match the request filters.

29.2.1. Description
Copy link

29.2.2. Parameters
Copy link

29.2.2.1. Query Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
name		-	null
cluster		-	null

29.2.3. Return Type
Copy link

V1GetImageIntegrationsResponse

29.2.4. Content Type
Copy link

application/json

29.2.5. Responses
Copy link

Expand

Table 29.2. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1GetImageIntegrationsResponse
0	An unexpected error response.	RuntimeError

29.2.6. Samples
Copy link

29.2.7. Common object reference
Copy link

29.2.7.1. ECRConfigAuthorizationData
Copy link

An authorization data represents the IAM authentication credentials and can be used to access any Amazon ECR registry that the IAM principal has access to.

Expand

Field Name	Type	Format
username	String
password	String
expiresAt	Date	date-time

29.2.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

29.2.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

29.2.7.3. QuayConfigRobotAccount
Copy link

Robot account is Quay's named tokens that can be granted permissions on multiple repositories under an organization. It's Quay's recommended authentication model when possible (i.e. registry integration)

Expand

Field Name	Required	Nullable	Type	Description	Format
username			String
password			String	The server will mask the value of this password in responses and logs.

29.2.7.4. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

29.2.7.5. StorageAzureConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
wifEnabled	Boolean

29.2.7.6. StorageClairConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.2.7.7. StorageClairV4Config
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.2.7.8. StorageClairifyConfig
Copy link

Expand

Field Name	Type	Format
endpoint	String
grpcEndpoint	String
numConcurrentScans	Integer	int32

29.2.7.9. StorageDockerConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean

29.2.7.10. StorageECRConfig
Copy link

Expand

Field Name	Type	Description
registryId	String
accessKeyId	String	The access key ID for the integration. The server will mask the value of this credential in responses and logs.
secretAccessKey	String	The secret access key for the integration. The server will mask the value of this credential in responses and logs.
region	String
useIam	Boolean
endpoint	String
useAssumeRole	Boolean
assumeRoleId	String
assumeRoleExternalId	String
authorizationData	ECRConfigAuthorizationData

29.2.7.11. StorageGoogleConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
serviceAccount	String	The service account for the integration. The server will mask the value of this credential in responses and logs.
project	String
wifEnabled	Boolean

29.2.7.12. StorageIBMRegistryConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
apiKey			String	The API key for the integration. The server will mask the value of this credential in responses and logs.

29.2.7.13. StorageImageIntegration
Copy link

Next Tag: 25

Expand

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
type			String
categories			List of StorageImageIntegrationCategory
clairify			StorageClairifyConfig
scannerV4			StorageScannerV4Config
docker			StorageDockerConfig
quay			StorageQuayConfig
ecr			StorageECRConfig
google			StorageGoogleConfig
clair			StorageClairConfig
clairV4			StorageClairV4Config
ibm			StorageIBMRegistryConfig
azure			StorageAzureConfig
autogenerated			Boolean
clusterId			String
skipTestIntegration			Boolean
source			StorageImageIntegrationSource

29.2.7.14. StorageImageIntegrationCategory
Copy link

NODE_SCANNER: Image and Node integrations are currently done on the same form in the UI so the image integration is also currently used for node integrations. This decision was made because we currently only support one node scanner (our scanner).

Expand

Enum Values
REGISTRY
SCANNER
NODE_SCANNER

29.2.7.15. StorageImageIntegrationSource
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
clusterId			String
namespace			String
imagePullSecretName			String

29.2.7.16. StorageQuayConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
oauthToken	String	The OAuth token for the integration. Required if this is a scanner integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean
registryRobotCredentials	QuayConfigRobotAccount

29.2.7.17. StorageScannerV4Config
Copy link

Expand

Field Name	Type	Format
numConcurrentScans	Integer	int32
indexerEndpoint	String
matcherEndpoint	String

29.2.7.18. V1GetImageIntegrationsResponse
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
integrations			List of StorageImageIntegration

29.3. DeleteImageIntegration
Copy link

DELETE /v1/imageintegrations/{id}

DeleteImageIntegration removes a image integration given its ID.

