IAM and Activity Tracker or IBM Cloud Logs actions by API method for Container Registry
When you use IBM Cloud® Container Registry through the command line or console, the service calls application programming interface (API) methods to complete your requests.
As of 28 March 2024, the IBM Cloud Activity Tracker service is deprecated and will no longer be supported as of 30 March 2025. Customers will need to migrate to IBM Cloud Logs before 30 March 2025. During the migration period, customers can use IBM Cloud Activity Tracker along with IBM Cloud Logs. Activity tracking events are the same for both services. For more information about migrating from IBM Cloud Activity Tracker to IBM Cloud Logs and running the services in parallel, see migration planning.
You might need certain permissions to call these API methods, and you can track the requests that you make with an IBM Cloud Activity Tracker or IBM Cloud Logs instance.
Review the following Cloud Identity and Access Management (IAM) actions and IBM Cloud Activity Tracker or IBM Cloud Logs events that correspond to each API method in Container Registry.
For more information, see the following topics:
- Container Registry API documentation
- Vulnerability Advisor for Container Registry API documentation
- Auditing events for Container Registry
- Managing IAM access for Container Registry
Container Registry
Review the following account API methods, their required actions in IBM Cloud IAM, and the events that are sent to IBM Cloud Activity Tracker or IBM Cloud Logs for Container Registry.
Authorization API methods
| Action | Method | IAM ACTION | AT ACTION |
|---|---|---|---|
| Get authorization options for the targeted account. | GET /api/v1/auth |
container-registry.auth.get |
container-registry.auth.get |
| Update authorization options for the targeted account. | PATCH /api/v1/auth |
container-registry.auth.set |
container-registry.auth.set |
Image API methods
| Action | Method | IAM ACTION | AT ACTION |
|---|---|---|---|
| List the images. | GET /api/v1/images |
container-registry.image.list |
container-registry.image.list |
| Delete more than one image. | POST /api/v1/images/bulkdelete |
container-registry.image.delete |
container-registry.image.bulkdelete |
| List the images by digest. | POST /api/v1/images/digests |
container-registry.image.list |
container-registry.image.list |
| Create a tag. | POST /api/v1/images/tags |
container-registry.image.pull
|
container-registry.image.tag |
| Delete an image. | DELETE /api/v1/images/{image} |
container-registry.image.delete |
container-registry.image.delete |
| Inspect an image. | GET /api/v1/images/{image}/json |
container-registry.image.inspect |
container-registry.image.inspect |
| Get the image manifest. | GET /api/v1/images/{image}/manifest |
container-registry.image.inspect |
container-registry.manifest.inspect |
Message API methods
| Action | Method | IAM ACTION | AT ACTION |
|---|---|---|---|
| Return any published system messages. | GET /api/v1/messages |
Not applicable | Not applicable |
Namespace API methods
| Action | Method | IAM ACTION | AT ACTION |
|---|---|---|---|
| List the namespaces. | GET /api/v1/namespaces |
container-registry.namespace.list |
container-registry.namespace.list |
| Detailed namespace list. | GET /api/v1/namespaces/details |
container-registry.namespace.list |
container-registry.namespace.list |
| Create a namespace. | PUT /api/v1/namespaces/{namespace} |
container-registry.namespace.create |
container-registry.namespace.create |
| Assign a namespace. | PATCH /api/v1/namespaces/{namespace} |
container-registry.namespace.create |
container-registry.namespace.update |
| Delete a namespace. | DELETE /api/v1/namespaces/{namespace} |
container-registry.namespace.delete |
container-registry.namespace.delete |
Plan API methods
| Action | Method | IAM ACTION | AT ACTION |
|---|---|---|---|
| Get plans for the targeted account. | GET /api/v1/plans |
container-registry.plan.get |
container-registry.plan.get |
| Update plans for the targeted account. | PATCH /api/v1/plans |
container-registry.plan.set |
container-registry.plan.set |
Quota API methods
| Action | Method | IAM ACTION | AT ACTION |
|---|---|---|---|
| Get the quotas for the targeted account. | GET /api/v1/quotas |
container-registry.quota.get |
container-registry.quota.get |
| Update the quotas for the targeted account. | PATCH /api/v1/quotas |
container-registry.quota.set |
container-registry.quota.set |
Retention API methods
