×

GET /v1/nodes/{clusterId}/{nodeId}

Description

Parameters

Path Parameters

Name Description Required Default Pattern

clusterId

X

null

nodeId

X

null

Return Type

Content Type

  • application/json

Responses

Table 1. HTTP Response Codes
Code Message Datatype

200

A successful response.

StorageNode

0

An unexpected error response.

GooglerpcStatus

Samples

Common object reference

CVSSV2AccessComplexity

Enum Values

ACCESS_HIGH

ACCESS_MEDIUM

ACCESS_LOW

CVSSV2Authentication

Enum Values

AUTH_MULTIPLE

AUTH_SINGLE

AUTH_NONE

CVSSV3Complexity

Enum Values

COMPLEXITY_LOW

COMPLEXITY_HIGH

CVSSV3Privileges

Enum Values

PRIVILEGE_NONE

PRIVILEGE_LOW

PRIVILEGE_HIGH

CVSSV3UserInteraction

Enum Values

UI_NONE

UI_REQUIRED

EmbeddedVulnerabilityVulnerabilityType

Enum Values

UNKNOWN_VULNERABILITY

IMAGE_VULNERABILITY

K8S_VULNERABILITY

ISTIO_VULNERABILITY

NODE_VULNERABILITY

OPENSHIFT_VULNERABILITY

GooglerpcStatus

Field Name Required Nullable Type Description Format

code

Integer

int32

message

String

details

List of ProtobufAny

NodeScanScanner

Enum Values

SCANNER

SCANNER_V4

ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field Name Required Nullable Type Description Format

@type

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

StorageCVEInfo

Field Name Required Nullable Type Description Format

cve

String

summary

String

link

String

publishedOn

Date

This indicates the timestamp when the cve was first published in the cve feeds.

date-time

createdAt

Date

Time when the CVE was first seen in the system.

date-time

lastModified

Date

date-time

scoreVersion

StorageCVEInfoScoreVersion

V2, V3, UNKNOWN,

cvssV2

StorageCVSSV2

cvssV3

StorageCVSSV3

references

List of StorageCVEInfoReference

cvssMetrics

List of StorageCVSSScore

StorageCVEInfoReference

Field Name Required Nullable Type Description Format

URI

String

tags

List of string

StorageCVEInfoScoreVersion

ScoreVersion can be deprecated ROX-26066
  • V2: No unset for automatic backwards compatibility