29.3.1. Description
Copy link

29.3.2. Parameters
Copy link

29.3.2.1. Path Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
id		X	null

29.3.3. Return Type
Copy link

Object

29.3.4. Content Type
Copy link

application/json

29.3.5. Responses
Copy link

Expand

Table 29.3. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

29.3.6. Samples
Copy link

29.3.7. Common object reference
Copy link

29.3.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

29.3.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

29.3.7.2. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

29.4. GetImageIntegration
Copy link

GET /v1/imageintegrations/{id}

GetImageIntegration returns the image integration given its ID.

29.4.1. Description
Copy link

29.4.2. Parameters
Copy link

29.4.2.1. Path Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
id		X	null

29.4.3. Return Type
Copy link

StorageImageIntegration

29.4.4. Content Type
Copy link

application/json

29.4.5. Responses
Copy link

Expand

Table 29.4. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	StorageImageIntegration
0	An unexpected error response.	RuntimeError

29.4.6. Samples
Copy link

29.4.7. Common object reference
Copy link

29.4.7.1. ECRConfigAuthorizationData
Copy link

An authorization data represents the IAM authentication credentials and can be used to access any Amazon ECR registry that the IAM principal has access to.

Expand

Field Name	Type	Format
username	String
password	String
expiresAt	Date	date-time

29.4.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

29.4.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

29.4.7.3. QuayConfigRobotAccount
Copy link

Robot account is Quay's named tokens that can be granted permissions on multiple repositories under an organization. It's Quay's recommended authentication model when possible (i.e. registry integration)

Expand

Field Name	Required	Nullable	Type	Description	Format
username			String
password			String	The server will mask the value of this password in responses and logs.

29.4.7.4. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

29.4.7.5. StorageAzureConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
wifEnabled	Boolean

29.4.7.6. StorageClairConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.4.7.7. StorageClairV4Config
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.4.7.8. StorageClairifyConfig
Copy link

Expand

Field Name	Type	Format
endpoint	String
grpcEndpoint	String
numConcurrentScans	Integer	int32

29.4.7.9. StorageDockerConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean

29.4.7.10. StorageECRConfig
Copy link

Expand

Field Name	Type	Description
registryId	String
accessKeyId	String	The access key ID for the integration. The server will mask the value of this credential in responses and logs.
secretAccessKey	String	The secret access key for the integration. The server will mask the value of this credential in responses and logs.
region	String
useIam	Boolean
endpoint	String
useAssumeRole	Boolean
assumeRoleId	String
assumeRoleExternalId	String
authorizationData	ECRConfigAuthorizationData

29.4.7.11. StorageGoogleConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
serviceAccount	String	The service account for the integration. The server will mask the value of this credential in responses and logs.
project	String
wifEnabled	Boolean

29.4.7.12. StorageIBMRegistryConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
apiKey			String	The API key for the integration. The server will mask the value of this credential in responses and logs.

29.4.7.13. StorageImageIntegration
Copy link

Next Tag: 25

Expand

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
type			String
categories			List of StorageImageIntegrationCategory
clairify			StorageClairifyConfig
scannerV4			StorageScannerV4Config
docker			StorageDockerConfig
quay			StorageQuayConfig
ecr			StorageECRConfig
google			StorageGoogleConfig
clair			StorageClairConfig
clairV4			StorageClairV4Config
ibm			StorageIBMRegistryConfig
azure			StorageAzureConfig
autogenerated			Boolean
clusterId			String
skipTestIntegration			Boolean
source			StorageImageIntegrationSource

29.4.7.14. StorageImageIntegrationCategory
Copy link

NODE_SCANNER: Image and Node integrations are currently done on the same form in the UI so the image integration is also currently used for node integrations. This decision was made because we currently only support one node scanner (our scanner).

Expand

Enum Values
REGISTRY
SCANNER
NODE_SCANNER

29.4.7.15. StorageImageIntegrationSource
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
clusterId			String
namespace			String
imagePullSecretName			String

29.4.7.16. StorageQuayConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
oauthToken	String	The OAuth token for the integration. Required if this is a scanner integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean
registryRobotCredentials	QuayConfigRobotAccount

29.4.7.17. StorageScannerV4Config
Copy link

Expand

Field Name	Type	Format
numConcurrentScans	Integer	int32
indexerEndpoint	String
matcherEndpoint	String

29.5. PutImageIntegration
Copy link

PUT /v1/imageintegrations/{id}

PutImageIntegration modifies a given image integration, without using stored credential reconciliation.

