Red Hat Summit Red Hat SummitSupportConsoleDevelopersStart a trialContact

API reference

Red Hat Advanced Cluster Security for Kubernetes 4.5

API Reference guide for Red Hat Advanced Cluster Security for Kubernetes.

Red Hat OpenShift Documentation Team

Abstract

This document describes the Red Hat Advanced Cluster Security for Kubernetes API objects and their detailed specifications.

Chapter 1. AdministrationEventService

1.1. ListAdministrationEvents

GET /v1/administration/events

ListAdministrationEvents returns the list of events after filtered by requested fields.

1.1.1. Description

1.1.2. Parameters

1.1.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

pagination.limit

 

-

null

 

pagination.offset

 

-

null

 

pagination.sortOption.field

 

-

null

 

pagination.sortOption.reversed

 

-

null

 

pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

pagination.sortOption.aggregateBy.distinct

 

-

null

 

filter.from

Matches events with last_occurred_at after a specific timestamp, i.e. the lower boundary.

-

null

 

filter.until

Matches events with last_occurred_at before a specific timestamp, i.e. the upper boundary.

-

null

 

filter.domain

Matches events from a specific domain. String

-

null

 

filter.resourceType

Matches events associated with a specific resource type. String

-

null

 

filter.type

Matches events based on their type. String

-

null

 

filter.level

Matches events based on their level. String

-

null

 

1.1.3. Return Type

V1ListAdministrationEventsResponse

1.1.4. Content Type

  • application/json

1.1.5. Responses

Table 1.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ListAdministrationEventsResponse

0

An unexpected error response.

RuntimeError

1.1.6. Samples

1.1.7. Common object reference

1.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

1.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

1.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
1.1.7.3. V1AdministrationEvent

AdministrationEvents are administrative events emitted by Central. They are used to create transparency for users for asynchronous, background tasks. Events are part of Central’s system health view.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

UUID of the event.

 

type

  

V1AdministrationEventType

 

ADMINISTRATION_EVENT_TYPE_UNKNOWN, ADMINISTRATION_EVENT_TYPE_GENERIC, ADMINISTRATION_EVENT_TYPE_LOG_MESSAGE,

level

  

V1AdministrationEventLevel

 

ADMINISTRATION_EVENT_LEVEL_UNKNOWN, ADMINISTRATION_EVENT_LEVEL_INFO, ADMINISTRATION_EVENT_LEVEL_SUCCESS, ADMINISTRATION_EVENT_LEVEL_WARNING, ADMINISTRATION_EVENT_LEVEL_ERROR,

message

  

String

Message associated with the event. The message may include detailed information for this particular event.

 

hint

  

String

Hint associated with the event. The hint may include different information based on the type of event. It can include instructions to resolve an event, or informational hints.

 

domain

  

String

Domain associated with the event. An event’s domain outlines the feature domain where the event was created from. As an example, this might be \"Image Scanning\". In case of events that cannot be tied to a specific domain, this will be \"General\".

 

resource

  

V1AdministrationEventResource

  

numOccurrences

  

String

Occurrences associated with the event. When events may occur multiple times, the occurrences track the amount.

int64

lastOccurredAt

  

Date

Specifies the time when the event has last occurred.

date-time

createdAt

  

Date

Specifies the time when the event has been created.

date-time

1.1.7.4. V1AdministrationEventLevel

AdministrationEventLevel exposes the different levels of events.

Enum Values

ADMINISTRATION_EVENT_LEVEL_UNKNOWN

ADMINISTRATION_EVENT_LEVEL_INFO

ADMINISTRATION_EVENT_LEVEL_SUCCESS

ADMINISTRATION_EVENT_LEVEL_WARNING

ADMINISTRATION_EVENT_LEVEL_ERROR

1.1.7.5. V1AdministrationEventResource

Resource holds all information about the resource associated with the event.

Field NameRequiredNullableTypeDescriptionFormat

type

  

String

Resource type associated with the event. An event may refer to an underlying resource such as a particular image. In that case, the resource type will be filled here.

 

id

  

String

Resource ID associated with the event. If an event refers to an underlying resource, the resource ID identifies the underlying resource. The resource ID is not guaranteed to be set, depending on the context of the administration event.

 

name

  

String

Resource name associated with the event. If an event refers to an underlying resource, the resource name identifies the underlying resource. The resource name is not guaranteed to be set, depending on the context of the administration event.

 
1.1.7.6. V1AdministrationEventType

AdministrationEventType exposes the different types of events.

Enum Values

ADMINISTRATION_EVENT_TYPE_UNKNOWN

ADMINISTRATION_EVENT_TYPE_GENERIC

ADMINISTRATION_EVENT_TYPE_LOG_MESSAGE

1.1.7.7. V1ListAdministrationEventsResponse
Field NameRequiredNullableTypeDescriptionFormat

events

  

List of V1AdministrationEvent

  

1.2. GetAdministrationEvent

GET /v1/administration/events/{id}

GetAdministrationEvent retrieves an event by ID.

1.2.1. Description

1.2.2. Parameters

1.2.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

1.2.3. Return Type

V1GetAdministrationEventResponse

1.2.4. Content Type

  • application/json

1.2.5. Responses

Table 1.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetAdministrationEventResponse

0

An unexpected error response.

RuntimeError

1.2.6. Samples

1.2.7. Common object reference

1.2.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

1.2.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

1.2.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
1.2.7.3. V1AdministrationEvent

AdministrationEvents are administrative events emitted by Central. They are used to create transparency for users for asynchronous, background tasks. Events are part of Central’s system health view.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

UUID of the event.

 

type

  

V1AdministrationEventType

 

ADMINISTRATION_EVENT_TYPE_UNKNOWN, ADMINISTRATION_EVENT_TYPE_GENERIC, ADMINISTRATION_EVENT_TYPE_LOG_MESSAGE,

level

  

V1AdministrationEventLevel

 

ADMINISTRATION_EVENT_LEVEL_UNKNOWN, ADMINISTRATION_EVENT_LEVEL_INFO, ADMINISTRATION_EVENT_LEVEL_SUCCESS, ADMINISTRATION_EVENT_LEVEL_WARNING, ADMINISTRATION_EVENT_LEVEL_ERROR,

message

  

String

Message associated with the event. The message may include detailed information for this particular event.

 

hint

  

String

Hint associated with the event. The hint may include different information based on the type of event. It can include instructions to resolve an event, or informational hints.

 

domain

  

String

Domain associated with the event. An event’s domain outlines the feature domain where the event was created from. As an example, this might be \"Image Scanning\". In case of events that cannot be tied to a specific domain, this will be \"General\".

 

resource

  

V1AdministrationEventResource

  

numOccurrences

  

String

Occurrences associated with the event. When events may occur multiple times, the occurrences track the amount.

int64

lastOccurredAt

  

Date

Specifies the time when the event has last occurred.

date-time

createdAt

  

Date

Specifies the time when the event has been created.

date-time

1.2.7.4. V1AdministrationEventLevel

AdministrationEventLevel exposes the different levels of events.

Enum Values

ADMINISTRATION_EVENT_LEVEL_UNKNOWN

ADMINISTRATION_EVENT_LEVEL_INFO

ADMINISTRATION_EVENT_LEVEL_SUCCESS

ADMINISTRATION_EVENT_LEVEL_WARNING

ADMINISTRATION_EVENT_LEVEL_ERROR

1.2.7.5. V1AdministrationEventResource

Resource holds all information about the resource associated with the event.

Field NameRequiredNullableTypeDescriptionFormat

type

  

String

Resource type associated with the event. An event may refer to an underlying resource such as a particular image. In that case, the resource type will be filled here.

 

id

  

String

Resource ID associated with the event. If an event refers to an underlying resource, the resource ID identifies the underlying resource. The resource ID is not guaranteed to be set, depending on the context of the administration event.

 

name

  

String

Resource name associated with the event. If an event refers to an underlying resource, the resource name identifies the underlying resource. The resource name is not guaranteed to be set, depending on the context of the administration event.

 
1.2.7.6. V1AdministrationEventType

AdministrationEventType exposes the different types of events.

Enum Values

ADMINISTRATION_EVENT_TYPE_UNKNOWN

ADMINISTRATION_EVENT_TYPE_GENERIC

ADMINISTRATION_EVENT_TYPE_LOG_MESSAGE

1.2.7.7. V1GetAdministrationEventResponse
Field NameRequiredNullableTypeDescriptionFormat

event

  

V1AdministrationEvent

  

1.3. CountAdministrationEvents

GET /v1/count/administration/events

CountAdministrationEvents returns the number of events after filtering by requested fields.

1.3.1. Description

1.3.2. Parameters

1.3.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

filter.from

Matches events with last_occurred_at after a specific timestamp, i.e. the lower boundary.

-

null

 

filter.until

Matches events with last_occurred_at before a specific timestamp, i.e. the upper boundary.

-

null

 

filter.domain

Matches events from a specific domain. String

-

null

 

filter.resourceType

Matches events associated with a specific resource type. String

-

null

 

filter.type

Matches events based on their type. String

-

null

 

filter.level

Matches events based on their level. String

-

null

 

1.3.3. Return Type

V1CountAdministrationEventsResponse

1.3.4. Content Type

  • application/json

1.3.5. Responses

Table 1.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1CountAdministrationEventsResponse

0

An unexpected error response.

RuntimeError

1.3.6. Samples

1.3.7. Common object reference

1.3.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

1.3.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

1.3.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
1.3.7.3. V1CountAdministrationEventsResponse
Field NameRequiredNullableTypeDescriptionFormat

count

  

Integer

The total number of events after filtering and deduplication.

int32

Chapter 2. AdministrationUsageService

2.1. GetCurrentSecuredUnitsUsage

GET /v1/administration/usage/secured-units/current

GetCurrentSecuredUnitsUsage returns the current secured units usage metrics values.

2.1.1. Description

The secured units metrics are collected from all connected clusters every 5 minutes, so the returned result includes data for the connected clusters accurate to about these 5 minutes, and potentially some outdated data for the disconnected clusters.

2.1.2. Parameters

2.1.3. Return Type

V1SecuredUnitsUsageResponse

2.1.4. Content Type

  • application/json

2.1.5. Responses

Table 2.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1SecuredUnitsUsageResponse

0

An unexpected error response.

RuntimeError

2.1.6. Samples

2.1.7. Common object reference

2.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

2.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

2.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
2.1.7.3. V1SecuredUnitsUsageResponse

SecuredUnitsUsageResponse holds the values of the currently observable administration usage metrics.

Field NameRequiredNullableTypeDescriptionFormat

numNodes

  

String

 

int64

numCpuUnits

  

String

 

int64

2.2. GetMaxSecuredUnitsUsage

GET /v1/administration/usage/secured-units/max

GetMaxSecuredUnitsUsage returns the maximum, i.e. peak, secured units usage observed during a given time range, together with the time when this maximum was aggregated and stored.

2.2.1. Description

The usage metrics are continuously collected from all the connected clusters. The maximum values are kept for some period of time in memory, and then, periodically, are stored to the database. The last data from disconnected clusters are taken into account.

2.2.2. Parameters

2.2.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

from

 

-

null

 

to

 

-

null

 

2.2.3. Return Type

V1MaxSecuredUnitsUsageResponse

2.2.4. Content Type

  • application/json

2.2.5. Responses

Table 2.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1MaxSecuredUnitsUsageResponse

0

An unexpected error response.

RuntimeError

2.2.6. Samples

2.2.7. Common object reference

2.2.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

2.2.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

2.2.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
2.2.7.3. V1MaxSecuredUnitsUsageResponse

MaxSecuredUnitsUsageResponse holds the maximum values of the secured nodes and CPU Units (as reported by Kubernetes) with the time at which these values were aggregated, with the aggregation period accuracy (1h).

Field NameRequiredNullableTypeDescriptionFormat

maxNodesAt

  

Date

 

date-time

maxNodes

  

String

 

int64

maxCpuUnitsAt

  

Date

 

date-time

maxCpuUnits

  

String

 

int64

Chapter 3. AlertService

3.1. CountAlerts

GET /v1/alertscount

CountAlerts counts how many alerts match the get request.

3.1.1. Description

3.1.2. Parameters

3.1.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

query

 

-

null

 

pagination.limit

 

-

null

 

pagination.offset

 

-

null

 

pagination.sortOption.field

 

-

null

 

pagination.sortOption.reversed

 

-

null

 

pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

pagination.sortOption.aggregateBy.distinct

 

-

null

 

3.1.3. Return Type

V1CountAlertsResponse

3.1.4. Content Type

  • application/json

3.1.5. Responses

Table 3.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1CountAlertsResponse

0

An unexpected error response.

RuntimeError

3.1.6. Samples

3.1.7. Common object reference

3.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

3.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

3.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
3.1.7.3. V1CountAlertsResponse
Field NameRequiredNullableTypeDescriptionFormat

count

  

Integer

 

int32

3.2. DeleteAlerts

DELETE /v1/alerts

3.2.1. Description

3.2.2. Parameters

3.2.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

query.query

 

-

null

 

query.pagination.limit

 

-

null

 

query.pagination.offset

 

-

null

 

query.pagination.sortOption.field

 

-

null

 

query.pagination.sortOption.reversed

 

-

null

 

query.pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

query.pagination.sortOption.aggregateBy.distinct

 

-

null

 

confirm

 

-

null

 

3.2.3. Return Type

V1DeleteAlertsResponse

3.2.4. Content Type

  • application/json

3.2.5. Responses

Table 3.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1DeleteAlertsResponse

0

An unexpected error response.

RuntimeError

3.2.6. Samples

3.2.7. Common object reference

3.2.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

3.2.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

3.2.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
3.2.7.3. V1DeleteAlertsResponse
Field NameRequiredNullableTypeDescriptionFormat

numDeleted

  

Long

 

int64

dryRun

  

Boolean

  

3.3. ListAlerts

GET /v1/alerts

List returns the slim list version of the alerts.

