Update Trusted Repository, Image, and Registry
PUT/api/v32.04/trust/data
x-prisma-cloud-target-env: {"permission":"policyContainers","saas":true,"self-hosted":true}
x-public: true
Updates a trusted image to the system. Specify trusted images using either the image name or layers properties.
cURL Request
Refer to the following example cURL command that uses basic auth to specify that the Ubuntu 16.04 image on Docker Hub is a trusted image:
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X PUT \
-d '{"image":"ubuntu/16.04", "_id":"docker-ubuntu-group"}' \
https://<CONSOLE>/api/v<VERSION>/trust/data
To edit a trust group based on image base layers, use PUT to specify a list of SHA256 hashes for the layers that are trusted.
Refer to the following example that specifies the Ubuntu 16.04 image is a trusted base OS.
$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X PUT \
-d '{"layers":"["sha256:a94e0d5a7c404d0e6fa15d8cd4010e69663bd8813b5117fbad71365a73656df9",
"sha256:88888b9b1b5b7bce5db41267e669e6da63ee95736cb904485f96f29be648bfda",
"sha256:52f389ea437ebf419d1c9754d0184b57edb45c951666ee86951d9f6afd26035e",
"sha256:52a7ea2bb533dc2a91614795760a67fb807561e8a588204c4858a300074c082b",
"sha256:db584c622b50c3b8f9b8b94c270cc5fe235e5f23ec4aacea8ce67a8c16e0fbad"]", "_id":"docker-ubuntu-group"}' \
"https://<CONSOLE>/api/v<VERSION>/trust/data"
Request
- application/json
Body
- Array [
- ]
- Array [
- Array [
- ]
- ]
groups object[]
Groups are the trust groups.
Name of the group.
Indicates if the rule is currently disabled (true) or not (false).
Image names or IDs (e.g., docker.io/library/ubuntu:16.04 / SHA264@...).
Filesystem layers. The image is trusted if its layers have a prefix of the trusted groups layer in the same order.
Datetime when the rule was last modified.
Name of the rule.
Free-form text.
User who created or last modified the rule.
Previous name of the rule. Required for rule renaming.
policy object
Policy represents the trust policy
ID is the trust group policy ID.
Enabled indicates whether the policy is enabled.
rules object[]
Rules is the list of rules in the policy.
AllowedGroups are the ids of the groups that are whitelisted by this rule.
PolicyBlockMsg represent the block message in a Policy
collections object[]
Collections is a list of collections the rule applies to.
List of account IDs.
List of application IDs.
List of Kubernetes cluster names.
Color is a hexadecimal representation of color code value
List of containers.
Free-form text.
List of functions.
List of hosts.
List of images.
List of labels.
Datetime when the collection was last modified.
Collection name. Must be unique.
List of Kubernetes namespaces.
User who created or last modified the collection.
Indicates whether this collection originates from Prisma Cloud.
Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).
DeniedGroups are the ids of the groups that are blacklisted by this rule.
Indicates if the rule is currently disabled (true) or not (false).
Possible values: [ignore,alert,block]
Effect specifies relevant action for a vulnerability
Datetime when the rule was last modified.
Name of the rule.
Free-form text.
User who created or last modified the rule.
Previous name of the rule. Required for rule renaming.
Responses
- 200
- default
OK