29.5.1. Description
Copy link

29.5.2. Parameters
Copy link

29.5.2.1. Path Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
id		X	null

29.5.2.2. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	StorageImageIntegration	X

29.5.3. Return Type
Copy link

Object

29.5.4. Content Type
Copy link

application/json

29.5.5. Responses
Copy link

Expand

Table 29.5. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

29.5.6. Samples
Copy link

29.5.7. Common object reference
Copy link

29.5.7.1. ECRConfigAuthorizationData
Copy link

An authorization data represents the IAM authentication credentials and can be used to access any Amazon ECR registry that the IAM principal has access to.

Expand

Field Name	Type	Format
username	String
password	String
expiresAt	Date	date-time

29.5.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

29.5.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

29.5.7.3. QuayConfigRobotAccount
Copy link

Robot account is Quay's named tokens that can be granted permissions on multiple repositories under an organization. It's Quay's recommended authentication model when possible (i.e. registry integration)

Expand

Field Name	Required	Nullable	Type	Description	Format
username			String
password			String	The server will mask the value of this password in responses and logs.

29.5.7.4. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

29.5.7.5. StorageAzureConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
wifEnabled	Boolean

29.5.7.6. StorageClairConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.5.7.7. StorageClairV4Config
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.5.7.8. StorageClairifyConfig
Copy link

Expand

Field Name	Type	Format
endpoint	String
grpcEndpoint	String
numConcurrentScans	Integer	int32

29.5.7.9. StorageDockerConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean

29.5.7.10. StorageECRConfig
Copy link

Expand

Field Name	Type	Description
registryId	String
accessKeyId	String	The access key ID for the integration. The server will mask the value of this credential in responses and logs.
secretAccessKey	String	The secret access key for the integration. The server will mask the value of this credential in responses and logs.
region	String
useIam	Boolean
endpoint	String
useAssumeRole	Boolean
assumeRoleId	String
assumeRoleExternalId	String
authorizationData	ECRConfigAuthorizationData

29.5.7.11. StorageGoogleConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
serviceAccount	String	The service account for the integration. The server will mask the value of this credential in responses and logs.
project	String
wifEnabled	Boolean

29.5.7.12. StorageIBMRegistryConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
apiKey			String	The API key for the integration. The server will mask the value of this credential in responses and logs.

29.5.7.13. StorageImageIntegration
Copy link

Next Tag: 25

Expand

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
type			String
categories			List of StorageImageIntegrationCategory
clairify			StorageClairifyConfig
scannerV4			StorageScannerV4Config
docker			StorageDockerConfig
quay			StorageQuayConfig
ecr			StorageECRConfig
google			StorageGoogleConfig
clair			StorageClairConfig
clairV4			StorageClairV4Config
ibm			StorageIBMRegistryConfig
azure			StorageAzureConfig
autogenerated			Boolean
clusterId			String
skipTestIntegration			Boolean
source			StorageImageIntegrationSource

29.5.7.14. StorageImageIntegrationCategory
Copy link

NODE_SCANNER: Image and Node integrations are currently done on the same form in the UI so the image integration is also currently used for node integrations. This decision was made because we currently only support one node scanner (our scanner).

Expand

Enum Values
REGISTRY
SCANNER
NODE_SCANNER

29.5.7.15. StorageImageIntegrationSource
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
clusterId			String
namespace			String
imagePullSecretName			String

29.5.7.16. StorageQuayConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
oauthToken	String	The OAuth token for the integration. Required if this is a scanner integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean
registryRobotCredentials	QuayConfigRobotAccount

29.5.7.17. StorageScannerV4Config
Copy link

Expand

Field Name	Type	Format
numConcurrentScans	Integer	int32
indexerEndpoint	String
matcherEndpoint	String

29.6. PostImageIntegration
Copy link

POST /v1/imageintegrations

PostImageIntegration creates a image integration.

29.6.1. Description
Copy link

29.6.2. Parameters
Copy link

29.6.2.1. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	StorageImageIntegration	X

29.6.3. Return Type
Copy link

StorageImageIntegration

29.6.4. Content Type
Copy link

application/json

29.6.5. Responses
Copy link

Expand

Table 29.6. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	StorageImageIntegration
0	An unexpected error response.	RuntimeError

29.6.6. Samples
Copy link

29.6.7. Common object reference
Copy link

29.6.7.1. ECRConfigAuthorizationData
Copy link

An authorization data represents the IAM authentication credentials and can be used to access any Amazon ECR registry that the IAM principal has access to.