3.3.1. Description

3.3.2. Parameters

3.3.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

query

 

-

null

 

pagination.limit

 

-

null

 

pagination.offset

 

-

null

 

pagination.sortOption.field

 

-

null

 

pagination.sortOption.reversed

 

-

null

 

pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

pagination.sortOption.aggregateBy.distinct

 

-

null

 

3.3.3. Return Type

V1ListAlertsResponse

3.3.4. Content Type

  • application/json

3.3.5. Responses

Table 3.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ListAlertsResponse

0

An unexpected error response.

RuntimeError

3.3.6. Samples

3.3.7. Common object reference

3.3.7.1. ListAlertCommonEntityInfo

Fields common to all entities that an alert might belong to.

Field NameRequiredNullableTypeDescriptionFormat

clusterName

  

String

  

namespace

  

String

  

clusterId

  

String

  

namespaceId

  

String

  

resourceType

  

StorageListAlertResourceType

 

DEPLOYMENT, SECRETS, CONFIGMAPS, CLUSTER_ROLES, CLUSTER_ROLE_BINDINGS, NETWORK_POLICIES, SECURITY_CONTEXT_CONSTRAINTS, EGRESS_FIREWALLS,

3.3.7.2. ListAlertPolicyDevFields
Field NameRequiredNullableTypeDescriptionFormat

SORTName

  

String

  
3.3.7.3. ListAlertResourceEntity
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  
3.3.7.4. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

3.3.7.4.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

3.3.7.5. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
3.3.7.6. StorageEnforcementAction
  • FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.
  • FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.
  • FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.
Enum Values

UNSET_ENFORCEMENT

SCALE_TO_ZERO_ENFORCEMENT

UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT

KILL_POD_ENFORCEMENT

FAIL_BUILD_ENFORCEMENT

FAIL_KUBE_REQUEST_ENFORCEMENT

FAIL_DEPLOYMENT_CREATE_ENFORCEMENT

FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

3.3.7.7. StorageLifecycleStage
Enum Values

DEPLOY

BUILD

RUNTIME

3.3.7.8. StorageListAlert
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

lifecycleStage

  

StorageLifecycleStage

 

DEPLOY, BUILD, RUNTIME,

time

  

Date

 

date-time

policy

  

StorageListAlertPolicy

  

state

  

StorageViolationState

 

ACTIVE, SNOOZED, RESOLVED, ATTEMPTED,

enforcementCount

  

Integer

 

int32

enforcementAction

  

StorageEnforcementAction

 

UNSET_ENFORCEMENT, SCALE_TO_ZERO_ENFORCEMENT, UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT, KILL_POD_ENFORCEMENT, FAIL_BUILD_ENFORCEMENT, FAIL_KUBE_REQUEST_ENFORCEMENT, FAIL_DEPLOYMENT_CREATE_ENFORCEMENT, FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT,

commonEntityInfo

  

ListAlertCommonEntityInfo

  

deployment

  

StorageListAlertDeployment

  

resource

  

ListAlertResourceEntity

  
3.3.7.9. StorageListAlertDeployment
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

clusterName

  

String

This field is deprecated and can be found in CommonEntityInfo. It will be removed from here in a future release.

 

namespace

  

String

This field is deprecated and can be found in CommonEntityInfo. It will be removed from here in a future release.

 

clusterId

  

String

This field is deprecated and can be found in CommonEntityInfo. It will be removed from here in a future release.

 

inactive

  

Boolean

  

namespaceId

  

String

This field is deprecated and can be found in CommonEntityInfo. It will be removed from here in a future release.

 
3.3.7.10. StorageListAlertPolicy
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

severity

  

StorageSeverity

 

UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,

description

  

String

  

categories

  

List of string

  

developerInternalFields

  

ListAlertPolicyDevFields

  
3.3.7.11. StorageListAlertResourceType
A special ListAlert-only enumeration of all resource types. Unlike Alert.Resource.ResourceType this also includes deployment as a type This must be kept in sync with Alert.Resource.ResourceType (excluding the deployment value)
Enum Values

DEPLOYMENT

SECRETS

CONFIGMAPS

CLUSTER_ROLES

CLUSTER_ROLE_BINDINGS

NETWORK_POLICIES

SECURITY_CONTEXT_CONSTRAINTS

EGRESS_FIREWALLS

3.3.7.12. StorageSeverity
Enum Values

UNSET_SEVERITY

LOW_SEVERITY

MEDIUM_SEVERITY

HIGH_SEVERITY

CRITICAL_SEVERITY

3.3.7.13. StorageViolationState
Enum Values

ACTIVE

SNOOZED

RESOLVED

ATTEMPTED

3.3.7.14. V1ListAlertsResponse
Field NameRequiredNullableTypeDescriptionFormat

alerts

  

List of StorageListAlert

  

3.4. GetAlert

GET /v1/alerts/{id}

GetAlert returns the alert given its id.

3.4.1. Description

3.4.2. Parameters

3.4.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

3.4.3. Return Type

StorageAlert

3.4.4. Content Type

  • application/json

3.4.5. Responses

Table 3.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

StorageAlert

0

An unexpected error response.

RuntimeError

3.4.6. Samples

3.4.7. Common object reference

3.4.7.1. AlertDeploymentContainer
Field NameRequiredNullableTypeDescriptionFormat

image

  

StorageContainerImage

  

name

  

String

  
3.4.7.2. AlertEnforcement
Field NameRequiredNullableTypeDescriptionFormat

action

  

StorageEnforcementAction

 

UNSET_ENFORCEMENT, SCALE_TO_ZERO_ENFORCEMENT, UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT, KILL_POD_ENFORCEMENT, FAIL_BUILD_ENFORCEMENT, FAIL_KUBE_REQUEST_ENFORCEMENT, FAIL_DEPLOYMENT_CREATE_ENFORCEMENT, FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT,

message

  

String

  
3.4.7.3. AlertProcessViolation
Field NameRequiredNullableTypeDescriptionFormat

message

  

String

  

processes

  

List of StorageProcessIndicator

  
3.4.7.4. AlertResourceResourceType
Enum Values

UNKNOWN

SECRETS

CONFIGMAPS

CLUSTER_ROLES

CLUSTER_ROLE_BINDINGS

NETWORK_POLICIES

SECURITY_CONTEXT_CONSTRAINTS

EGRESS_FIREWALLS

3.4.7.5. AlertViolation
Field NameRequiredNullableTypeDescriptionFormat

message

  

String

  

keyValueAttrs

  

ViolationKeyValueAttrs

  

networkFlowInfo

  

ViolationNetworkFlowInfo

  

type

  

AlertViolationType

 

GENERIC, K8S_EVENT, NETWORK_FLOW, NETWORK_POLICY,

time

  

Date

Indicates violation time. This field differs from top-level field 'time' which represents last time the alert occurred in case of multiple occurrences of the policy alert. As of 55.0, this field is set only for kubernetes event violations, but may not be limited to it in future.

date-time

3.4.7.6. AlertViolationType
Enum Values

GENERIC

K8S_EVENT

NETWORK_FLOW

NETWORK_POLICY

3.4.7.7. KeyValueAttrsKeyValueAttr
Field NameRequiredNullableTypeDescriptionFormat

key

  

String

  

value

  

String

  
3.4.7.8. NetworkFlowInfoEntity
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

entityType

  

StorageNetworkEntityInfoType

 

UNKNOWN_TYPE, DEPLOYMENT, INTERNET, LISTEN_ENDPOINT, EXTERNAL_SOURCE, INTERNAL_ENTITIES,

deploymentNamespace

  

String

  

deploymentType

  

String

  

port

  

Integer

 

int32

3.4.7.9. PolicyMitreAttackVectors
Field NameRequiredNullableTypeDescriptionFormat

tactic

  

String

  

techniques

  

List of string

  
3.4.7.10. ProcessSignalLineageInfo
Field NameRequiredNullableTypeDescriptionFormat

parentUid

  

Long

 

int64

parentExecFilePath

  

String

  
3.4.7.11. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

3.4.7.11.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

3.4.7.12. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
3.4.7.13. StorageAlert
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

policy

  

StoragePolicy

  

lifecycleStage

  

StorageLifecycleStage

 

DEPLOY, BUILD, RUNTIME,

clusterId

  

String

  

clusterName

  

String

  

namespace

  

String

  

namespaceId

  

String

  

deployment

  

StorageAlertDeployment

  

image

  

StorageContainerImage

  

resource

  

StorageAlertResource

  

violations

  

List of AlertViolation

For run-time phase alert, a maximum of 40 violations are retained.

 

processViolation

  

AlertProcessViolation

  

enforcement

  

AlertEnforcement

  

time

  

Date

 

date-time

firstOccurred

  

Date

 

date-time

resolvedAt

  

Date

The time at which the alert was resolved. Only set if ViolationState is RESOLVED.

date-time

state

  

StorageViolationState

 

ACTIVE, SNOOZED, RESOLVED, ATTEMPTED,

snoozeTill

  

Date

 

date-time

3.4.7.14. StorageAlertDeployment
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

String

  

namespace

  

String

  

namespaceId

  

String

  

labels

  

Map of string

  

clusterId

  

String

  

clusterName

  

String

  

containers

  

List of AlertDeploymentContainer

  

annotations

  

Map of string

  

inactive

  

Boolean

  
3.4.7.15. StorageAlertResource
Represents an alert on a kubernetes resource other than a deployment (configmaps, secrets, etc.)
Field NameRequiredNullableTypeDescriptionFormat

resourceType

  

AlertResourceResourceType

 

UNKNOWN, SECRETS, CONFIGMAPS, CLUSTER_ROLES, CLUSTER_ROLE_BINDINGS, NETWORK_POLICIES, SECURITY_CONTEXT_CONSTRAINTS, EGRESS_FIREWALLS,

name

  

String

  

clusterId

  

String

  

clusterName

  

String

  

namespace

  

String

  

namespaceId

  

String

  
3.4.7.16. StorageBooleanOperator
Enum Values

OR

AND

3.4.7.17. StorageContainerImage
Next tag: 12
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

StorageImageName

  

notPullable

  

Boolean

  

isClusterLocal

  

Boolean

  
3.4.7.18. StorageEnforcementAction
  • FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.
  • FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.
  • FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.
Enum Values

UNSET_ENFORCEMENT

SCALE_TO_ZERO_ENFORCEMENT

UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT

KILL_POD_ENFORCEMENT

FAIL_BUILD_ENFORCEMENT

FAIL_KUBE_REQUEST_ENFORCEMENT

FAIL_DEPLOYMENT_CREATE_ENFORCEMENT

FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

3.4.7.19. StorageEventSource
Enum Values

NOT_APPLICABLE

DEPLOYMENT_EVENT

AUDIT_LOG_EVENT

3.4.7.20. StorageExclusion
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

deployment

  

StorageExclusionDeployment

  

image

  

StorageExclusionImage

  

expiration

  

Date

 

date-time

3.4.7.21. StorageExclusionDeployment
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

scope

  

StorageScope

  
3.4.7.22. StorageExclusionImage
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  
3.4.7.23. StorageImageName
Field NameRequiredNullableTypeDescriptionFormat

registry

  

String

  

remote

  

String

  

tag

  

String

  

fullName

  

String

  
3.4.7.24. StorageL4Protocol
Enum Values

L4_PROTOCOL_UNKNOWN

L4_PROTOCOL_TCP

L4_PROTOCOL_UDP

L4_PROTOCOL_ICMP

L4_PROTOCOL_RAW

L4_PROTOCOL_SCTP

L4_PROTOCOL_ANY

3.4.7.25. StorageLifecycleStage
Enum Values

DEPLOY

BUILD

RUNTIME

3.4.7.26. StorageNetworkEntityInfoType
  • INTERNAL_ENTITIES: INTERNAL_ENTITIES is for grouping all internal entities under a single network graph node
Enum Values

UNKNOWN_TYPE

DEPLOYMENT

INTERNET

LISTEN_ENDPOINT

EXTERNAL_SOURCE

INTERNAL_ENTITIES

3.4.7.27. StoragePolicy
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

description

  

String

  

rationale

  

String

  

remediation

  

String

  

disabled

  

Boolean

  

categories

  

List of string

  

lifecycleStages

  

List of StorageLifecycleStage

  

eventSource

  

StorageEventSource

 

NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,

exclusions

  

List of StorageExclusion

  

scope

  

List of StorageScope

  

severity

  

StorageSeverity

 

UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,

enforcementActions

  

List of StorageEnforcementAction

FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates/updates. FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

 

notifiers

  

List of string

  

lastUpdated

  

Date

 

date-time

SORTName

  

String

For internal use only.

 

SORTLifecycleStage

  

String

For internal use only.

 

SORTEnforcement

  

Boolean

For internal use only.

 

policyVersion

  

String

  

policySections

  

List of StoragePolicySection

  

mitreAttackVectors

  

List of PolicyMitreAttackVectors

  

criteriaLocked

  

Boolean

Read-only field. If true, the policy’s criteria fields are rendered read-only.

 

mitreVectorsLocked

  

Boolean

Read-only field. If true, the policy’s MITRE ATT&CK fields are rendered read-only.

 

isDefault

  

Boolean

Read-only field. Indicates the policy is a default policy if true and a custom policy if false.

 
3.4.7.28. StoragePolicyGroup
Field NameRequiredNullableTypeDescriptionFormat

fieldName

  

String

  

booleanOperator

  

StorageBooleanOperator

 

OR, AND,

negate

  

Boolean

  

values

  

List of StoragePolicyValue

  
3.4.7.29. StoragePolicySection
Field NameRequiredNullableTypeDescriptionFormat

sectionName

  

String

  

policyGroups

  

List of StoragePolicyGroup

  
3.4.7.30. StoragePolicyValue
Field NameRequiredNullableTypeDescriptionFormat

value

  

String

  
3.4.7.31. StorageProcessIndicator
Next available tag: 13
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

deploymentId

  

String

  

containerName

  

String

  

podId

  

String

  

podUid

  

String

  

signal

  

StorageProcessSignal

  

clusterId

  

String

  

namespace

  

String

  

containerStartTime

  

Date

 

date-time

imageId

  

String

  
3.4.7.32. StorageProcessSignal
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

A unique UUID for identifying the message We have this here instead of at the top level because we want to have each message to be self contained.