Enum Values

V2

V3

UNKNOWN

StorageCVSSScore

Field Name Required Nullable Type Description Format

source

StorageSource

SOURCE_UNKNOWN, SOURCE_RED_HAT, SOURCE_OSV, SOURCE_NVD,

url

String

cvssv2

StorageCVSSV2

cvssv3

StorageCVSSV3

StorageCVSSV2

Field Name Required Nullable Type Description Format

vector

String

attackVector

StorageCVSSV2AttackVector

ATTACK_LOCAL, ATTACK_ADJACENT, ATTACK_NETWORK,

accessComplexity

CVSSV2AccessComplexity

ACCESS_HIGH, ACCESS_MEDIUM, ACCESS_LOW,

authentication

CVSSV2Authentication

AUTH_MULTIPLE, AUTH_SINGLE, AUTH_NONE,

confidentiality

StorageCVSSV2Impact

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

integrity

StorageCVSSV2Impact

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

availability

StorageCVSSV2Impact

IMPACT_NONE, IMPACT_PARTIAL, IMPACT_COMPLETE,

exploitabilityScore

Float

float

impactScore

Float

float

score

Float

float

severity

StorageCVSSV2Severity

UNKNOWN, LOW, MEDIUM, HIGH,

StorageCVSSV2AttackVector

Enum Values

ATTACK_LOCAL

ATTACK_ADJACENT

ATTACK_NETWORK

StorageCVSSV2Impact

Enum Values

IMPACT_NONE

IMPACT_PARTIAL

IMPACT_COMPLETE

StorageCVSSV2Severity

Enum Values

UNKNOWN

LOW

MEDIUM

HIGH

StorageCVSSV3

Field Name Required Nullable Type Description Format

vector

String

exploitabilityScore

Float

float

impactScore

Float

float

attackVector

StorageCVSSV3AttackVector

ATTACK_LOCAL, ATTACK_ADJACENT, ATTACK_NETWORK, ATTACK_PHYSICAL,

attackComplexity

CVSSV3Complexity

COMPLEXITY_LOW, COMPLEXITY_HIGH,

privilegesRequired

CVSSV3Privileges

PRIVILEGE_NONE, PRIVILEGE_LOW, PRIVILEGE_HIGH,

userInteraction

CVSSV3UserInteraction

UI_NONE, UI_REQUIRED,

scope

StorageCVSSV3Scope

UNCHANGED, CHANGED,

confidentiality

StorageCVSSV3Impact

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

integrity

StorageCVSSV3Impact

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

availability

StorageCVSSV3Impact

IMPACT_NONE, IMPACT_LOW, IMPACT_HIGH,

score

Float

float

severity

StorageCVSSV3Severity

UNKNOWN, NONE, LOW, MEDIUM, HIGH, CRITICAL,

StorageCVSSV3AttackVector

Enum Values

ATTACK_LOCAL

ATTACK_ADJACENT

ATTACK_NETWORK

ATTACK_PHYSICAL

StorageCVSSV3Impact

Enum Values

IMPACT_NONE

IMPACT_LOW

IMPACT_HIGH

StorageCVSSV3Scope

Enum Values

UNCHANGED

CHANGED

StorageCVSSV3Severity

Enum Values

UNKNOWN

NONE

LOW

MEDIUM

HIGH

CRITICAL

StorageContainerRuntime

Enum Values

UNKNOWN_CONTAINER_RUNTIME

DOCKER_CONTAINER_RUNTIME

CRIO_CONTAINER_RUNTIME

StorageContainerRuntimeInfo

Field Name Required Nullable Type Description Format

type

StorageContainerRuntime

UNKNOWN_CONTAINER_RUNTIME, DOCKER_CONTAINER_RUNTIME, CRIO_CONTAINER_RUNTIME,

version

String

StorageEmbeddedNodeScanComponent

Field Name Required Nullable Type Description Format

name

String

version

String

vulns

List of StorageEmbeddedVulnerability

vulnerabilities

List of StorageNodeVulnerability

priority

String

int64

topCvss

Float

float

riskScore

Float

float

StorageEmbeddedVulnerability

Next Tag: 22
Field Name Required Nullable Type Description Format

cve

String

cvss

Float

float

summary

String

link

String

fixedBy

String

scoreVersion

StorageEmbeddedVulnerabilityScoreVersion

V2, V3,

cvssV2

StorageCVSSV2

cvssV3

StorageCVSSV3

publishedOn

Date

date-time

lastModified

Date

date-time

vulnerabilityType

EmbeddedVulnerabilityVulnerabilityType

UNKNOWN_VULNERABILITY, IMAGE_VULNERABILITY, K8S_VULNERABILITY, ISTIO_VULNERABILITY, NODE_VULNERABILITY, OPENSHIFT_VULNERABILITY,

vulnerabilityTypes

List of EmbeddedVulnerabilityVulnerabilityType

suppressed

Boolean

suppressActivation

Date

date-time

suppressExpiry

Date

date-time

firstSystemOccurrence

Date

Time when the CVE was first seen, for this specific distro, in the system.

date-time

firstImageOccurrence

Date

Time when the CVE was first seen in this image.

date-time

severity

StorageVulnerabilitySeverity

UNKNOWN_VULNERABILITY_SEVERITY, LOW_VULNERABILITY_SEVERITY, MODERATE_VULNERABILITY_SEVERITY, IMPORTANT_VULNERABILITY_SEVERITY, CRITICAL_VULNERABILITY_SEVERITY,

state

StorageVulnerabilityState

OBSERVED, DEFERRED, FALSE_POSITIVE,

cvssMetrics

List of StorageCVSSScore

nvdCvss

Float

float

StorageEmbeddedVulnerabilityScoreVersion

ScoreVersion can be deprecated ROX-26066
  • V2: No unset for automatic backwards compatibility