Expand

Field Name	Type	Format
username	String
password	String
expiresAt	Date	date-time

29.6.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

29.6.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

29.6.7.3. QuayConfigRobotAccount
Copy link

Robot account is Quay's named tokens that can be granted permissions on multiple repositories under an organization. It's Quay's recommended authentication model when possible (i.e. registry integration)

Expand

Field Name	Required	Nullable	Type	Description	Format
username			String
password			String	The server will mask the value of this password in responses and logs.

29.6.7.4. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

29.6.7.5. StorageAzureConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
wifEnabled	Boolean

29.6.7.6. StorageClairConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.6.7.7. StorageClairV4Config
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.6.7.8. StorageClairifyConfig
Copy link

Expand

Field Name	Type	Format
endpoint	String
grpcEndpoint	String
numConcurrentScans	Integer	int32

29.6.7.9. StorageDockerConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean

29.6.7.10. StorageECRConfig
Copy link

Expand

Field Name	Type	Description
registryId	String
accessKeyId	String	The access key ID for the integration. The server will mask the value of this credential in responses and logs.
secretAccessKey	String	The secret access key for the integration. The server will mask the value of this credential in responses and logs.
region	String
useIam	Boolean
endpoint	String
useAssumeRole	Boolean
assumeRoleId	String
assumeRoleExternalId	String
authorizationData	ECRConfigAuthorizationData

29.6.7.11. StorageGoogleConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
serviceAccount	String	The service account for the integration. The server will mask the value of this credential in responses and logs.
project	String
wifEnabled	Boolean

29.6.7.12. StorageIBMRegistryConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
apiKey			String	The API key for the integration. The server will mask the value of this credential in responses and logs.

29.6.7.13. StorageImageIntegration
Copy link

Next Tag: 25

Expand

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
type			String
categories			List of StorageImageIntegrationCategory
clairify			StorageClairifyConfig
scannerV4			StorageScannerV4Config
docker			StorageDockerConfig
quay			StorageQuayConfig
ecr			StorageECRConfig
google			StorageGoogleConfig
clair			StorageClairConfig
clairV4			StorageClairV4Config
ibm			StorageIBMRegistryConfig
azure			StorageAzureConfig
autogenerated			Boolean
clusterId			String
skipTestIntegration			Boolean
source			StorageImageIntegrationSource

29.6.7.14. StorageImageIntegrationCategory
Copy link

NODE_SCANNER: Image and Node integrations are currently done on the same form in the UI so the image integration is also currently used for node integrations. This decision was made because we currently only support one node scanner (our scanner).

Expand

Enum Values
REGISTRY
SCANNER
NODE_SCANNER

29.6.7.15. StorageImageIntegrationSource
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
clusterId			String
namespace			String
imagePullSecretName			String

29.6.7.16. StorageQuayConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
oauthToken	String	The OAuth token for the integration. Required if this is a scanner integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean
registryRobotCredentials	QuayConfigRobotAccount

29.6.7.17. StorageScannerV4Config
Copy link

Expand

Field Name	Type	Format
numConcurrentScans	Integer	int32
indexerEndpoint	String
matcherEndpoint	String

29.7. TestImageIntegration
Copy link

POST /v1/imageintegrations/test

TestImageIntegration checks if the given image integration is correctly configured, without using stored credential reconciliation.

29.7.1. Description
Copy link

29.7.2. Parameters
Copy link

29.7.2.1. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	StorageImageIntegration	X

29.7.3. Return Type
Copy link

Object

29.7.4. Content Type
Copy link

application/json

29.7.5. Responses
Copy link

Expand

Table 29.7. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

29.7.6. Samples
Copy link

29.7.7. Common object reference
Copy link

29.7.7.1. ECRConfigAuthorizationData
Copy link

An authorization data represents the IAM authentication credentials and can be used to access any Amazon ECR registry that the IAM principal has access to.

Expand

Field Name	Type	Format
username	String
password	String
expiresAt	Date	date-time

29.7.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

29.7.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

29.7.7.3. QuayConfigRobotAccount
Copy link

Robot account is Quay's named tokens that can be granted permissions on multiple repositories under an organization. It's Quay's recommended authentication model when possible (i.e. registry integration)

Expand

Field Name	Required	Nullable	Type	Description	Format
username			String
password			String	The server will mask the value of this password in responses and logs.