 

containerId

  

String

  

time

  

Date

 

date-time

name

  

String

  

args

  

String

  

execFilePath

  

String

  

pid

  

Long

 

int64

uid

  

Long

 

int64

gid

  

Long

 

int64

lineage

  

List of string

  

scraped

  

Boolean

  

lineageInfo

  

List of ProcessSignalLineageInfo

  
3.4.7.33. StorageScope
Field NameRequiredNullableTypeDescriptionFormat

cluster

  

String

  

namespace

  

String

  

label

  

StorageScopeLabel

  
3.4.7.34. StorageScopeLabel
Field NameRequiredNullableTypeDescriptionFormat

key

  

String

  

value

  

String

  
3.4.7.35. StorageSeverity
Enum Values

UNSET_SEVERITY

LOW_SEVERITY

MEDIUM_SEVERITY

HIGH_SEVERITY

CRITICAL_SEVERITY

3.4.7.36. StorageViolationState
Enum Values

ACTIVE

SNOOZED

RESOLVED

ATTEMPTED

3.4.7.37. ViolationKeyValueAttrs
Field NameRequiredNullableTypeDescriptionFormat

attrs

  

List of KeyValueAttrsKeyValueAttr

  
3.4.7.38. ViolationNetworkFlowInfo
Field NameRequiredNullableTypeDescriptionFormat

protocol

  

StorageL4Protocol

 

L4_PROTOCOL_UNKNOWN, L4_PROTOCOL_TCP, L4_PROTOCOL_UDP, L4_PROTOCOL_ICMP, L4_PROTOCOL_RAW, L4_PROTOCOL_SCTP, L4_PROTOCOL_ANY,

source

  

NetworkFlowInfoEntity

  

destination

  

NetworkFlowInfoEntity

  

3.5. ResolveAlert

PATCH /v1/alerts/{id}/resolve

ResolveAlert marks the given alert (by ID) as resolved.

3.5.1. Description

3.5.2. Parameters

3.5.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 
3.5.2.2. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1ResolveAlertRequest

X

  

3.5.3. Return Type

Object

3.5.4. Content Type

  • application/json

3.5.5. Responses

Table 3.5. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

3.5.6. Samples

3.5.7. Common object reference

3.5.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

3.5.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

3.5.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
3.5.7.3. V1ResolveAlertRequest
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

whitelist

  

Boolean

  

addToBaseline

  

Boolean

  

3.6. SnoozeAlert

PATCH /v1/alerts/{id}/snooze

SnoozeAlert is deprecated.

3.6.1. Description

3.6.2. Parameters

3.6.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 
3.6.2.2. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1SnoozeAlertRequest

X

  

3.6.3. Return Type

Object

3.6.4. Content Type

  • application/json

3.6.5. Responses

Table 3.6. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

3.6.6. Samples

3.6.7. Common object reference

3.6.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

3.6.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

3.6.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
3.6.7.3. V1SnoozeAlertRequest
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

snoozeTill

  

Date

 

date-time

3.7. ResolveAlerts

PATCH /v1/alerts/resolve

ResolveAlertsByQuery marks alerts matching search query as resolved.

3.7.1. Description

3.7.2. Parameters

3.7.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1ResolveAlertsRequest

X

  

3.7.3. Return Type

Object

3.7.4. Content Type

  • application/json

3.7.5. Responses

Table 3.7. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

3.7.6. Samples

3.7.7. Common object reference

3.7.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

3.7.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

3.7.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
3.7.7.3. V1ResolveAlertsRequest
Field NameRequiredNullableTypeDescriptionFormat

query

  

String

  

3.8. GetAlertsCounts

GET /v1/alerts/summary/counts

GetAlertsCounts returns the number of alerts in the requested cluster or category.

3.8.1. Description

3.8.2. Parameters

3.8.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

request.query

 

-

null

 

request.pagination.limit

 

-

null

 

request.pagination.offset

 

-

null

 

request.pagination.sortOption.field

 

-

null

 

request.pagination.sortOption.reversed

 

-

null

 

request.pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

request.pagination.sortOption.aggregateBy.distinct

 

-

null

 

groupBy

 

-

UNSET

 

3.8.3. Return Type

V1GetAlertsCountsResponse

3.8.4. Content Type

  • application/json

3.8.5. Responses

Table 3.8. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetAlertsCountsResponse

0

An unexpected error response.

RuntimeError

3.8.6. Samples

3.8.7. Common object reference

3.8.7.1. AlertGroupAlertCounts
Field NameRequiredNullableTypeDescriptionFormat

severity

  

StorageSeverity

 

UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,

count

  

String

 

int64

3.8.7.2. GetAlertsCountsResponseAlertGroup
Field NameRequiredNullableTypeDescriptionFormat

group

  

String

  

counts

  

List of AlertGroupAlertCounts

  
3.8.7.3. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

3.8.7.3.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

3.8.7.4. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
3.8.7.5. StorageSeverity
Enum Values

UNSET_SEVERITY

LOW_SEVERITY

MEDIUM_SEVERITY

HIGH_SEVERITY

CRITICAL_SEVERITY

3.8.7.6. V1GetAlertsCountsResponse
Field NameRequiredNullableTypeDescriptionFormat

groups

  

List of GetAlertsCountsResponseAlertGroup

  

3.9. GetAlertsGroup

GET /v1/alerts/summary/groups

GetAlertsGroup returns alerts grouped by policy.

3.9.1. Description

3.9.2. Parameters

3.9.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

query

 

-

null

 

pagination.limit

 

-

null

 

pagination.offset

 

-

null

 

pagination.sortOption.field

 

-

null

 

pagination.sortOption.reversed

 

-

null

 

pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

pagination.sortOption.aggregateBy.distinct

 

-

null

 

3.9.3. Return Type

V1GetAlertsGroupResponse

3.9.4. Content Type

  • application/json

3.9.5. Responses

Table 3.9. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetAlertsGroupResponse

0

An unexpected error response.

RuntimeError

3.9.6. Samples

3.9.7. Common object reference

3.9.7.1. ListAlertPolicyDevFields
Field NameRequiredNullableTypeDescriptionFormat

SORTName

  

String

  
3.9.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

3.9.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

3.9.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
3.9.7.4. StorageListAlertPolicy
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

severity

  

StorageSeverity

 

UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,

description

  

String

  

categories

  

List of string

  

developerInternalFields

  

ListAlertPolicyDevFields

  
3.9.7.5. StorageSeverity
Enum Values

UNSET_SEVERITY

LOW_SEVERITY

MEDIUM_SEVERITY

HIGH_SEVERITY

CRITICAL_SEVERITY

3.9.7.6. V1GetAlertsGroupResponse
Field NameRequiredNullableTypeDescriptionFormat

alertsByPolicies

  

List of V1GetAlertsGroupResponsePolicyGroup

  
3.9.7.7. V1GetAlertsGroupResponsePolicyGroup
Field NameRequiredNullableTypeDescriptionFormat

policy

  

StorageListAlertPolicy

  

numAlerts

  

String

 

int64

3.10. GetAlertTimeseries

GET /v1/alerts/summary/timeseries

GetAlertTimeseries returns the alerts sorted by time.

3.10.1. Description

3.10.2. Parameters

3.10.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

query

 

-

null

 

pagination.limit

 

-

null

 

pagination.offset

 

-

null

 

pagination.sortOption.field

 

-

null

 

pagination.sortOption.reversed

 

-

null

 

pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

pagination.sortOption.aggregateBy.distinct

 

-

null

 

3.10.3. Return Type

V1GetAlertTimeseriesResponse

3.10.4. Content Type

  • application/json

3.10.5. Responses

Table 3.10. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetAlertTimeseriesResponse

0

An unexpected error response.

RuntimeError

3.10.6. Samples

3.10.7. Common object reference

3.10.7.1. ClusterAlertsAlertEvents
Field NameRequiredNullableTypeDescriptionFormat

severity

  

StorageSeverity

 

UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,

events

  

List of V1AlertEvent

  
3.10.7.2. GetAlertTimeseriesResponseClusterAlerts
Field NameRequiredNullableTypeDescriptionFormat

cluster

  

String

  

severities

  

List of ClusterAlertsAlertEvents

  
3.10.7.3. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

3.10.7.3.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

3.10.7.4. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
3.10.7.5. StorageSeverity
Enum Values

UNSET_SEVERITY

LOW_SEVERITY

MEDIUM_SEVERITY

HIGH_SEVERITY

CRITICAL_SEVERITY

3.10.7.6. V1AlertEvent
Field NameRequiredNullableTypeDescriptionFormat

time

  

String

 

int64

type

  

V1Type

 

CREATED, REMOVED,

id

  

String

  
3.10.7.7. V1GetAlertTimeseriesResponse
Field NameRequiredNullableTypeDescriptionFormat

clusters

  

List of GetAlertTimeseriesResponseClusterAlerts

  
3.10.7.8. V1Type
Enum Values

CREATED

REMOVED

Chapter 4. APITokenService

4.1. ListAllowedTokenRoles

GET /v1/apitokens/generate/allowed-roles

GetAllowedTokenRoles return roles that user is allowed to request for API token.

4.1.1. Description

4.1.2. Parameters

4.1.3. Return Type

V1ListAllowedTokenRolesResponse

4.1.4. Content Type

  • application/json

4.1.5. Responses

Table 4.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ListAllowedTokenRolesResponse

0

An unexpected error response.

RuntimeError

4.1.6. Samples

4.1.7. Common object reference

4.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

4.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

4.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
4.1.7.3. V1ListAllowedTokenRolesResponse
Field NameRequiredNullableTypeDescriptionFormat

roleNames

  

List of string

  

4.2. GenerateToken

POST /v1/apitokens/generate

GenerateToken generates API token for a given user and role.

4.2.1. Description

4.2.2. Parameters

4.2.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1GenerateTokenRequest

X

  

4.2.3. Return Type

V1GenerateTokenResponse

4.2.4. Content Type

  • application/json

4.2.5. Responses

Table 4.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GenerateTokenResponse

0

An unexpected error response.

RuntimeError

4.2.6. Samples

4.2.7. Common object reference

4.2.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

4.2.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

4.2.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
4.2.7.3. StorageTokenMetadata
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

roles

  

List of string

  

issuedAt

  

Date

 

date-time

expiration

  

Date

 

date-time

revoked

  

Boolean

  

role

  

String

  
4.2.7.4. V1GenerateTokenRequest
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

role

  

String

  

roles

  

List of string

  

expiration

  

Date

 

date-time

4.2.7.5. V1GenerateTokenResponse
Field NameRequiredNullableTypeDescriptionFormat

token

  

String

  

metadata

  

StorageTokenMetadata

  

4.3. GetAPITokens

GET /v1/apitokens

GetAPITokens returns all the API tokens.

4.3.1. Description

4.3.2. Parameters

4.3.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

revoked

 

-

null

 

4.3.3. Return Type

V1GetAPITokensResponse

4.3.4. Content Type

  • application/json

4.3.5. Responses

Table 4.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetAPITokensResponse

0

An unexpected error response.

RuntimeError

4.3.6. Samples

4.3.7. Common object reference

4.3.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

4.3.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

4.3.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
4.3.7.3. StorageTokenMetadata
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

roles

  

List of string

  

issuedAt

  

Date

 

date-time

expiration

  

Date

 

date-time

revoked

  

Boolean

  

role

  

String

  
4.3.7.4. V1GetAPITokensResponse
Field NameRequiredNullableTypeDescriptionFormat

tokens

  

List of StorageTokenMetadata

  

4.4. GetAPIToken

GET /v1/apitokens/{id}

GetAPIToken returns API token metadata for a given id.

4.4.1. Description

4.4.2. Parameters

4.4.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

4.4.3. Return Type

StorageTokenMetadata

4.4.4. Content Type

  • application/json

4.4.5. Responses

Table 4.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

StorageTokenMetadata

0

An unexpected error response.

RuntimeError

4.4.6. Samples

4.4.7. Common object reference

4.4.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

4.4.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

4.4.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
4.4.7.3. StorageTokenMetadata
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

roles

  

List of string

  

issuedAt

  

Date

 

date-time

expiration

  

Date

 

date-time

revoked

  

Boolean

  

role

  

String

  

4.5. RevokeToken

PATCH /v1/apitokens/revoke/{id}

RevokeToken removes the API token for a given id.

4.5.1. Description

4.5.2. Parameters

4.5.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

4.5.3. Return Type

Object

4.5.4. Content Type

  • application/json

4.5.5. Responses

Table 4.5. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

4.5.6. Samples

4.5.7. Common object reference

4.5.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

4.5.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

4.5.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

Chapter 5. AuthProviderService

5.1. ExchangeToken

POST /v1/authProviders/exchangeToken

5.1.1. Description

5.1.2. Parameters

5.1.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1ExchangeTokenRequest

X

  

5.1.3. Return Type

V1ExchangeTokenResponse

5.1.4. Content Type

  • application/json

5.1.5. Responses

Table 5.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ExchangeTokenResponse

0

An unexpected error response.

RuntimeError

5.1.6. Samples

5.1.7. Common object reference

5.1.7.1. AuthProviderRequiredAttribute

RequiredAttribute allows to specify a set of attributes which ALL are required to be returned by the auth provider. If any attribute is missing within the external claims of the token issued by Central, the authentication request to this IdP is considered failed.

Field NameRequiredNullableTypeDescriptionFormat

attributeKey

  

String

  

attributeValue

  

String

  
5.1.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

5.1.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

5.1.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
5.1.7.4. StorageAccess
Enum Values

NO_ACCESS

READ_ACCESS

READ_WRITE_ACCESS

5.1.7.5. StorageAuthProvider

Next Tag: 15.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

String

  

uiEndpoint

  

String

  

enabled

  

Boolean

  

config

  

Map of string

Config holds auth provider specific configuration. Each configuration options are different based on the given auth provider type. OIDC: - \"issuer\": the OIDC issuer according to https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier. - \"client_id\": the client ID according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.2. - \"client_secret\": the client secret according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.3.1. - \"do_not_use_client_secret\": set to \"true\" if you want to create a configuration with only a client ID and no client secret. - \"mode\": the OIDC callback mode, choosing from \"fragment\", \"post\", or \"query\". - \"disable_offline_access_scope\": set to \"true\" if no offline tokens shall be issued. - \"extra_scopes\": a space-delimited string of additional scopes to request in addition to \"openid profile email\" according to https://www.rfc-editor.org/rfc/rfc6749.html#section-3.3. OpenShift Auth: supports no extra configuration options. User PKI: - \"keys\": the trusted certificates PEM encoded. SAML: - \"sp_issuer\": the service provider issuer according to https://datatracker.ietf.org/doc/html/rfc7522#section-3. - \"idp_metadata_url\": the metadata URL according to https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf. - \"idp_issuer\": the IdP issuer. - \"idp_cert_pem\": the cert PEM encoded for the IdP endpoint. - \"idp_sso_url\": the IdP SSO URL. - \"idp_nameid_format\": the IdP name ID format. IAP: - \"audience\": the audience to use.

