ImageIntegrationService | API reference | Red Hat Advanced Cluster Security for Kubernetes 4.5

DeleteImageIntegration

DELETE /v1/imageintegrations/{id}

DeleteImageIntegration removes a image integration given its ID.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Return Type

Object

Content Type

application/json

Responses

Table 1. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

Samples

GetImageIntegration

GET /v1/imageintegrations/{id}

GetImageIntegration returns the image integration given its ID.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Return Type

StorageImageIntegration

Content Type

application/json

Responses

Table 2. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	StorageImageIntegration
0	An unexpected error response.	RuntimeError

Samples

GetImageIntegrations

GET /v1/imageintegrations

GetImageIntegrations returns all image integrations that match the request filters.

Description

Parameters

Query Parameters

Name	Description	Required	Default	Pattern
name		-	null
cluster		-	null

Name

Description

Required

Default

Pattern

name

null

cluster

null

Return Type

V1GetImageIntegrationsResponse

Content Type

application/json

Responses

Table 3. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1GetImageIntegrationsResponse
0	An unexpected error response.	RuntimeError

Samples

PostImageIntegration

POST /v1/imageintegrations

PostImageIntegration creates a image integration.

Description

Parameters

Body Parameter

Name	Description	Required	Default	Pattern
body	StorageImageIntegration	X

Name

Description

Required

Default

Pattern

body

StorageImageIntegration

Return Type

StorageImageIntegration

Content Type

application/json

Responses

Table 4. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	StorageImageIntegration
0	An unexpected error response.	RuntimeError

Samples

PutImageIntegration

PUT /v1/imageintegrations/{id}

PutImageIntegration modifies a given image integration, without using stored credential reconciliation.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
id		X	null

Name

Description

Required

Default

Pattern

null

Body Parameter

Name	Description	Required	Default	Pattern
body	StorageImageIntegration	X

Name

Description

Required

Default

Pattern

body

StorageImageIntegration

Return Type

Object

Content Type

application/json

Responses

Table 5. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

Samples

TestImageIntegration

POST /v1/imageintegrations/test

TestImageIntegration checks if the given image integration is correctly configured, without using stored credential reconciliation.

Description

Parameters

Body Parameter

Name	Description	Required	Default	Pattern
body	StorageImageIntegration	X

Name

Description

Required

Default

Pattern

body

StorageImageIntegration

Return Type

Object

Content Type

application/json

Responses

Table 6. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

Samples

TestUpdatedImageIntegration

POST /v1/imageintegrations/test/updated

TestUpdatedImageIntegration checks if the given image integration is correctly configured, with optional stored credential reconciliation.

Description

Parameters

Body Parameter

Name	Description	Required	Default	Pattern
body	V1UpdateImageIntegrationRequest	X

Name

Description

Required

Default

Pattern

body

V1UpdateImageIntegrationRequest

Return Type

Object

Content Type

application/json

Responses

Table 7. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

Samples

UpdateImageIntegration

PATCH /v1/imageintegrations/{config.id}

UpdateImageIntegration modifies a given image integration, with optional stored credential reconciliation.

Description

Parameters

Path Parameters

Name	Description	Required	Default	Pattern
config.id		X	null

Name

Description

Required

Default

Pattern

config.id

null

Body Parameter

Name	Description	Required	Default	Pattern
body	V1UpdateImageIntegrationRequest	X

Name

Description

Required

Default

Pattern

body

V1UpdateImageIntegrationRequest

Return Type

Object

Content Type

application/json

Responses

Table 8. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

Samples

Common object reference

ECRConfigAuthorizationData

An authorization data represents the IAM authentication credentials and can be used to access any Amazon ECR registry that the IAM principal has access to.

Field Name

Required

Nullable

Type

Description

Format

username

String

password

String

expiresAt

Date

date-time

ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Field Name Required Nullable Type Description Format

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

typeUrl

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

value

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

QuayConfigRobotAccount

Robot account is Quay's named tokens that can be granted permissions on multiple repositories under an organization. It's Quay's recommended authentication model when possible (i.e. registry integration)

Field Name

Required

Nullable

Type

Description

Format

username

String

password

String

The server will mask the value of this password in responses and logs.

RuntimeError

Field Name

Required

Nullable

Type

Description

Format

error

String

code

Integer

int32

message

String

details

List of ProtobufAny

StorageAzureConfig

Field Name

Required

Nullable

Type

Description

Format

endpoint

String

username

String

password

String

The password for the integration. The server will mask the value of this credential in responses and logs.

wifEnabled

Boolean

StorageClairConfig

Field Name

Required

Nullable

Type

Description

Format

endpoint

String

insecure

Boolean

StorageClairV4Config

Field Name

Required

Nullable

Type

Description

Format

endpoint

String

insecure

Boolean

StorageClairifyConfig

Field Name

Required

Nullable

Type

Description

Format

endpoint

String

grpcEndpoint

String

numConcurrentScans

Integer

int32

StorageDockerConfig

Field Name

Required

Nullable

Type

Description

Format

endpoint

String

username

String

password

String

The password for the integration. The server will mask the value of this credential in responses and logs.

insecure

Boolean

StorageECRConfig

Field Name

Required

Nullable

Type

Description

Format

registryId

String

accessKeyId

String

The access key ID for the integration. The server will mask the value of this credential in responses and logs.

secretAccessKey

String

The secret access key for the integration. The server will mask the value of this credential in responses and logs.

region

String

useIam

Boolean

endpoint

String

useAssumeRole

Boolean

assumeRoleId

String

assumeRoleExternalId

String

authorizationData

ECRConfigAuthorizationData

StorageGoogleConfig

Field Name

Required

Nullable

Type

Description

Format

endpoint

String

serviceAccount

String

The service account for the integration. The server will mask the value of this credential in responses and logs.

project

String

wifEnabled

Boolean

StorageIBMRegistryConfig

Field Name

Required

Nullable

Type

Description

Format

endpoint

String

apiKey

String

The API key for the integration. The server will mask the value of this credential in responses and logs.

StorageImageIntegration

Next Tag: 25

Field Name

Required

Nullable

Type

Description

Format

String

name

String

type

String

StorageImageIntegrationCategory

NODE_SCANNER: Image and Node integrations are currently done on the same form in the UI so the image integration is also currently used for node integrations. This decision was made because we currently only support one node scanner (our scanner).

Enum Values
REGISTRY
SCANNER
NODE_SCANNER

Enum Values

REGISTRY

SCANNER

NODE_SCANNER

StorageImageIntegrationSource

Field Name

Required

Nullable

Type

Description

Format

clusterId

String

namespace

String

imagePullSecretName

String

StorageQuayConfig

Field Name

Required

Nullable

Type

Description

Format

endpoint

String

oauthToken

String

The OAuth token for the integration. Required if this is a scanner integration. The server will mask the value of this credential in responses and logs.

insecure

Boolean

registryRobotCredentials

QuayConfigRobotAccount

StorageScannerV4Config

Field Name

Required

Nullable

Type

Description

Format

numConcurrentScans

Integer

int32

indexerEndpoint

String

matcherEndpoint

String

V1GetImageIntegrationsResponse

Field Name

Required

Nullable

Type

Description

Format

integrations

List of StorageImageIntegration

V1UpdateImageIntegrationRequest

Field Name

Required

Nullable

Type

Description

Format

config

StorageImageIntegration

updatePassword

Boolean

When false, use the stored credentials of an existing image integration given its ID.