29.7.7.4. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

29.7.7.5. StorageAzureConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
wifEnabled	Boolean

29.7.7.6. StorageClairConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.7.7.7. StorageClairV4Config
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.7.7.8. StorageClairifyConfig
Copy link

Expand

Field Name	Type	Format
endpoint	String
grpcEndpoint	String
numConcurrentScans	Integer	int32

29.7.7.9. StorageDockerConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean

29.7.7.10. StorageECRConfig
Copy link

Expand

Field Name	Type	Description
registryId	String
accessKeyId	String	The access key ID for the integration. The server will mask the value of this credential in responses and logs.
secretAccessKey	String	The secret access key for the integration. The server will mask the value of this credential in responses and logs.
region	String
useIam	Boolean
endpoint	String
useAssumeRole	Boolean
assumeRoleId	String
assumeRoleExternalId	String
authorizationData	ECRConfigAuthorizationData

29.7.7.11. StorageGoogleConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
serviceAccount	String	The service account for the integration. The server will mask the value of this credential in responses and logs.
project	String
wifEnabled	Boolean

29.7.7.12. StorageIBMRegistryConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
apiKey			String	The API key for the integration. The server will mask the value of this credential in responses and logs.

29.7.7.13. StorageImageIntegration
Copy link

Next Tag: 25

Expand

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
type			String
categories			List of StorageImageIntegrationCategory
clairify			StorageClairifyConfig
scannerV4			StorageScannerV4Config
docker			StorageDockerConfig
quay			StorageQuayConfig
ecr			StorageECRConfig
google			StorageGoogleConfig
clair			StorageClairConfig
clairV4			StorageClairV4Config
ibm			StorageIBMRegistryConfig
azure			StorageAzureConfig
autogenerated			Boolean
clusterId			String
skipTestIntegration			Boolean
source			StorageImageIntegrationSource

29.7.7.14. StorageImageIntegrationCategory
Copy link

NODE_SCANNER: Image and Node integrations are currently done on the same form in the UI so the image integration is also currently used for node integrations. This decision was made because we currently only support one node scanner (our scanner).

Expand

Enum Values
REGISTRY
SCANNER
NODE_SCANNER

29.7.7.15. StorageImageIntegrationSource
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
clusterId			String
namespace			String
imagePullSecretName			String

29.7.7.16. StorageQuayConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
oauthToken	String	The OAuth token for the integration. Required if this is a scanner integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean
registryRobotCredentials	QuayConfigRobotAccount

29.7.7.17. StorageScannerV4Config
Copy link

Expand

Field Name	Type	Format
numConcurrentScans	Integer	int32
indexerEndpoint	String
matcherEndpoint	String

29.8. TestUpdatedImageIntegration
Copy link

POST /v1/imageintegrations/test/updated

TestUpdatedImageIntegration checks if the given image integration is correctly configured, with optional stored credential reconciliation.

29.8.1. Description
Copy link

29.8.2. Parameters
Copy link

29.8.2.1. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	V1UpdateImageIntegrationRequest	X

29.8.3. Return Type
Copy link

Object

29.8.4. Content Type
Copy link

application/json

29.8.5. Responses
Copy link

Expand

Table 29.8. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

29.8.6. Samples
Copy link

29.8.7. Common object reference
Copy link

29.8.7.1. ECRConfigAuthorizationData
Copy link

An authorization data represents the IAM authentication credentials and can be used to access any Amazon ECR registry that the IAM principal has access to.

Expand

Field Name	Type	Format
username	String
password	String
expiresAt	Date	date-time

29.8.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

29.8.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

29.8.7.3. QuayConfigRobotAccount
Copy link

Robot account is Quay's named tokens that can be granted permissions on multiple repositories under an organization. It's Quay's recommended authentication model when possible (i.e. registry integration)

Expand

Field Name	Required	Nullable	Type	Description	Format
username			String
password			String	The server will mask the value of this password in responses and logs.

