Skip to main content

Update Trusted Repository, Image, and Registry

PUT 

/api/v33.01/trust/data

x-prisma-cloud-target-env: {"permission":"policyContainers"}

Updates a trusted image to the system. Specify trusted images using either the image name or layers properties.

cURL Request

Refer to the following example cURL command that uses basic auth to specify that the Ubuntu 16.04 image on Docker Hub is a trusted image:

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X PUT \
-d '{"image":"ubuntu/16.04", "_id":"docker-ubuntu-group"}' \
https://<CONSOLE>/api/v<VERSION>/trust/data

To edit a trust group based on image base layers, use PUT to specify a list of SHA256 hashes for the layers that are trusted.

Refer to the following example that specifies the Ubuntu 16.04 image is a trusted base OS.

$ curl -k \
-u <USER> \
-H 'Content-Type: application/json' \
-X PUT \
-d '{"layers":"["sha256:a94e0d5a7c404d0e6fa15d8cd4010e69663bd8813b5117fbad71365a73656df9",
"sha256:88888b9b1b5b7bce5db41267e669e6da63ee95736cb904485f96f29be648bfda",
"sha256:52f389ea437ebf419d1c9754d0184b57edb45c951666ee86951d9f6afd26035e",
"sha256:52a7ea2bb533dc2a91614795760a67fb807561e8a588204c4858a300074c082b",
"sha256:db584c622b50c3b8f9b8b94c270cc5fe235e5f23ec4aacea8ce67a8c16e0fbad"]", "_id":"docker-ubuntu-group"}' \
"https://<CONSOLE>/api/v<VERSION>/trust/data"

Request

Body

    groups object[]

    Groups are the trust groups.

  • Array [
  • _id string

    Name of the group.

    disabled boolean

    Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).

    images string (string)[]

    Image names or IDs (e.g., docker.io/library/ubuntu:16.04 / SHA264@...).

    layers string (string)[]

    Filesystem layers. The image is trusted if its layers have a prefix of the trusted groups layer in the same order.

    modified date-time

    Specifies the date and time when the rule was last modified.

    name string

    Name of the rule.

    notes string

    Describes any noteworthy points for a rule. You can include any text.

    owner string

    User who created or last modified the rule.

    previousName string

    Previous name of the rule. Required for rule renaming.

  • ]
  • policy object

    Policy represents the trust policy

    _id string

    ID is the trust group policy ID.

    enabled boolean

    Enabled indicates whether the policy is enabled.

    rules object[]

    Rules is the list of rules in the policy.

  • Array [
  • allowedGroups string (string)[]

    AllowedGroups are the ids of the groups that are whitelisted by this rule.

    blockMsg common.PolicyBlockMsg (string)

    PolicyBlockMsg represent the block message in a Policy

    collections object[]

    Collections is a list of collections the rule applies to.

  • Array [
  • accountIDs string (string)[]

    List of account IDs.

    appIDs string (string)[]

    List of application IDs.

    clusters string (string)[]

    List of Kubernetes cluster names.

    color common.Color (string)

    Color is a hexadecimal representation of color code value

    containers string (string)[]

    List of containers.

    description string

    Free-form text.

    functions string (string)[]

    List of functions.

    hosts string (string)[]

    List of hosts.

    images string (string)[]

    List of images.

    labels string (string)[]

    List of labels.

    modified date-time

    Datetime when the collection was last modified.

    name string

    Collection name. Must be unique.

    namespaces string (string)[]

    List of Kubernetes namespaces.

    owner string

    User who created or last modified the collection.

    prisma boolean

    Indicates whether this collection originates from Prisma Cloud.

    system boolean

    Indicates whether this collection was created by the system (i.e., a non user) (true) or a real user (false).

  • ]
  • deniedGroups string (string)[]

    DeniedGroups are the ids of the groups that are blacklisted by this rule.

    disabled boolean

    Indicates whether the rule is currently disabled. Values: true (disabled) or false (enabled).

    effect vuln.Effect (string)

    Possible values: [ignore,alert,block]

    Effect specifies relevant action for a vulnerability

    modified date-time

    Specifies the date and time when the rule was last modified.

    name string

    Name of the rule.

    notes string

    Describes any noteworthy points for a rule. You can include any text.

    owner string

    User who created or last modified the rule.

    previousName string

    Previous name of the rule. Required for rule renaming.

  • ]

Responses

OK

Loading...