 

loginUrl

  

String

The login URL will be provided by the backend, and may not be specified in a request.

 

validated

  

Boolean

  

extraUiEndpoints

  

List of string

UI endpoints which to allow in addition to ui_endpoint. I.e., if a login request is coming from any of these, the auth request will use these for the callback URL, not ui_endpoint.

 

active

  

Boolean

  

requiredAttributes

  

List of AuthProviderRequiredAttribute

  

traits

  

StorageTraits

  

claimMappings

  

Map of string

Specifies claims from IdP token that will be copied to Rox token attributes. Each key in this map contains a path in IdP token we want to map. Path is separated by \".\" symbol. For example, if IdP token payload looks like: { \"a\": { \"b\" : \"c\", \"d\": true, \"e\": [ \"val1\", \"val2\", \"val3\" ], \"f\": [ true, false, false ], \"g\": 123.0, \"h\": [ 1, 2, 3] } } then \"a.b\" would be a valid key and \"a.z\" is not. We support the following types of claims: * string(path \"a.b\") * bool(path \"a.d\") * string array(path \"a.e\") * bool array (path \"a.f.\") We do NOT support the following types of claims: * complex claims(path \"a\") * float/integer claims(path \"a.g\") * float/integer array claims(path \"a.h\") Each value in this map contains a Rox token attribute name we want to add claim to. If, for example, value is \"groups\", claim would be found in \"external_user.Attributes.groups\" in token. Note: we only support this feature for OIDC auth provider.

 

lastUpdated

  

Date

Last updated indicates the last time the auth provider has been updated. In case there have been tokens issued by an auth provider before this timestamp, they will be considered invalid. Subsequently, all clients will have to re-issue their tokens (either by refreshing or by an additional login attempt).

date-time

5.1.7.6. StorageServiceIdentity
Field NameRequiredNullableTypeDescriptionFormat

serialStr

  

String

  

serial

  

String

 

int64

id

  

String

  

type

  

StorageServiceType

 

UNKNOWN_SERVICE, SENSOR_SERVICE, CENTRAL_SERVICE, CENTRAL_DB_SERVICE, REMOTE_SERVICE, COLLECTOR_SERVICE, MONITORING_UI_SERVICE, MONITORING_DB_SERVICE, MONITORING_CLIENT_SERVICE, BENCHMARK_SERVICE, SCANNER_SERVICE, SCANNER_DB_SERVICE, ADMISSION_CONTROL_SERVICE, SCANNER_V4_INDEXER_SERVICE, SCANNER_V4_MATCHER_SERVICE, SCANNER_V4_DB_SERVICE,

initBundleId

  

String

  
5.1.7.7. StorageServiceType
Next available tag: 16
Enum Values

UNKNOWN_SERVICE

SENSOR_SERVICE

CENTRAL_SERVICE

CENTRAL_DB_SERVICE

REMOTE_SERVICE

COLLECTOR_SERVICE

MONITORING_UI_SERVICE

MONITORING_DB_SERVICE

MONITORING_CLIENT_SERVICE

BENCHMARK_SERVICE

SCANNER_SERVICE

SCANNER_DB_SERVICE

ADMISSION_CONTROL_SERVICE

SCANNER_V4_INDEXER_SERVICE

SCANNER_V4_MATCHER_SERVICE

SCANNER_V4_DB_SERVICE

5.1.7.8. StorageTraits
Field NameRequiredNullableTypeDescriptionFormat

mutabilityMode

  

TraitsMutabilityMode

 

ALLOW_MUTATE, ALLOW_MUTATE_FORCED,

visibility

  

TraitsVisibility

 

VISIBLE, HIDDEN,

origin

  

TraitsOrigin

 

IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED,

5.1.7.9. StorageUserInfo
Field NameRequiredNullableTypeDescriptionFormat

username

  

String

  

friendlyName

  

String

  

permissions

  

UserInfoResourceToAccess

  

roles

  

List of StorageUserInfoRole

  
5.1.7.10. StorageUserInfoRole

Role is wire compatible with the old format of storage.Role and hence only includes role name and associated permissions.

Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

resourceToAccess

  

Map of StorageAccess

  
5.1.7.11. TraitsMutabilityMode

EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.

Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.

Enum Values

ALLOW_MUTATE

ALLOW_MUTATE_FORCED

5.1.7.12. TraitsOrigin

Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.

Enum Values

IMPERATIVE

DEFAULT

DECLARATIVE

DECLARATIVE_ORPHANED

5.1.7.13. TraitsVisibility

EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.

Enum Values

VISIBLE

HIDDEN

5.1.7.14. UserInfoResourceToAccess

ResourceToAccess represents a collection of permissions. It is wire compatible with the old format of storage.Role and replaces it in places where only aggregated permissions are required.

Field NameRequiredNullableTypeDescriptionFormat

resourceToAccess

  

Map of StorageAccess

  
5.1.7.15. V1AuthStatus
Field NameRequiredNullableTypeDescriptionFormat

userId

  

String

  

serviceId

  

StorageServiceIdentity

  

expires

  

Date

 

date-time

refreshUrl

  

String

  

authProvider

  

StorageAuthProvider

  

userInfo

  

StorageUserInfo

  

userAttributes

  

List of V1UserAttribute

  

idpToken

  

String

Token returned to ACS by the underlying identity provider. This field is set only in a few, specific contexts. Do not rely on this field being present in the response.

 
5.1.7.16. V1ExchangeTokenRequest
Field NameRequiredNullableTypeDescriptionFormat

externalToken

  

String

The external authentication token. The server will mask the value of this credential in responses and logs.

 

type

  

String

  

state

  

String

  
5.1.7.17. V1ExchangeTokenResponse
Field NameRequiredNullableTypeDescriptionFormat

token

  

String

  

clientState

  

String

  

test

  

Boolean

  

user

  

V1AuthStatus

  
5.1.7.18. V1UserAttribute
Field NameRequiredNullableTypeDescriptionFormat

key

  

String

  

values

  

List of string

  

5.2. GetAuthProviders

GET /v1/authProviders

5.2.1. Description

5.2.2. Parameters

5.2.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

name

 

-

null

 

type

 

-

null

 

5.2.3. Return Type

V1GetAuthProvidersResponse

5.2.4. Content Type

  • application/json

5.2.5. Responses

Table 5.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetAuthProvidersResponse

0

An unexpected error response.

RuntimeError

5.2.6. Samples

5.2.7. Common object reference

5.2.7.1. AuthProviderRequiredAttribute

RequiredAttribute allows to specify a set of attributes which ALL are required to be returned by the auth provider. If any attribute is missing within the external claims of the token issued by Central, the authentication request to this IdP is considered failed.

Field NameRequiredNullableTypeDescriptionFormat

attributeKey

  

String

  

attributeValue

  

String

  
5.2.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

5.2.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

5.2.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
5.2.7.4. StorageAuthProvider

Next Tag: 15.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

String

  

uiEndpoint

  

String

  

enabled

  

Boolean

  

config

  

Map of string

Config holds auth provider specific configuration. Each configuration options are different based on the given auth provider type. OIDC: - \"issuer\": the OIDC issuer according to https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier. - \"client_id\": the client ID according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.2. - \"client_secret\": the client secret according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.3.1. - \"do_not_use_client_secret\": set to \"true\" if you want to create a configuration with only a client ID and no client secret. - \"mode\": the OIDC callback mode, choosing from \"fragment\", \"post\", or \"query\". - \"disable_offline_access_scope\": set to \"true\" if no offline tokens shall be issued. - \"extra_scopes\": a space-delimited string of additional scopes to request in addition to \"openid profile email\" according to https://www.rfc-editor.org/rfc/rfc6749.html#section-3.3. OpenShift Auth: supports no extra configuration options. User PKI: - \"keys\": the trusted certificates PEM encoded. SAML: - \"sp_issuer\": the service provider issuer according to https://datatracker.ietf.org/doc/html/rfc7522#section-3. - \"idp_metadata_url\": the metadata URL according to https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf. - \"idp_issuer\": the IdP issuer. - \"idp_cert_pem\": the cert PEM encoded for the IdP endpoint. - \"idp_sso_url\": the IdP SSO URL. - \"idp_nameid_format\": the IdP name ID format. IAP: - \"audience\": the audience to use.

 

loginUrl

  

String

The login URL will be provided by the backend, and may not be specified in a request.

 

validated

  

Boolean

  

extraUiEndpoints

  

List of string

UI endpoints which to allow in addition to ui_endpoint. I.e., if a login request is coming from any of these, the auth request will use these for the callback URL, not ui_endpoint.

 

active

  

Boolean

  

requiredAttributes

  

List of AuthProviderRequiredAttribute

  

traits

  

StorageTraits

  

claimMappings

  

Map of string

Specifies claims from IdP token that will be copied to Rox token attributes. Each key in this map contains a path in IdP token we want to map. Path is separated by \".\" symbol. For example, if IdP token payload looks like: { \"a\": { \"b\" : \"c\", \"d\": true, \"e\": [ \"val1\", \"val2\", \"val3\" ], \"f\": [ true, false, false ], \"g\": 123.0, \"h\": [ 1, 2, 3] } } then \"a.b\" would be a valid key and \"a.z\" is not. We support the following types of claims: * string(path \"a.b\") * bool(path \"a.d\") * string array(path \"a.e\") * bool array (path \"a.f.\") We do NOT support the following types of claims: * complex claims(path \"a\") * float/integer claims(path \"a.g\") * float/integer array claims(path \"a.h\") Each value in this map contains a Rox token attribute name we want to add claim to. If, for example, value is \"groups\", claim would be found in \"external_user.Attributes.groups\" in token. Note: we only support this feature for OIDC auth provider.

 

lastUpdated

  

Date

Last updated indicates the last time the auth provider has been updated. In case there have been tokens issued by an auth provider before this timestamp, they will be considered invalid. Subsequently, all clients will have to re-issue their tokens (either by refreshing or by an additional login attempt).

date-time

5.2.7.5. StorageTraits
Field NameRequiredNullableTypeDescriptionFormat

mutabilityMode

  

TraitsMutabilityMode

 

ALLOW_MUTATE, ALLOW_MUTATE_FORCED,

visibility

  

TraitsVisibility

 

VISIBLE, HIDDEN,

origin

  

TraitsOrigin

 

IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED,

5.2.7.6. TraitsMutabilityMode

EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.

Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.

Enum Values

ALLOW_MUTATE

ALLOW_MUTATE_FORCED

5.2.7.7. TraitsOrigin

Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.

Enum Values

IMPERATIVE

DEFAULT

DECLARATIVE

DECLARATIVE_ORPHANED

5.2.7.8. TraitsVisibility

EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.

Enum Values

VISIBLE

HIDDEN

5.2.7.9. V1GetAuthProvidersResponse
Field NameRequiredNullableTypeDescriptionFormat

authProviders

  

List of StorageAuthProvider

  

5.3. DeleteAuthProvider

DELETE /v1/authProviders/{id}

5.3.1. Description

5.3.2. Parameters

5.3.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 
5.3.2.2. Query Parameters
NameDescriptionRequiredDefaultPattern

force

 

-

null

 

5.3.3. Return Type

Object

5.3.4. Content Type

  • application/json

5.3.5. Responses

Table 5.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

5.3.6. Samples

5.3.7. Common object reference

5.3.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

5.3.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

5.3.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

5.4. GetAuthProvider

GET /v1/authProviders/{id}

5.4.1. Description

5.4.2. Parameters

5.4.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

5.4.3. Return Type

StorageAuthProvider

5.4.4. Content Type

  • application/json

5.4.5. Responses

Table 5.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

StorageAuthProvider

0

An unexpected error response.

RuntimeError

5.4.6. Samples

5.4.7. Common object reference

5.4.7.1. AuthProviderRequiredAttribute

RequiredAttribute allows to specify a set of attributes which ALL are required to be returned by the auth provider. If any attribute is missing within the external claims of the token issued by Central, the authentication request to this IdP is considered failed.

Field NameRequiredNullableTypeDescriptionFormat

attributeKey

  

String

  

attributeValue

  

String

  
5.4.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

5.4.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

5.4.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
5.4.7.4. StorageAuthProvider

Next Tag: 15.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

String

  

uiEndpoint

  

String

  

enabled

  

Boolean

  

config

  

Map of string

Config holds auth provider specific configuration. Each configuration options are different based on the given auth provider type. OIDC: - \"issuer\": the OIDC issuer according to https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier. - \"client_id\": the client ID according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.2. - \"client_secret\": the client secret according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.3.1. - \"do_not_use_client_secret\": set to \"true\" if you want to create a configuration with only a client ID and no client secret. - \"mode\": the OIDC callback mode, choosing from \"fragment\", \"post\", or \"query\". - \"disable_offline_access_scope\": set to \"true\" if no offline tokens shall be issued. - \"extra_scopes\": a space-delimited string of additional scopes to request in addition to \"openid profile email\" according to https://www.rfc-editor.org/rfc/rfc6749.html#section-3.3. OpenShift Auth: supports no extra configuration options. User PKI: - \"keys\": the trusted certificates PEM encoded. SAML: - \"sp_issuer\": the service provider issuer according to https://datatracker.ietf.org/doc/html/rfc7522#section-3. - \"idp_metadata_url\": the metadata URL according to https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf. - \"idp_issuer\": the IdP issuer. - \"idp_cert_pem\": the cert PEM encoded for the IdP endpoint. - \"idp_sso_url\": the IdP SSO URL. - \"idp_nameid_format\": the IdP name ID format. IAP: - \"audience\": the audience to use.