29.8.7.4. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

29.8.7.5. StorageAzureConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
wifEnabled	Boolean

29.8.7.6. StorageClairConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.8.7.7. StorageClairV4Config
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
insecure			Boolean

29.8.7.8. StorageClairifyConfig
Copy link

Expand

Field Name	Type	Format
endpoint	String
grpcEndpoint	String
numConcurrentScans	Integer	int32

29.8.7.9. StorageDockerConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
username	String
password	String	The password for the integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean

29.8.7.10. StorageECRConfig
Copy link

Expand

Field Name	Type	Description
registryId	String
accessKeyId	String	The access key ID for the integration. The server will mask the value of this credential in responses and logs.
secretAccessKey	String	The secret access key for the integration. The server will mask the value of this credential in responses and logs.
region	String
useIam	Boolean
endpoint	String
useAssumeRole	Boolean
assumeRoleId	String
assumeRoleExternalId	String
authorizationData	ECRConfigAuthorizationData

29.8.7.11. StorageGoogleConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
serviceAccount	String	The service account for the integration. The server will mask the value of this credential in responses and logs.
project	String
wifEnabled	Boolean

29.8.7.12. StorageIBMRegistryConfig
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
endpoint			String
apiKey			String	The API key for the integration. The server will mask the value of this credential in responses and logs.

29.8.7.13. StorageImageIntegration
Copy link

Next Tag: 25

Expand

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
type			String
categories			List of StorageImageIntegrationCategory
clairify			StorageClairifyConfig
scannerV4			StorageScannerV4Config
docker			StorageDockerConfig
quay			StorageQuayConfig
ecr			StorageECRConfig
google			StorageGoogleConfig
clair			StorageClairConfig
clairV4			StorageClairV4Config
ibm			StorageIBMRegistryConfig
azure			StorageAzureConfig
autogenerated			Boolean
clusterId			String
skipTestIntegration			Boolean
source			StorageImageIntegrationSource

29.8.7.14. StorageImageIntegrationCategory
Copy link

NODE_SCANNER: Image and Node integrations are currently done on the same form in the UI so the image integration is also currently used for node integrations. This decision was made because we currently only support one node scanner (our scanner).

Expand

Enum Values
REGISTRY
SCANNER
NODE_SCANNER

29.8.7.15. StorageImageIntegrationSource
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
clusterId			String
namespace			String
imagePullSecretName			String

29.8.7.16. StorageQuayConfig
Copy link

Expand

Field Name	Type	Description
endpoint	String
oauthToken	String	The OAuth token for the integration. Required if this is a scanner integration. The server will mask the value of this credential in responses and logs.
insecure	Boolean
registryRobotCredentials	QuayConfigRobotAccount

29.8.7.17. StorageScannerV4Config
Copy link

Expand

Field Name	Type	Format
numConcurrentScans	Integer	int32
indexerEndpoint	String
matcherEndpoint	String

29.8.7.18. V1UpdateImageIntegrationRequest
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
config			StorageImageIntegration
updatePassword			Boolean	When false, use the stored credentials of an existing image integration given its ID.