| Action | Method | IAM ACTION | AT ACTION |
|---|---|---|---|
| List the retention policies for all namespaces in the targeted IBM Cloud account. | GET /api/v1/retentions |
container-registry.retention.list |
container-registry.retention.list |
| Set the retention policy for the specified namespace. | POST /api/v1/retentions |
container-registry.retention.set |
container-registry.retention.set |
| Analyze a retention policy, and get a list of what would be deleted by it. | POST /api/v1/retentions/analyze |
container-registry.retention.analyze |
container-registry.retention.analyze |
| Get the retention policy for the specified namespace. | GET /api/v1/retentions/{namespace} |
container-registry.retention.get |
container-registry.retention.get |
Settings API methods
| Action | Method | IAM ACTION | AT ACTION |
|---|---|---|---|
| Get the registry service settings for the targeted account, such as whether platform metrics are enabled. | GET /api/v1/settings |
container-registry.settings.get |
container-registry.settings.get |
| Update the registry service settings for the targeted account, such as enabling platform metrics. | PATCH /api/v1/settings |
container-registry.settings.set |
container-registry.settings.set |
Trash API methods
| Action | Method | IAM ACTION | AT ACTION |
|---|---|---|---|
| List the images in the trash. | GET /api/v1/trash |
container-registry.image.delete |
container-registry.trash.list |
| Restore a digest and all associated tags. | POST /api/v1/trash/{digest}/restoretags |
container-registry.image.push |
container-registry.trash.restore |
| Restore a deleted image. | POST /api/v1/trash/{image}/restore |
container-registry.image.push |
container-registry.trash.restore |
Vulnerability Advisor API methods
Report API methods
| Action | Method | IAM ACTION | AT ACTION |
|---|---|---|---|
| Get the vulnerability assessment for all images. | GET /va/api/v4/report/account |
container-registry.exemption.list |
container-registry.account-vulnerability-report.list |
| Get the vulnerability assessment status for all images. | GET /va/api/v4/report/account/status |
container-registry.exemption.list |
container-registry.account-vulnerability-status.list |
| Get the vulnerability status. | GET /va/api/v4/report/image/status/{name} |
container-registry.exemption.list |
container-registry.image-vulnerability-status.read |
| Get the vulnerability assessment status. | GET /va/api/v4/report/image/{name} |
container-registry.exemption.list |
container-registry.image-vulnerability-report.read |
Exemption API methods
| Action | Method | IAM ACTION | AT ACTION |
|---|---|---|---|
| List the account-level exemptions. | GET /va/api/v4/exempt/image |
container-registry.exemption.list |
Not applicable |
| Get an account-level exemption. | GET /va/api/v4/exempt/image/issue/{issueType}/{issueID} |
container-registry.exemption.list |
Not applicable |
| Create or update an account-level exemption. | POST /va/api/v4/exempt/image/issue/{issueType}/{issueID} |
container-registry.exemption.manager |
container-registry.exemption.create |
| Delete an account-level exemption. | DELETE /va/api/v4/exempt/image/issue/{issueType}/{issueID} |
container-registry.exemption.manager |
container-registry.exemption.delete |
| List the resource exemptions. | GET /va/api/v4/exempt/image/{resource} |
container-registry.exemption.list |
Not applicable |
| Get the details of a resource exemption. | GET /va/api/v4/exempt/image/{resource}/issue/{issueType}/{issueID} |
container-registry.exemption.list |
Not applicable |
| Create or update a resource exemption. | POST /va/api/v4/exempt/image/{resource}/issue/{issueType}/{issueID} |
container-registry.exemption.manager |
container-registry.exemption.create |
| Delete a resource exemption. | DELETE /va/api/v4/exempt/image/{resource}/issue/{issueType}/{issueID} |
container-registry.exemption.manager |
container-registry.exemption.delete |
| List the types of exemption. | GET /va/api/v4/exempt/types |
Not applicable | Not applicable |
| List all exemptions. | GET /va/api/v4/exemptions/account |
container-registry.exemption.list |
Not applicable |
| Delete all exemptions. | POST /va/api/v4/exemptions/deleteAll |
container-registry.exemption.manager |
container-registry.exemption.delete |
| List the image exemptions. | GET /va/api/v4/exemptions/image/{resource} |
container-registry.exemption.list |
Not applicable |
| List the exemptions for images. | POST /va/api/v4/exemptions/images |
container-registry.exemption.list |
Not applicable |