 

loginUrl

  

String

The login URL will be provided by the backend, and may not be specified in a request.

 

validated

  

Boolean

  

extraUiEndpoints

  

List of string

UI endpoints which to allow in addition to ui_endpoint. I.e., if a login request is coming from any of these, the auth request will use these for the callback URL, not ui_endpoint.

 

active

  

Boolean

  

requiredAttributes

  

List of AuthProviderRequiredAttribute

  

traits

  

StorageTraits

  

claimMappings

  

Map of string

Specifies claims from IdP token that will be copied to Rox token attributes. Each key in this map contains a path in IdP token we want to map. Path is separated by \".\" symbol. For example, if IdP token payload looks like: { \"a\": { \"b\" : \"c\", \"d\": true, \"e\": [ \"val1\", \"val2\", \"val3\" ], \"f\": [ true, false, false ], \"g\": 123.0, \"h\": [ 1, 2, 3] } } then \"a.b\" would be a valid key and \"a.z\" is not. We support the following types of claims: * string(path \"a.b\") * bool(path \"a.d\") * string array(path \"a.e\") * bool array (path \"a.f.\") We do NOT support the following types of claims: * complex claims(path \"a\") * float/integer claims(path \"a.g\") * float/integer array claims(path \"a.h\") Each value in this map contains a Rox token attribute name we want to add claim to. If, for example, value is \"groups\", claim would be found in \"external_user.Attributes.groups\" in token. Note: we only support this feature for OIDC auth provider.

 

lastUpdated

  

Date

Last updated indicates the last time the auth provider has been updated. In case there have been tokens issued by an auth provider before this timestamp, they will be considered invalid. Subsequently, all clients will have to re-issue their tokens (either by refreshing or by an additional login attempt).

date-time

5.4.7.5. StorageTraits
Field NameRequiredNullableTypeDescriptionFormat

mutabilityMode

  

TraitsMutabilityMode

 

ALLOW_MUTATE, ALLOW_MUTATE_FORCED,

visibility

  

TraitsVisibility

 

VISIBLE, HIDDEN,

origin

  

TraitsOrigin

 

IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED,

5.4.7.6. TraitsMutabilityMode

EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.

Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.

Enum Values

ALLOW_MUTATE

ALLOW_MUTATE_FORCED

5.4.7.7. TraitsOrigin

Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.

Enum Values

IMPERATIVE

DEFAULT

DECLARATIVE

DECLARATIVE_ORPHANED

5.4.7.8. TraitsVisibility

EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.

Enum Values

VISIBLE

HIDDEN

5.5. UpdateAuthProvider

PATCH /v1/authProviders/{id}

5.5.1. Description

5.5.2. Parameters

5.5.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 
5.5.2.2. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1UpdateAuthProviderRequest

X

  

5.5.3. Return Type

StorageAuthProvider

5.5.4. Content Type

  • application/json

5.5.5. Responses

Table 5.5. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

StorageAuthProvider

0

An unexpected error response.

RuntimeError

5.5.6. Samples

5.5.7. Common object reference

5.5.7.1. AuthProviderRequiredAttribute

RequiredAttribute allows to specify a set of attributes which ALL are required to be returned by the auth provider. If any attribute is missing within the external claims of the token issued by Central, the authentication request to this IdP is considered failed.

Field NameRequiredNullableTypeDescriptionFormat

attributeKey

  

String

  

attributeValue

  

String

  
5.5.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

5.5.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

5.5.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
5.5.7.4. StorageAuthProvider

Next Tag: 15.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

String

  

uiEndpoint

  

String

  

enabled

  

Boolean

  

config

  

Map of string

Config holds auth provider specific configuration. Each configuration options are different based on the given auth provider type. OIDC: - \"issuer\": the OIDC issuer according to https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier. - \"client_id\": the client ID according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.2. - \"client_secret\": the client secret according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.3.1. - \"do_not_use_client_secret\": set to \"true\" if you want to create a configuration with only a client ID and no client secret. - \"mode\": the OIDC callback mode, choosing from \"fragment\", \"post\", or \"query\". - \"disable_offline_access_scope\": set to \"true\" if no offline tokens shall be issued. - \"extra_scopes\": a space-delimited string of additional scopes to request in addition to \"openid profile email\" according to https://www.rfc-editor.org/rfc/rfc6749.html#section-3.3. OpenShift Auth: supports no extra configuration options. User PKI: - \"keys\": the trusted certificates PEM encoded. SAML: - \"sp_issuer\": the service provider issuer according to https://datatracker.ietf.org/doc/html/rfc7522#section-3. - \"idp_metadata_url\": the metadata URL according to https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf. - \"idp_issuer\": the IdP issuer. - \"idp_cert_pem\": the cert PEM encoded for the IdP endpoint. - \"idp_sso_url\": the IdP SSO URL. - \"idp_nameid_format\": the IdP name ID format. IAP: - \"audience\": the audience to use.

 

loginUrl

  

String

The login URL will be provided by the backend, and may not be specified in a request.

 

validated

  

Boolean

  

extraUiEndpoints

  

List of string

UI endpoints which to allow in addition to ui_endpoint. I.e., if a login request is coming from any of these, the auth request will use these for the callback URL, not ui_endpoint.

 

active

  

Boolean

  

requiredAttributes

  

List of AuthProviderRequiredAttribute

  

traits

  

StorageTraits

  

claimMappings

  

Map of string

Specifies claims from IdP token that will be copied to Rox token attributes. Each key in this map contains a path in IdP token we want to map. Path is separated by \".\" symbol. For example, if IdP token payload looks like: { \"a\": { \"b\" : \"c\", \"d\": true, \"e\": [ \"val1\", \"val2\", \"val3\" ], \"f\": [ true, false, false ], \"g\": 123.0, \"h\": [ 1, 2, 3] } } then \"a.b\" would be a valid key and \"a.z\" is not. We support the following types of claims: * string(path \"a.b\") * bool(path \"a.d\") * string array(path \"a.e\") * bool array (path \"a.f.\") We do NOT support the following types of claims: * complex claims(path \"a\") * float/integer claims(path \"a.g\") * float/integer array claims(path \"a.h\") Each value in this map contains a Rox token attribute name we want to add claim to. If, for example, value is \"groups\", claim would be found in \"external_user.Attributes.groups\" in token. Note: we only support this feature for OIDC auth provider.

 

lastUpdated

  

Date

Last updated indicates the last time the auth provider has been updated. In case there have been tokens issued by an auth provider before this timestamp, they will be considered invalid. Subsequently, all clients will have to re-issue their tokens (either by refreshing or by an additional login attempt).

date-time

5.5.7.5. StorageTraits
Field NameRequiredNullableTypeDescriptionFormat

mutabilityMode

  

TraitsMutabilityMode

 

ALLOW_MUTATE, ALLOW_MUTATE_FORCED,

visibility

  

TraitsVisibility

 

VISIBLE, HIDDEN,

origin

  

TraitsOrigin

 

IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED,

5.5.7.6. TraitsMutabilityMode

EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.

Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.

Enum Values

ALLOW_MUTATE

ALLOW_MUTATE_FORCED

5.5.7.7. TraitsOrigin

Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.

Enum Values

IMPERATIVE

DEFAULT

DECLARATIVE

DECLARATIVE_ORPHANED

5.5.7.8. TraitsVisibility

EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.

Enum Values

VISIBLE

HIDDEN

5.5.7.9. V1UpdateAuthProviderRequest
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

enabled

  

Boolean

  

5.6. PutAuthProvider

PUT /v1/authProviders/{id}

5.6.1. Description

5.6.2. Parameters

5.6.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 
5.6.2.2. Body Parameter
NameDescriptionRequiredDefaultPattern

body

StorageAuthProvider

X

  

5.6.3. Return Type

StorageAuthProvider

5.6.4. Content Type

  • application/json

5.6.5. Responses

Table 5.6. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

StorageAuthProvider

0

An unexpected error response.

RuntimeError

5.6.6. Samples

5.6.7. Common object reference

5.6.7.1. AuthProviderRequiredAttribute

RequiredAttribute allows to specify a set of attributes which ALL are required to be returned by the auth provider. If any attribute is missing within the external claims of the token issued by Central, the authentication request to this IdP is considered failed.

Field NameRequiredNullableTypeDescriptionFormat

attributeKey

  

String

  

attributeValue

  

String

  
5.6.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

5.6.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

5.6.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
5.6.7.4. StorageAuthProvider

Next Tag: 15.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

String

  

uiEndpoint

  

String

  

enabled

  

Boolean

  

config

  

Map of string

Config holds auth provider specific configuration. Each configuration options are different based on the given auth provider type. OIDC: - \"issuer\": the OIDC issuer according to https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier. - \"client_id\": the client ID according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.2. - \"client_secret\": the client secret according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.3.1. - \"do_not_use_client_secret\": set to \"true\" if you want to create a configuration with only a client ID and no client secret. - \"mode\": the OIDC callback mode, choosing from \"fragment\", \"post\", or \"query\". - \"disable_offline_access_scope\": set to \"true\" if no offline tokens shall be issued. - \"extra_scopes\": a space-delimited string of additional scopes to request in addition to \"openid profile email\" according to https://www.rfc-editor.org/rfc/rfc6749.html#section-3.3. OpenShift Auth: supports no extra configuration options. User PKI: - \"keys\": the trusted certificates PEM encoded. SAML: - \"sp_issuer\": the service provider issuer according to https://datatracker.ietf.org/doc/html/rfc7522#section-3. - \"idp_metadata_url\": the metadata URL according to https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf. - \"idp_issuer\": the IdP issuer. - \"idp_cert_pem\": the cert PEM encoded for the IdP endpoint. - \"idp_sso_url\": the IdP SSO URL. - \"idp_nameid_format\": the IdP name ID format. IAP: - \"audience\": the audience to use.

 

loginUrl

  

String

The login URL will be provided by the backend, and may not be specified in a request.

 

validated

  

Boolean

  

extraUiEndpoints

  

List of string

UI endpoints which to allow in addition to ui_endpoint. I.e., if a login request is coming from any of these, the auth request will use these for the callback URL, not ui_endpoint.

 

active

  

Boolean

  

requiredAttributes

  

List of AuthProviderRequiredAttribute

  

traits

  

StorageTraits

  

claimMappings

  

Map of string

Specifies claims from IdP token that will be copied to Rox token attributes. Each key in this map contains a path in IdP token we want to map. Path is separated by \".\" symbol. For example, if IdP token payload looks like: { \"a\": { \"b\" : \"c\", \"d\": true, \"e\": [ \"val1\", \"val2\", \"val3\" ], \"f\": [ true, false, false ], \"g\": 123.0, \"h\": [ 1, 2, 3] } } then \"a.b\" would be a valid key and \"a.z\" is not. We support the following types of claims: * string(path \"a.b\") * bool(path \"a.d\") * string array(path \"a.e\") * bool array (path \"a.f.\") We do NOT support the following types of claims: * complex claims(path \"a\") * float/integer claims(path \"a.g\") * float/integer array claims(path \"a.h\") Each value in this map contains a Rox token attribute name we want to add claim to. If, for example, value is \"groups\", claim would be found in \"external_user.Attributes.groups\" in token. Note: we only support this feature for OIDC auth provider.

 

lastUpdated

  

Date

Last updated indicates the last time the auth provider has been updated. In case there have been tokens issued by an auth provider before this timestamp, they will be considered invalid. Subsequently, all clients will have to re-issue their tokens (either by refreshing or by an additional login attempt).

date-time

5.6.7.5. StorageTraits
Field NameRequiredNullableTypeDescriptionFormat

mutabilityMode

  

TraitsMutabilityMode

 

ALLOW_MUTATE, ALLOW_MUTATE_FORCED,

visibility

  

TraitsVisibility

 

VISIBLE, HIDDEN,

origin

  

TraitsOrigin

 

IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED,

5.6.7.6. TraitsMutabilityMode

EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.

Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.

Enum Values

ALLOW_MUTATE

ALLOW_MUTATE_FORCED

5.6.7.7. TraitsOrigin

Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.

Enum Values

IMPERATIVE

DEFAULT

DECLARATIVE

DECLARATIVE_ORPHANED

5.6.7.8. TraitsVisibility

EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.

Enum Values

VISIBLE

HIDDEN

5.7. PostAuthProvider

POST /v1/authProviders

5.7.1. Description

5.7.2. Parameters

5.7.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

StorageAuthProvider

X

  

5.7.3. Return Type

StorageAuthProvider

5.7.4. Content Type

  • application/json

5.7.5. Responses

Table 5.7. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

StorageAuthProvider

0

An unexpected error response.

RuntimeError

5.7.6. Samples

5.7.7. Common object reference

5.7.7.1. AuthProviderRequiredAttribute

RequiredAttribute allows to specify a set of attributes which ALL are required to be returned by the auth provider. If any attribute is missing within the external claims of the token issued by Central, the authentication request to this IdP is considered failed.

Field NameRequiredNullableTypeDescriptionFormat

attributeKey

  

String

  

attributeValue

  

String

  
5.7.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

5.7.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

5.7.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
5.7.7.4. StorageAuthProvider

Next Tag: 15.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

String

  

uiEndpoint

  

String

  

enabled

  

Boolean

  

config

  

Map of string

Config holds auth provider specific configuration. Each configuration options are different based on the given auth provider type. OIDC: - \"issuer\": the OIDC issuer according to https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier. - \"client_id\": the client ID according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.2. - \"client_secret\": the client secret according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.3.1. - \"do_not_use_client_secret\": set to \"true\" if you want to create a configuration with only a client ID and no client secret. - \"mode\": the OIDC callback mode, choosing from \"fragment\", \"post\", or \"query\". - \"disable_offline_access_scope\": set to \"true\" if no offline tokens shall be issued. - \"extra_scopes\": a space-delimited string of additional scopes to request in addition to \"openid profile email\" according to https://www.rfc-editor.org/rfc/rfc6749.html#section-3.3. OpenShift Auth: supports no extra configuration options. User PKI: - \"keys\": the trusted certificates PEM encoded. SAML: - \"sp_issuer\": the service provider issuer according to https://datatracker.ietf.org/doc/html/rfc7522#section-3. - \"idp_metadata_url\": the metadata URL according to https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf. - \"idp_issuer\": the IdP issuer. - \"idp_cert_pem\": the cert PEM encoded for the IdP endpoint. - \"idp_sso_url\": the IdP SSO URL. - \"idp_nameid_format\": the IdP name ID format. IAP: - \"audience\": the audience to use.