Chapter 29. ImageIntegrationService

29.1. UpdateImageIntegrationCopy linkLink copied to clipboard!

29.1.1. DescriptionCopy linkLink copied to clipboard!

29.1.2. ParametersCopy linkLink copied to clipboard!

29.1.2.1. Path ParametersCopy linkLink copied to clipboard!

29.1.2.2. Body ParameterCopy linkLink copied to clipboard!

29.1.3. Return TypeCopy linkLink copied to clipboard!

29.1.4. Content TypeCopy linkLink copied to clipboard!

29.1.5. ResponsesCopy linkLink copied to clipboard!

29.1.6. SamplesCopy linkLink copied to clipboard!

29.1.7. Common object referenceCopy linkLink copied to clipboard!

29.1.7.1. ECRConfigAuthorizationDataCopy linkLink copied to clipboard!

29.1.7.2. ProtobufAnyCopy linkLink copied to clipboard!

29.1.7.2.1. JSON representationCopy linkLink copied to clipboard!

29.1.7.3. QuayConfigRobotAccountCopy linkLink copied to clipboard!

29.1.7.4. RuntimeErrorCopy linkLink copied to clipboard!

29.1.7.5. StorageAzureConfigCopy linkLink copied to clipboard!

29.1.7.6. StorageClairConfigCopy linkLink copied to clipboard!

29.1.7.7. StorageClairV4ConfigCopy linkLink copied to clipboard!

29.1.7.8. StorageClairifyConfigCopy linkLink copied to clipboard!

29.1.7.9. StorageDockerConfigCopy linkLink copied to clipboard!

29.1.7.10. StorageECRConfigCopy linkLink copied to clipboard!

29.1.7.11. StorageGoogleConfigCopy linkLink copied to clipboard!

29.1.7.12. StorageIBMRegistryConfigCopy linkLink copied to clipboard!

29.1.7.13. StorageImageIntegrationCopy linkLink copied to clipboard!

29.1.7.14. StorageImageIntegrationCategoryCopy linkLink copied to clipboard!

29.1.7.15. StorageImageIntegrationSourceCopy linkLink copied to clipboard!

29.1.7.16. StorageQuayConfigCopy linkLink copied to clipboard!

29.1.7.17. StorageScannerV4ConfigCopy linkLink copied to clipboard!

29.1.7.18. V1UpdateImageIntegrationRequestCopy linkLink copied to clipboard!

29.2. GetImageIntegrationsCopy linkLink copied to clipboard!

29.2.1. DescriptionCopy linkLink copied to clipboard!

29.2.2. ParametersCopy linkLink copied to clipboard!

29.2.2.1. Query ParametersCopy linkLink copied to clipboard!

29.2.3. Return TypeCopy linkLink copied to clipboard!

29.2.4. Content TypeCopy linkLink copied to clipboard!

29.2.5. ResponsesCopy linkLink copied to clipboard!

29.2.6. SamplesCopy linkLink copied to clipboard!

29.2.7. Common object referenceCopy linkLink copied to clipboard!

29.2.7.1. ECRConfigAuthorizationDataCopy linkLink copied to clipboard!

29.2.7.2. ProtobufAnyCopy linkLink copied to clipboard!

29.2.7.2.1. JSON representationCopy linkLink copied to clipboard!

29.2.7.3. QuayConfigRobotAccountCopy linkLink copied to clipboard!

29.2.7.4. RuntimeErrorCopy linkLink copied to clipboard!

29.2.7.5. StorageAzureConfigCopy linkLink copied to clipboard!

29.2.7.6. StorageClairConfigCopy linkLink copied to clipboard!

29.2.7.7. StorageClairV4ConfigCopy linkLink copied to clipboard!

29.2.7.8. StorageClairifyConfigCopy linkLink copied to clipboard!

29.2.7.9. StorageDockerConfigCopy linkLink copied to clipboard!

29.2.7.10. StorageECRConfigCopy linkLink copied to clipboard!

29.2.7.11. StorageGoogleConfigCopy linkLink copied to clipboard!

29.2.7.12. StorageIBMRegistryConfigCopy linkLink copied to clipboard!

29.2.7.13. StorageImageIntegrationCopy linkLink copied to clipboard!

29.2.7.14. StorageImageIntegrationCategoryCopy linkLink copied to clipboard!

29.2.7.15. StorageImageIntegrationSourceCopy linkLink copied to clipboard!

29.2.7.16. StorageQuayConfigCopy linkLink copied to clipboard!

29.2.7.17. StorageScannerV4ConfigCopy linkLink copied to clipboard!

29.2.7.18. V1GetImageIntegrationsResponseCopy linkLink copied to clipboard!

29.3. DeleteImageIntegrationCopy linkLink copied to clipboard!

29.3.1. DescriptionCopy linkLink copied to clipboard!

29.3.2. ParametersCopy linkLink copied to clipboard!

29.3.2.1. Path ParametersCopy linkLink copied to clipboard!

29.3.3. Return TypeCopy linkLink copied to clipboard!

29.3.4. Content TypeCopy linkLink copied to clipboard!