Enum Values

V2

V3

StorageNode

Node represents information about a node in the cluster. next available tag: 28
Field Name Required Nullable Type Description Format

id

String

A unique ID identifying this node.

name

String

The (host)name of the node. Might or might not be the same as ID.

taints

List of StorageTaint

clusterId

String

clusterName

String

labels

Map of string

annotations

Map of string

joinedAt

Date

date-time

internalIpAddresses

List of string

externalIpAddresses

List of string

containerRuntimeVersion

String

Use container_runtime.version

containerRuntime

StorageContainerRuntimeInfo

kernelVersion

String

operatingSystem

String

From NodeInfo. Operating system reported by the node (ex: linux).

osImage

String

From NodeInfo. OS image reported by the node from /etc/os-release.

kubeletVersion

String

kubeProxyVersion

String

lastUpdated

Date

date-time

k8sUpdated

Date

Time we received an update from Kubernetes.

date-time

scan

StorageNodeScan

components

Integer

int32

cves

Integer

int32

fixableCves

Integer

int32

priority

String

int64

riskScore

Float

float

topCvss

Float

float

notes

List of StorageNodeNote

StorageNodeNote

Enum Values

MISSING_SCAN_DATA

StorageNodeScan

Next tag: 5
Field Name Required Nullable Type Description Format

scanTime

Date

date-time

operatingSystem

String

components

List of StorageEmbeddedNodeScanComponent

notes

List of StorageNodeScanNote

scannerVersion

NodeScanScanner

SCANNER, SCANNER_V4,

StorageNodeScanNote

Enum Values

UNSET

UNSUPPORTED

KERNEL_UNSUPPORTED

CERTIFIED_RHEL_CVES_UNAVAILABLE

StorageNodeVulnerability

Field Name Required Nullable Type Description Format

cveBaseInfo

StorageCVEInfo

cvss

Float

float

severity

StorageVulnerabilitySeverity

UNKNOWN_VULNERABILITY_SEVERITY, LOW_VULNERABILITY_SEVERITY, MODERATE_VULNERABILITY_SEVERITY, IMPORTANT_VULNERABILITY_SEVERITY, CRITICAL_VULNERABILITY_SEVERITY,

fixedBy

String

snoozed

Boolean

snoozeStart

Date

date-time

snoozeExpiry

Date

date-time

StorageSource

Enum Values

SOURCE_UNKNOWN

SOURCE_RED_HAT

SOURCE_OSV

SOURCE_NVD

StorageTaint

Field Name Required Nullable Type Description Format

key

String

value

String

taintEffect

StorageTaintEffect

UNKNOWN_TAINT_EFFECT, NO_SCHEDULE_TAINT_EFFECT, PREFER_NO_SCHEDULE_TAINT_EFFECT, NO_EXECUTE_TAINT_EFFECT,

StorageTaintEffect

Enum Values

UNKNOWN_TAINT_EFFECT

NO_SCHEDULE_TAINT_EFFECT

PREFER_NO_SCHEDULE_TAINT_EFFECT

NO_EXECUTE_TAINT_EFFECT

StorageVulnerabilitySeverity

Enum Values

UNKNOWN_VULNERABILITY_SEVERITY

LOW_VULNERABILITY_SEVERITY

MODERATE_VULNERABILITY_SEVERITY

IMPORTANT_VULNERABILITY_SEVERITY

CRITICAL_VULNERABILITY_SEVERITY

StorageVulnerabilityState

VulnerabilityState indicates if vulnerability is being observed or deferred(/suppressed). By default, it vulnerabilities are observed.

  • OBSERVED: [Default state]

Enum Values

OBSERVED

DEFERRED

FALSE_POSITIVE