 

loginUrl

  

String

The login URL will be provided by the backend, and may not be specified in a request.

 

validated

  

Boolean

  

extraUiEndpoints

  

List of string

UI endpoints which to allow in addition to ui_endpoint. I.e., if a login request is coming from any of these, the auth request will use these for the callback URL, not ui_endpoint.

 

active

  

Boolean

  

requiredAttributes

  

List of AuthProviderRequiredAttribute

  

traits

  

StorageTraits

  

claimMappings

  

Map of string

Specifies claims from IdP token that will be copied to Rox token attributes. Each key in this map contains a path in IdP token we want to map. Path is separated by \".\" symbol. For example, if IdP token payload looks like: { \"a\": { \"b\" : \"c\", \"d\": true, \"e\": [ \"val1\", \"val2\", \"val3\" ], \"f\": [ true, false, false ], \"g\": 123.0, \"h\": [ 1, 2, 3] } } then \"a.b\" would be a valid key and \"a.z\" is not. We support the following types of claims: * string(path \"a.b\") * bool(path \"a.d\") * string array(path \"a.e\") * bool array (path \"a.f.\") We do NOT support the following types of claims: * complex claims(path \"a\") * float/integer claims(path \"a.g\") * float/integer array claims(path \"a.h\") Each value in this map contains a Rox token attribute name we want to add claim to. If, for example, value is \"groups\", claim would be found in \"external_user.Attributes.groups\" in token. Note: we only support this feature for OIDC auth provider.

 

lastUpdated

  

Date

Last updated indicates the last time the auth provider has been updated. In case there have been tokens issued by an auth provider before this timestamp, they will be considered invalid. Subsequently, all clients will have to re-issue their tokens (either by refreshing or by an additional login attempt).

date-time

5.7.7.5. StorageTraits
Field NameRequiredNullableTypeDescriptionFormat

mutabilityMode

  

TraitsMutabilityMode

 

ALLOW_MUTATE, ALLOW_MUTATE_FORCED,

visibility

  

TraitsVisibility

 

VISIBLE, HIDDEN,

origin

  

TraitsOrigin

 

IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED,

5.7.7.6. TraitsMutabilityMode

EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.

Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.

Enum Values

ALLOW_MUTATE

ALLOW_MUTATE_FORCED

5.7.7.7. TraitsOrigin

Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.

Enum Values

IMPERATIVE

DEFAULT

DECLARATIVE

DECLARATIVE_ORPHANED

5.7.7.8. TraitsVisibility

EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.

Enum Values

VISIBLE

HIDDEN

5.8. ListAvailableProviderTypes

GET /v1/availableAuthProviders

5.8.1. Description

5.8.2. Parameters

5.8.3. Return Type

V1AvailableProviderTypesResponse

5.8.4. Content Type

  • application/json

5.8.5. Responses

Table 5.8. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1AvailableProviderTypesResponse

0

An unexpected error response.

RuntimeError

5.8.6. Samples

5.8.7. Common object reference

5.8.7.1. AvailableProviderTypesResponseAuthProviderType
Field NameRequiredNullableTypeDescriptionFormat

type

  

String

  

suggestedAttributes

  

List of string

  
5.8.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

5.8.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

5.8.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
5.8.7.4. V1AvailableProviderTypesResponse
Field NameRequiredNullableTypeDescriptionFormat

authProviderTypes

  

List of AvailableProviderTypesResponseAuthProviderType

  

5.9. GetLoginAuthProviders

GET /v1/login/authproviders

5.9.1. Description

5.9.2. Parameters

5.9.3. Return Type

V1GetLoginAuthProvidersResponse

5.9.4. Content Type

  • application/json

5.9.5. Responses

Table 5.9. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetLoginAuthProvidersResponse

0

An unexpected error response.

RuntimeError

5.9.6. Samples

5.9.7. Common object reference

5.9.7.1. GetLoginAuthProvidersResponseLoginAuthProvider
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

String

  

loginUrl

  

String

  
5.9.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

5.9.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

5.9.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
5.9.7.4. V1GetLoginAuthProvidersResponse
Field NameRequiredNullableTypeDescriptionFormat

authProviders

  

List of GetLoginAuthProvidersResponseLoginAuthProvider

  

Chapter 6. AuthService

6.1. UpdateAuthMachineToMachineConfig

PUT /v1/auth/m2m/{config.id}

UpdateAuthMachineToMachineConfig updates an existing auth machine to machine config. In case the auth machine to machine config does not exist, a new one will be created.

6.1.1. Description

6.1.2. Parameters

6.1.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

config.id

UUID of the config. Note that when adding a machine to machine config, this field should not be set.

X

null

 
6.1.2.2. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1UpdateAuthMachineToMachineConfigRequest

X

  

6.1.3. Return Type

Object

6.1.4. Content Type

  • application/json

6.1.5. Responses

Table 6.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

6.1.6. Samples

6.1.7. Common object reference

6.1.7.1. AuthMachineToMachineConfigMapping

Mappings map an identity token’s claim values to a specific role within Central.

Field NameRequiredNullableTypeDescriptionFormat

key

  

String

A key within the identity token’s claim value to use.

 

valueExpression

  

String

A regular expression that will be evaluated against values of the identity token claim identified by the specified key. This regular expressions is in RE2 format, see more here: https://github.com/google/re2/wiki/Syntax.

 

role

  

String

The role which should be issued when the key and value match for a particular identity token.

 
6.1.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

6.1.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

6.1.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
6.1.7.4. V1AuthMachineToMachineConfig

AuthMachineToMachineConfig determines rules for exchanging an identity token from a third party with a Central access token. The M2M stands for machine to machine, as this is the intended use-case for the config.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

UUID of the config. Note that when adding a machine to machine config, this field should not be set.

 

type

  

V1AuthMachineToMachineConfigType

 

GENERIC, GITHUB_ACTIONS,

tokenExpirationDuration

  

String

Sets the expiration of the token returned from the ExchangeAuthMachineToMachineToken API call. Possible valid time units are: s, m, h. The maximum allowed expiration duration is 24h. As an example: 2h45m. For additional information on the validation of the duration, see: https://pkg.go.dev/time#ParseDuration.

 

mappings

  

List of AuthMachineToMachineConfigMapping

At least one mapping is required to resolve to a valid role for the access token to be successfully generated.

 

issuer

  

String

The issuer of the related OIDC provider issuing the ID tokens to exchange. Must be non-empty string containing URL when type is GENERIC. In case of GitHub actions, this must be empty or set to https://token.actions.githubusercontent.com. Issuer is a unique key, therefore there may be at most one GITHUB_ACTIONS config, and each GENERIC config must have a distinct issuer.

 
6.1.7.5. V1AuthMachineToMachineConfigType

The type of the auth machine to machine config. Currently supports GitHub actions or any other generic OIDC provider to use for verifying and exchanging the token.

Enum Values

GENERIC

GITHUB_ACTIONS

6.1.7.6. V1UpdateAuthMachineToMachineConfigRequest
Field NameRequiredNullableTypeDescriptionFormat

config

  

V1AuthMachineToMachineConfig

  

6.2. ExchangeAuthMachineToMachineToken

POST /v1/auth/m2m/exchange

ExchangeAuthMachineToMachineToken exchanges a given identity token for a Central access token based on configured auth machine to machine configs.

6.2.1. Description

6.2.2. Parameters

6.2.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1ExchangeAuthMachineToMachineTokenRequest

X

  

6.2.3. Return Type

V1ExchangeAuthMachineToMachineTokenResponse

6.2.4. Content Type

  • application/json

6.2.5. Responses

Table 6.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ExchangeAuthMachineToMachineTokenResponse

0

An unexpected error response.

RuntimeError

6.2.6. Samples

6.2.7. Common object reference

6.2.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

6.2.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

6.2.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
6.2.7.3. V1ExchangeAuthMachineToMachineTokenRequest
Field NameRequiredNullableTypeDescriptionFormat

idToken

  

String

Identity token that is supposed to be exchanged.

 
6.2.7.4. V1ExchangeAuthMachineToMachineTokenResponse
Field NameRequiredNullableTypeDescriptionFormat

accessToken

  

String

The exchanged access token.

 

6.3. ListAuthMachineToMachineConfigs

GET /v1/auth/m2m

ListAuthMachineToMachineConfigs lists the available auth machine to machine configs.

6.3.1. Description

6.3.2. Parameters

6.3.3. Return Type

V1ListAuthMachineToMachineConfigResponse

6.3.4. Content Type

  • application/json

6.3.5. Responses

Table 6.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ListAuthMachineToMachineConfigResponse

0

An unexpected error response.

RuntimeError

6.3.6. Samples

6.3.7. Common object reference

6.3.7.1. AuthMachineToMachineConfigMapping

Mappings map an identity token’s claim values to a specific role within Central.

Field NameRequiredNullableTypeDescriptionFormat

key

  

String

A key within the identity token’s claim value to use.

 

valueExpression

  

String

A regular expression that will be evaluated against values of the identity token claim identified by the specified key. This regular expressions is in RE2 format, see more here: https://github.com/google/re2/wiki/Syntax.

 

role

  

String

The role which should be issued when the key and value match for a particular identity token.

 
6.3.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

6.3.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

6.3.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
6.3.7.4. V1AuthMachineToMachineConfig

AuthMachineToMachineConfig determines rules for exchanging an identity token from a third party with a Central access token. The M2M stands for machine to machine, as this is the intended use-case for the config.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

UUID of the config. Note that when adding a machine to machine config, this field should not be set.

 

type

  

V1AuthMachineToMachineConfigType

 

GENERIC, GITHUB_ACTIONS,

tokenExpirationDuration

  

String

Sets the expiration of the token returned from the ExchangeAuthMachineToMachineToken API call. Possible valid time units are: s, m, h. The maximum allowed expiration duration is 24h. As an example: 2h45m. For additional information on the validation of the duration, see: https://pkg.go.dev/time#ParseDuration.

 

mappings

  

List of AuthMachineToMachineConfigMapping

At least one mapping is required to resolve to a valid role for the access token to be successfully generated.

 

issuer

  

String

The issuer of the related OIDC provider issuing the ID tokens to exchange. Must be non-empty string containing URL when type is GENERIC. In case of GitHub actions, this must be empty or set to https://token.actions.githubusercontent.com. Issuer is a unique key, therefore there may be at most one GITHUB_ACTIONS config, and each GENERIC config must have a distinct issuer.

 
6.3.7.5. V1AuthMachineToMachineConfigType

The type of the auth machine to machine config. Currently supports GitHub actions or any other generic OIDC provider to use for verifying and exchanging the token.

Enum Values

GENERIC

GITHUB_ACTIONS

6.3.7.6. V1ListAuthMachineToMachineConfigResponse
Field NameRequiredNullableTypeDescriptionFormat

configs

  

List of V1AuthMachineToMachineConfig

  

6.4. DeleteAuthMachineToMachineConfig

DELETE /v1/auth/m2m/{id}

DeleteAuthMachineToMachineConfig deletes the specific auth machine to machine config. In case a specified auth machine to machine config does not exist is deleted, no error will be returned.

6.4.1. Description

6.4.2. Parameters

6.4.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

6.4.3. Return Type

Object

6.4.4. Content Type

  • application/json

6.4.5. Responses

Table 6.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

6.4.6. Samples

6.4.7. Common object reference

6.4.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

6.4.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

6.4.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

6.5. GetAuthMachineToMachineConfig

GET /v1/auth/m2m/{id}

GetAuthMachineToMachineConfig retrieves the specific auth machine to machine config.

6.5.1. Description

6.5.2. Parameters

6.5.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

6.5.3. Return Type

V1GetAuthMachineToMachineConfigResponse

6.5.4. Content Type

  • application/json

6.5.5. Responses

Table 6.5. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetAuthMachineToMachineConfigResponse

0

An unexpected error response.

RuntimeError

6.5.6. Samples

6.5.7. Common object reference

6.5.7.1. AuthMachineToMachineConfigMapping

Mappings map an identity token’s claim values to a specific role within Central.

Field NameRequiredNullableTypeDescriptionFormat

key

  

String

A key within the identity token’s claim value to use.

 

valueExpression

  

String

A regular expression that will be evaluated against values of the identity token claim identified by the specified key. This regular expressions is in RE2 format, see more here: https://github.com/google/re2/wiki/Syntax.

 

role

  

String

The role which should be issued when the key and value match for a particular identity token.

 
6.5.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

6.5.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

6.5.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
6.5.7.4. V1AuthMachineToMachineConfig

AuthMachineToMachineConfig determines rules for exchanging an identity token from a third party with a Central access token. The M2M stands for machine to machine, as this is the intended use-case for the config.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

UUID of the config. Note that when adding a machine to machine config, this field should not be set.

 

type

  

V1AuthMachineToMachineConfigType

 

GENERIC, GITHUB_ACTIONS,

tokenExpirationDuration

  

String

Sets the expiration of the token returned from the ExchangeAuthMachineToMachineToken API call. Possible valid time units are: s, m, h. The maximum allowed expiration duration is 24h. As an example: 2h45m. For additional information on the validation of the duration, see: https://pkg.go.dev/time#ParseDuration.

 

mappings

  

List of AuthMachineToMachineConfigMapping

At least one mapping is required to resolve to a valid role for the access token to be successfully generated.

 

issuer

  

String

The issuer of the related OIDC provider issuing the ID tokens to exchange. Must be non-empty string containing URL when type is GENERIC. In case of GitHub actions, this must be empty or set to https://token.actions.githubusercontent.com. Issuer is a unique key, therefore there may be at most one GITHUB_ACTIONS config, and each GENERIC config must have a distinct issuer.