29.3.5. ResponsesCopy linkLink copied to clipboard!

29.3.6. SamplesCopy linkLink copied to clipboard!

29.3.7. Common object referenceCopy linkLink copied to clipboard!

29.3.7.1. ProtobufAnyCopy linkLink copied to clipboard!

29.3.7.1.1. JSON representationCopy linkLink copied to clipboard!

29.3.7.2. RuntimeErrorCopy linkLink copied to clipboard!

29.4. GetImageIntegrationCopy linkLink copied to clipboard!

29.4.1. DescriptionCopy linkLink copied to clipboard!

29.4.2. ParametersCopy linkLink copied to clipboard!

29.4.2.1. Path ParametersCopy linkLink copied to clipboard!

29.4.3. Return TypeCopy linkLink copied to clipboard!

29.4.4. Content TypeCopy linkLink copied to clipboard!

29.4.5. ResponsesCopy linkLink copied to clipboard!

29.4.6. SamplesCopy linkLink copied to clipboard!

29.4.7. Common object referenceCopy linkLink copied to clipboard!

29.4.7.1. ECRConfigAuthorizationDataCopy linkLink copied to clipboard!

29.1. UpdateImageIntegration
Copy link

29.1.1. Description
Copy link

29.1.2. Parameters
Copy link

29.1.2.1. Path Parameters
Copy link

29.1.2.2. Body Parameter
Copy link

29.1.3. Return Type
Copy link

29.1.4. Content Type
Copy link

29.1.5. Responses
Copy link

29.1.6. Samples
Copy link

29.1.7. Common object reference
Copy link

29.1.7.1. ECRConfigAuthorizationData
Copy link

29.1.7.2. ProtobufAny
Copy link

29.1.7.2.1. JSON representation
Copy link

29.1.7.3. QuayConfigRobotAccount
Copy link

29.1.7.4. RuntimeError
Copy link

29.1.7.5. StorageAzureConfig
Copy link

29.1.7.6. StorageClairConfig
Copy link

29.1.7.7. StorageClairV4Config
Copy link

29.1.7.8. StorageClairifyConfig
Copy link

29.1.7.9. StorageDockerConfig
Copy link

29.1.7.10. StorageECRConfig
Copy link

29.1.7.11. StorageGoogleConfig
Copy link

29.1.7.12. StorageIBMRegistryConfig
Copy link

29.1.7.13. StorageImageIntegration
Copy link

29.1.7.14. StorageImageIntegrationCategory
Copy link

29.1.7.15. StorageImageIntegrationSource
Copy link

29.1.7.16. StorageQuayConfig
Copy link

29.1.7.17. StorageScannerV4Config
Copy link

29.1.7.18. V1UpdateImageIntegrationRequest
Copy link

29.2. GetImageIntegrations
Copy link

29.2.1. Description
Copy link

29.2.2. Parameters
Copy link

29.2.2.1. Query Parameters
Copy link

29.2.3. Return Type
Copy link

29.2.4. Content Type
Copy link

29.2.5. Responses
Copy link

29.2.6. Samples
Copy link

29.2.7. Common object reference
Copy link

29.2.7.1. ECRConfigAuthorizationData
Copy link

29.2.7.2. ProtobufAny
Copy link

29.2.7.2.1. JSON representation
Copy link

29.2.7.3. QuayConfigRobotAccount
Copy link

29.2.7.4. RuntimeError
Copy link

29.2.7.5. StorageAzureConfig
Copy link

29.2.7.6. StorageClairConfig
Copy link

29.2.7.7. StorageClairV4Config
Copy link

29.2.7.8. StorageClairifyConfig
Copy link

29.2.7.9. StorageDockerConfig
Copy link

29.2.7.10. StorageECRConfig
Copy link

29.2.7.11. StorageGoogleConfig
Copy link

29.2.7.12. StorageIBMRegistryConfig
Copy link

29.2.7.13. StorageImageIntegration
Copy link

29.2.7.14. StorageImageIntegrationCategory
Copy link

29.2.7.15. StorageImageIntegrationSource
Copy link

29.2.7.16. StorageQuayConfig
Copy link

29.2.7.17. StorageScannerV4Config
Copy link

29.2.7.18. V1GetImageIntegrationsResponse
Copy link

29.3. DeleteImageIntegration
Copy link

29.3.1. Description
Copy link

29.3.2. Parameters
Copy link

29.3.2.1. Path Parameters
Copy link

29.3.3. Return Type
Copy link

29.3.4. Content Type
Copy link

29.3.5. Responses
Copy link

29.3.6. Samples
Copy link

29.3.7. Common object reference
Copy link

29.3.7.1. ProtobufAny
Copy link

29.3.7.1.1. JSON representation
Copy link

29.3.7.2. RuntimeError
Copy link

29.4. GetImageIntegration
Copy link

29.4.1. Description
Copy link

29.4.2. Parameters
Copy link

29.4.2.1. Path Parameters
Copy link

29.4.3. Return Type
Copy link

29.4.4. Content Type
Copy link

29.4.5. Responses
Copy link

29.4.6. Samples
Copy link

29.4.7. Common object reference
Copy link

29.4.7.1. ECRConfigAuthorizationData
Copy link

29.4.7.2. ProtobufAny
Copy link