 
6.5.7.5. V1AuthMachineToMachineConfigType

The type of the auth machine to machine config. Currently supports GitHub actions or any other generic OIDC provider to use for verifying and exchanging the token.

Enum Values

GENERIC

GITHUB_ACTIONS

6.5.7.6. V1GetAuthMachineToMachineConfigResponse
Field NameRequiredNullableTypeDescriptionFormat

config

  

V1AuthMachineToMachineConfig

  

6.6. AddAuthMachineToMachineConfig

POST /v1/auth/m2m

AddAuthMachineToMachineConfig creates a new auth machine to machine config.

6.6.1. Description

6.6.2. Parameters

6.6.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1AddAuthMachineToMachineConfigRequest

X

  

6.6.3. Return Type

V1AddAuthMachineToMachineConfigResponse

6.6.4. Content Type

  • application/json

6.6.5. Responses

Table 6.6. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1AddAuthMachineToMachineConfigResponse

0

An unexpected error response.

RuntimeError

6.6.6. Samples

6.6.7. Common object reference

6.6.7.1. AuthMachineToMachineConfigMapping

Mappings map an identity token’s claim values to a specific role within Central.

Field NameRequiredNullableTypeDescriptionFormat

key

  

String

A key within the identity token’s claim value to use.

 

valueExpression

  

String

A regular expression that will be evaluated against values of the identity token claim identified by the specified key. This regular expressions is in RE2 format, see more here: https://github.com/google/re2/wiki/Syntax.

 

role

  

String

The role which should be issued when the key and value match for a particular identity token.

 
6.6.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

6.6.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

6.6.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
6.6.7.4. V1AddAuthMachineToMachineConfigRequest
Field NameRequiredNullableTypeDescriptionFormat

config

  

V1AuthMachineToMachineConfig

  
6.6.7.5. V1AddAuthMachineToMachineConfigResponse
Field NameRequiredNullableTypeDescriptionFormat

config

  

V1AuthMachineToMachineConfig

  
6.6.7.6. V1AuthMachineToMachineConfig

AuthMachineToMachineConfig determines rules for exchanging an identity token from a third party with a Central access token. The M2M stands for machine to machine, as this is the intended use-case for the config.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

UUID of the config. Note that when adding a machine to machine config, this field should not be set.

 

type

  

V1AuthMachineToMachineConfigType

 

GENERIC, GITHUB_ACTIONS,

tokenExpirationDuration

  

String

Sets the expiration of the token returned from the ExchangeAuthMachineToMachineToken API call. Possible valid time units are: s, m, h. The maximum allowed expiration duration is 24h. As an example: 2h45m. For additional information on the validation of the duration, see: https://pkg.go.dev/time#ParseDuration.

 

mappings

  

List of AuthMachineToMachineConfigMapping

At least one mapping is required to resolve to a valid role for the access token to be successfully generated.

 

issuer

  

String

The issuer of the related OIDC provider issuing the ID tokens to exchange. Must be non-empty string containing URL when type is GENERIC. In case of GitHub actions, this must be empty or set to https://token.actions.githubusercontent.com. Issuer is a unique key, therefore there may be at most one GITHUB_ACTIONS config, and each GENERIC config must have a distinct issuer.

 
6.6.7.7. V1AuthMachineToMachineConfigType

The type of the auth machine to machine config. Currently supports GitHub actions or any other generic OIDC provider to use for verifying and exchanging the token.

Enum Values

GENERIC

GITHUB_ACTIONS

6.7. GetAuthStatus

GET /v1/auth/status

GetAuthStatus returns the status for the current client.

6.7.1. Description

6.7.2. Parameters

6.7.3. Return Type

V1AuthStatus

6.7.4. Content Type

  • application/json

6.7.5. Responses

Table 6.7. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1AuthStatus

0

An unexpected error response.

RuntimeError

6.7.6. Samples

6.7.7. Common object reference

6.7.7.1. AuthProviderRequiredAttribute

RequiredAttribute allows to specify a set of attributes which ALL are required to be returned by the auth provider. If any attribute is missing within the external claims of the token issued by Central, the authentication request to this IdP is considered failed.

Field NameRequiredNullableTypeDescriptionFormat

attributeKey

  

String

  

attributeValue

  

String

  
6.7.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

6.7.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

6.7.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
6.7.7.4. StorageAccess
Enum Values

NO_ACCESS

READ_ACCESS

READ_WRITE_ACCESS

6.7.7.5. StorageAuthProvider

Next Tag: 15.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

String

  

uiEndpoint

  

String

  

enabled

  

Boolean

  

config

  

Map of string

Config holds auth provider specific configuration. Each configuration options are different based on the given auth provider type. OIDC: - \"issuer\": the OIDC issuer according to https://openid.net/specs/openid-connect-core-1_0.html#IssuerIdentifier. - \"client_id\": the client ID according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.2. - \"client_secret\": the client secret according to https://www.rfc-editor.org/rfc/rfc6749.html#section-2.3.1. - \"do_not_use_client_secret\": set to \"true\" if you want to create a configuration with only a client ID and no client secret. - \"mode\": the OIDC callback mode, choosing from \"fragment\", \"post\", or \"query\". - \"disable_offline_access_scope\": set to \"true\" if no offline tokens shall be issued. - \"extra_scopes\": a space-delimited string of additional scopes to request in addition to \"openid profile email\" according to https://www.rfc-editor.org/rfc/rfc6749.html#section-3.3. OpenShift Auth: supports no extra configuration options. User PKI: - \"keys\": the trusted certificates PEM encoded. SAML: - \"sp_issuer\": the service provider issuer according to https://datatracker.ietf.org/doc/html/rfc7522#section-3. - \"idp_metadata_url\": the metadata URL according to https://docs.oasis-open.org/security/saml/v2.0/saml-metadata-2.0-os.pdf. - \"idp_issuer\": the IdP issuer. - \"idp_cert_pem\": the cert PEM encoded for the IdP endpoint. - \"idp_sso_url\": the IdP SSO URL. - \"idp_nameid_format\": the IdP name ID format. IAP: - \"audience\": the audience to use.

 

loginUrl

  

String

The login URL will be provided by the backend, and may not be specified in a request.

 

validated

  

Boolean

  

extraUiEndpoints

  

List of string

UI endpoints which to allow in addition to ui_endpoint. I.e., if a login request is coming from any of these, the auth request will use these for the callback URL, not ui_endpoint.

 

active

  

Boolean

  

requiredAttributes

  

List of AuthProviderRequiredAttribute

  

traits

  

StorageTraits

  

claimMappings

  

Map of string

Specifies claims from IdP token that will be copied to Rox token attributes. Each key in this map contains a path in IdP token we want to map. Path is separated by \".\" symbol. For example, if IdP token payload looks like: { \"a\": { \"b\" : \"c\", \"d\": true, \"e\": [ \"val1\", \"val2\", \"val3\" ], \"f\": [ true, false, false ], \"g\": 123.0, \"h\": [ 1, 2, 3] } } then \"a.b\" would be a valid key and \"a.z\" is not. We support the following types of claims: * string(path \"a.b\") * bool(path \"a.d\") * string array(path \"a.e\") * bool array (path \"a.f.\") We do NOT support the following types of claims: * complex claims(path \"a\") * float/integer claims(path \"a.g\") * float/integer array claims(path \"a.h\") Each value in this map contains a Rox token attribute name we want to add claim to. If, for example, value is \"groups\", claim would be found in \"external_user.Attributes.groups\" in token. Note: we only support this feature for OIDC auth provider.

 

lastUpdated

  

Date

Last updated indicates the last time the auth provider has been updated. In case there have been tokens issued by an auth provider before this timestamp, they will be considered invalid. Subsequently, all clients will have to re-issue their tokens (either by refreshing or by an additional login attempt).

date-time

6.7.7.6. StorageServiceIdentity
Field NameRequiredNullableTypeDescriptionFormat

serialStr

  

String

  

serial

  

String

 

int64

id

  

String

  

type

  

StorageServiceType

 

UNKNOWN_SERVICE, SENSOR_SERVICE, CENTRAL_SERVICE, CENTRAL_DB_SERVICE, REMOTE_SERVICE, COLLECTOR_SERVICE, MONITORING_UI_SERVICE, MONITORING_DB_SERVICE, MONITORING_CLIENT_SERVICE, BENCHMARK_SERVICE, SCANNER_SERVICE, SCANNER_DB_SERVICE, ADMISSION_CONTROL_SERVICE, SCANNER_V4_INDEXER_SERVICE, SCANNER_V4_MATCHER_SERVICE, SCANNER_V4_DB_SERVICE,

initBundleId

  

String

  
6.7.7.7. StorageServiceType
Next available tag: 16
Enum Values

UNKNOWN_SERVICE

SENSOR_SERVICE

CENTRAL_SERVICE

CENTRAL_DB_SERVICE

REMOTE_SERVICE

COLLECTOR_SERVICE

MONITORING_UI_SERVICE

MONITORING_DB_SERVICE

MONITORING_CLIENT_SERVICE

BENCHMARK_SERVICE

SCANNER_SERVICE

SCANNER_DB_SERVICE

ADMISSION_CONTROL_SERVICE

SCANNER_V4_INDEXER_SERVICE

SCANNER_V4_MATCHER_SERVICE

SCANNER_V4_DB_SERVICE

6.7.7.8. StorageTraits
Field NameRequiredNullableTypeDescriptionFormat

mutabilityMode

  

TraitsMutabilityMode

 

ALLOW_MUTATE, ALLOW_MUTATE_FORCED,

visibility

  

TraitsVisibility

 

VISIBLE, HIDDEN,

origin

  

TraitsOrigin

 

IMPERATIVE, DEFAULT, DECLARATIVE, DECLARATIVE_ORPHANED,

6.7.7.9. StorageUserInfo
Field NameRequiredNullableTypeDescriptionFormat

username

  

String

  

friendlyName

  

String

  

permissions

  

UserInfoResourceToAccess

  

roles

  

List of StorageUserInfoRole

  
6.7.7.10. StorageUserInfoRole

Role is wire compatible with the old format of storage.Role and hence only includes role name and associated permissions.

Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

resourceToAccess

  

Map of StorageAccess

  
6.7.7.11. TraitsMutabilityMode

EXPERIMENTAL. NOTE: Please refer from using MutabilityMode for the time being. It will be replaced in the future (ROX-14276). MutabilityMode specifies whether and how an object can be modified. Default is ALLOW_MUTATE and means there are no modification restrictions; this is equivalent to the absence of MutabilityMode specification. ALLOW_MUTATE_FORCED forbids all modifying operations except object removal with force bit on.

Be careful when changing the state of this field. For example, modifying an object from ALLOW_MUTATE to ALLOW_MUTATE_FORCED is allowed but will prohibit any further changes to it, including modifying it back to ALLOW_MUTATE.

Enum Values

ALLOW_MUTATE

ALLOW_MUTATE_FORCED

6.7.7.12. TraitsOrigin

Origin specifies the origin of an object. Objects can have four different origins: - IMPERATIVE: the object was created via the API. This is assumed by default. - DEFAULT: the object is a default object, such as default roles, access scopes etc. - DECLARATIVE: the object is created via declarative configuration. - DECLARATIVE_ORPHANED: the object is created via declarative configuration and then unsuccessfully deleted(for example, because it is referenced by another object) Based on the origin, different rules apply to the objects. Objects with the DECLARATIVE origin are not allowed to be modified via API, only via declarative configuration. Additionally, they may not reference objects with the IMPERATIVE origin. Objects with the DEFAULT origin are not allowed to be modified via either API or declarative configuration. They may be referenced by all other objects. Objects with the IMPERATIVE origin are allowed to be modified via API, not via declarative configuration. They may reference all other objects. Objects with the DECLARATIVE_ORPHANED origin are not allowed to be modified via either API or declarative configuration. DECLARATIVE_ORPHANED resource can become DECLARATIVE again if it is redefined in declarative configuration. Objects with this origin will be cleaned up from the system immediately after they are not referenced by other resources anymore. They may be referenced by all other objects.

Enum Values

IMPERATIVE

DEFAULT

DECLARATIVE

DECLARATIVE_ORPHANED

6.7.7.13. TraitsVisibility

EXPERIMENTAL. visibility allows to specify whether the object should be visible for certain APIs.

Enum Values

VISIBLE

HIDDEN

6.7.7.14. UserInfoResourceToAccess

ResourceToAccess represents a collection of permissions. It is wire compatible with the old format of storage.Role and replaces it in places where only aggregated permissions are required.

Field NameRequiredNullableTypeDescriptionFormat

resourceToAccess

  

Map of StorageAccess

  
6.7.7.15. V1AuthStatus
Field NameRequiredNullableTypeDescriptionFormat

userId

  

String

  

serviceId

  

StorageServiceIdentity

  

expires

  

Date

 

date-time

refreshUrl

  

String

  

authProvider

  

StorageAuthProvider

  

userInfo

  

StorageUserInfo

  

userAttributes

  

List of V1UserAttribute

  

idpToken

  

String

Token returned to ACS by the underlying identity provider. This field is set only in a few, specific contexts. Do not rely on this field being present in the response.

 
6.7.7.16. V1UserAttribute
Field NameRequiredNullableTypeDescriptionFormat

key

  

String

  

values

  

List of string

  

Chapter 7. CentralHealthService

7.1. GetUpgradeStatus

GET /v1/centralhealth/upgradestatus

7.1.1. Description

7.1.2. Parameters

7.1.3. Return Type

V1GetUpgradeStatusResponse

7.1.4. Content Type

  • application/json

7.1.5. Responses

Table 7.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetUpgradeStatusResponse

0

An unexpected error response.

RuntimeError

7.1.6. Samples

7.1.7. Common object reference

7.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

7.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

7.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
7.1.7.3. V1CentralUpgradeStatus
Field NameRequiredNullableTypeDescriptionFormat

version

  

String

  

forceRollbackTo

  

String

The version of previous clone in Central. This is the version we can force rollback to.

 

canRollbackAfterUpgrade

  

Boolean

If true, we can rollback to the current version if an upgrade failed.

 

spaceRequiredForRollbackAfterUpgrade

  

String

 

int64

spaceAvailableForRollbackAfterUpgrade

  

String

 

int64

7.1.7.4. V1GetUpgradeStatusResponse
Field NameRequiredNullableTypeDescriptionFormat

upgradeStatus

  

V1CentralUpgradeStatus

  

Chapter 8. CloudSourcesService

8.1. UpdateCloudSource

PUT /v1/cloud-sources/{cloudSource.id}

UpdateCloudSource creates or replaces a cloud source.

8.1.1. Description

8.1.2. Parameters

8.1.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

cloudSource.id

 

X

null

 
8.1.2.2. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1UpdateCloudSourceRequest

X

  

8.1.3. Return Type

Object

8.1.4. Content Type

  • application/json

8.1.5. Responses

Table 8.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

8.1.6. Samples

8.1.7. Common object reference

8.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

8.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

8.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
8.1.7.3. V1CloudSource

CloudSource is an integration which provides a source for discovered clusters.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

V1CloudSourceType

 

TYPE_UNSPECIFIED, TYPE_PALADIN_CLOUD, TYPE_OCM,

credentials

  

V1CloudSourceCredentials

  

skipTestIntegration

  

Boolean

  

paladinCloud

  

V1PaladinCloudConfig

  

ocm

  

V1OCMConfig

  
8.1.7.4. V1CloudSourceCredentials
Field NameRequiredNullableTypeDescriptionFormat

secret

  

String

  
8.1.7.5. V1CloudSourceType
Enum Values

TYPE_UNSPECIFIED

TYPE_PALADIN_CLOUD

TYPE_OCM

8.1.7.6. V1OCMConfig

OCMConfig provides information required to fetch discovered clusters from the OpenShift cluster manager.

Field NameRequiredNullableTypeDescriptionFormat

endpoint

  

String

  
8.1.7.7. V1PaladinCloudConfig

PaladinCloudConfig provides information required to fetch discovered clusters from Paladin Cloud.

Field NameRequiredNullableTypeDescriptionFormat

endpoint

  

String

  
8.1.7.8. V1UpdateCloudSourceRequest
Field NameRequiredNullableTypeDescriptionFormat

cloudSource

  

V1CloudSource

  

updateCredentials

  

Boolean

If true, cloud_source must include valid credentials. If false, the resource must already exist and credentials in cloud_source are ignored.

 

8.2. ListCloudSources

GET /v1/cloud-sources

ListCloudSources returns the list of cloud sources after filtered by requested fields.

8.2.1. Description

8.2.2. Parameters

8.2.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

pagination.limit

 

-

null

 

pagination.offset

 

-

null

 

pagination.sortOption.field

 

-

null

 

pagination.sortOption.reversed

 

-

null

 

pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

pagination.sortOption.aggregateBy.distinct

 

-

null

 

filter.names

Matches cloud sources based on their name. String

-

null

 

filter.types

Matches cloud sources based on their type. String

-

null

 

8.2.3. Return Type

V1ListCloudSourcesResponse

8.2.4. Content Type

  • application/json

8.2.5. Responses

Table 8.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ListCloudSourcesResponse

0

An unexpected error response.

RuntimeError

8.2.6. Samples

8.2.7. Common object reference

8.2.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

8.2.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

8.2.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
8.2.7.3. V1CloudSource

CloudSource is an integration which provides a source for discovered clusters.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

V1CloudSourceType

 

TYPE_UNSPECIFIED, TYPE_PALADIN_CLOUD, TYPE_OCM,

credentials

  

V1CloudSourceCredentials

  

skipTestIntegration

  

Boolean

  

paladinCloud

  

V1PaladinCloudConfig

  

ocm

  

V1OCMConfig

  
8.2.7.4. V1CloudSourceCredentials
Field NameRequiredNullableTypeDescriptionFormat

secret

  

String

  
8.2.7.5. V1CloudSourceType
Enum Values

TYPE_UNSPECIFIED

TYPE_PALADIN_CLOUD

TYPE_OCM

8.2.7.6. V1ListCloudSourcesResponse
Field NameRequiredNullableTypeDescriptionFormat

cloudSources

  

List of V1CloudSource

  
8.2.7.7. V1OCMConfig

OCMConfig provides information required to fetch discovered clusters from the OpenShift cluster manager.

Field NameRequiredNullableTypeDescriptionFormat

endpoint

  

String

  
8.2.7.8. V1PaladinCloudConfig

PaladinCloudConfig provides information required to fetch discovered clusters from Paladin Cloud.

Field NameRequiredNullableTypeDescriptionFormat

endpoint

  

String

  

8.3. DeleteCloudSource

DELETE /v1/cloud-sources/{id}

DeleteCloudSource removes a cloud source.

8.3.1. Description

8.3.2. Parameters

8.3.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

8.3.3. Return Type

Object

8.3.4. Content Type

  • application/json

8.3.5. Responses

Table 8.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

8.3.6. Samples

8.3.7. Common object reference

8.3.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

8.3.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

8.3.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

8.4. GetCloudSource

GET /v1/cloud-sources/{id}

GetCloudSource retrieves a cloud source by ID.

8.4.1. Description

8.4.2. Parameters

8.4.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

8.4.3. Return Type

V1GetCloudSourceResponse

8.4.4. Content Type

  • application/json

8.4.5. Responses

Table 8.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetCloudSourceResponse

0

An unexpected error response.

RuntimeError

8.4.6. Samples

8.4.7. Common object reference

8.4.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

8.4.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

8.4.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
8.4.7.3. V1CloudSource

CloudSource is an integration which provides a source for discovered clusters.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

V1CloudSourceType

 

TYPE_UNSPECIFIED, TYPE_PALADIN_CLOUD, TYPE_OCM,

credentials

  

V1CloudSourceCredentials

  

skipTestIntegration

  

Boolean

  

paladinCloud

  

V1PaladinCloudConfig

  

ocm

  

V1OCMConfig

  
8.4.7.4. V1CloudSourceCredentials
Field NameRequiredNullableTypeDescriptionFormat

secret

  

String

  
8.4.7.5. V1CloudSourceType
Enum Values

TYPE_UNSPECIFIED

TYPE_PALADIN_CLOUD

TYPE_OCM

8.4.7.6. V1GetCloudSourceResponse
Field NameRequiredNullableTypeDescriptionFormat

cloudSource

  

V1CloudSource

  
8.4.7.7. V1OCMConfig

OCMConfig provides information required to fetch discovered clusters from the OpenShift cluster manager.

Field NameRequiredNullableTypeDescriptionFormat

endpoint

  

String

  
8.4.7.8. V1PaladinCloudConfig

PaladinCloudConfig provides information required to fetch discovered clusters from Paladin Cloud.

Field NameRequiredNullableTypeDescriptionFormat

endpoint

  

String

  

8.5. CreateCloudSource

POST /v1/cloud-sources

CreateCloudSource creates a cloud source.

8.5.1. Description

8.5.2. Parameters

8.5.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1CreateCloudSourceRequest

X

  

8.5.3. Return Type

V1CreateCloudSourceResponse

8.5.4. Content Type

  • application/json

8.5.5. Responses

Table 8.5. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1CreateCloudSourceResponse

0

An unexpected error response.

RuntimeError

8.5.6. Samples

8.5.7. Common object reference

8.5.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

8.5.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

8.5.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
8.5.7.3. V1CloudSource

CloudSource is an integration which provides a source for discovered clusters.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

V1CloudSourceType

 

TYPE_UNSPECIFIED, TYPE_PALADIN_CLOUD, TYPE_OCM,

credentials

  

V1CloudSourceCredentials

  

skipTestIntegration

  

Boolean

  

paladinCloud

  

V1PaladinCloudConfig

  

ocm

  

V1OCMConfig

  
8.5.7.4. V1CloudSourceCredentials
Field NameRequiredNullableTypeDescriptionFormat

secret

  

String

  
8.5.7.5. V1CloudSourceType
Enum Values

TYPE_UNSPECIFIED

TYPE_PALADIN_CLOUD

TYPE_OCM

8.5.7.6. V1CreateCloudSourceRequest
Field NameRequiredNullableTypeDescriptionFormat

cloudSource

  

V1CloudSource

  
8.5.7.7. V1CreateCloudSourceResponse
Field NameRequiredNullableTypeDescriptionFormat

cloudSource

  

V1CloudSource

  
8.5.7.8. V1OCMConfig

OCMConfig provides information required to fetch discovered clusters from the OpenShift cluster manager.

Field NameRequiredNullableTypeDescriptionFormat

endpoint

  

String

  
8.5.7.9. V1PaladinCloudConfig

PaladinCloudConfig provides information required to fetch discovered clusters from Paladin Cloud.

Field NameRequiredNullableTypeDescriptionFormat

endpoint

  

String

  

8.6. TestCloudSource

POST /v1/cloud-sources/test

TestCloudSource tests a cloud source.

8.6.1. Description

8.6.2. Parameters

8.6.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1TestCloudSourceRequest

X

  

8.6.3. Return Type

Object

8.6.4. Content Type

  • application/json

8.6.5. Responses

Table 8.6. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

8.6.6. Samples

8.6.7. Common object reference

8.6.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

8.6.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

8.6.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
8.6.7.3. V1CloudSource

CloudSource is an integration which provides a source for discovered clusters.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

V1CloudSourceType

 

TYPE_UNSPECIFIED, TYPE_PALADIN_CLOUD, TYPE_OCM,

credentials

  

V1CloudSourceCredentials

  

skipTestIntegration

  

Boolean

  

paladinCloud

  

V1PaladinCloudConfig

  

ocm

  

V1OCMConfig

  
8.6.7.4. V1CloudSourceCredentials
Field NameRequiredNullableTypeDescriptionFormat

secret

  

String

  
8.6.7.5. V1CloudSourceType
Enum Values

TYPE_UNSPECIFIED

TYPE_PALADIN_CLOUD

TYPE_OCM

8.6.7.6. V1OCMConfig

OCMConfig provides information required to fetch discovered clusters from the OpenShift cluster manager.

Field NameRequiredNullableTypeDescriptionFormat

endpoint

  

String

  
8.6.7.7. V1PaladinCloudConfig

PaladinCloudConfig provides information required to fetch discovered clusters from Paladin Cloud.

Field NameRequiredNullableTypeDescriptionFormat

endpoint

  

String

  
8.6.7.8. V1TestCloudSourceRequest
Field NameRequiredNullableTypeDescriptionFormat

cloudSource

  

V1CloudSource

  

updateCredentials

  

Boolean

If true, cloud_source must include valid credentials. If false, the resource must already exist and credentials in cloud_source are ignored.

 

8.7. CountCloudSources

GET /v1/count/cloud-sources

CountCloudSources returns the number of cloud sources after filtering by requested fields.

8.7.1. Description

8.7.2. Parameters

8.7.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

filter.names

Matches cloud sources based on their name. String

-

null

 

filter.types

Matches cloud sources based on their type. String

-

null

 

8.7.3. Return Type

V1CountCloudSourcesResponse

8.7.4. Content Type

  • application/json

8.7.5. Responses

Table 8.7. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1CountCloudSourcesResponse

0

An unexpected error response.

RuntimeError

8.7.6. Samples

8.7.7. Common object reference

8.7.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

8.7.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

8.7.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
8.7.7.3. V1CountCloudSourcesResponse
Field NameRequiredNullableTypeDescriptionFormat

count

  

Integer

 

int32

Chapter 9. ClusterCVEService

9.1. SuppressCVEs

PATCH /v1/clustercves/suppress

SuppressCVE suppresses cluster cves.

9.1.1. Description

9.1.2. Parameters

9.1.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1SuppressCVERequest

X

  

9.1.3. Return Type

Object

9.1.4. Content Type

  • application/json

9.1.5. Responses

Table 9.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

9.1.6. Samples

9.1.7. Common object reference

9.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

9.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

9.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
9.1.7.3. V1SuppressCVERequest
Field NameRequiredNullableTypeDescriptionFormat

cves

  

List of string

These are (NVD) vulnerability identifiers, cve field of storage.CVE, and not the id field. For example, CVE-2021-44832.

 

duration

  

String

  

9.2. UnsuppressCVEs

PATCH /v1/clustercves/unsuppress

UnsuppressCVE unsuppresses cluster cves.

9.2.1. Description

9.2.2. Parameters

9.2.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1UnsuppressCVERequest

X

  

9.2.3. Return Type

Object

9.2.4. Content Type

  • application/json

9.2.5. Responses

Table 9.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

9.2.6. Samples

9.2.7. Common object reference

9.2.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

9.2.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

9.2.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
9.2.7.3. V1UnsuppressCVERequest
Field NameRequiredNullableTypeDescriptionFormat

cves

  

List of string

These are (NVD) vulnerability identifiers, cve field of storage.CVE, and not the id field. For example, CVE-2021-44832.

 

Chapter 10. ClusterInitService

10.1. GetCAConfig

GET /v1/cluster-init/ca-config

10.1.1. Description

10.1.2. Parameters

10.1.3. Return Type

V1GetCAConfigResponse

10.1.4. Content Type

  • application/json

10.1.5. Responses

Table 10.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetCAConfigResponse

0

An unexpected error response.

RuntimeError

10.1.6. Samples

10.1.7. Common object reference

10.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

10.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

10.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
10.1.7.3. V1GetCAConfigResponse
Field NameRequiredNullableTypeDescriptionFormat

helmValuesBundle

  

byte[]

 

byte

10.2. GetInitBundles

GET /v1/cluster-init/init-bundles

10.2.1. Description

10.2.2. Parameters

10.2.3. Return Type

V1InitBundleMetasResponse

10.2.4. Content Type

  • application/json

10.2.5. Responses

Table 10.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1InitBundleMetasResponse

0

An unexpected error response.

RuntimeError

10.2.6. Samples

10.2.7. Common object reference

10.2.7.1. InitBundleMetaImpactedCluster
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

id

  

String

  
10.2.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

10.2.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

10.2.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
10.2.7.4. StorageUser

User is an object that allows us to track the roles a user is tied to, and how they logged in.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

authProviderId

  

String

  

attributes

  

List of StorageUserAttribute

  

idpToken

  

String

  
10.2.7.5. StorageUserAttribute
Field NameRequiredNullableTypeDescriptionFormat

key

  

String

  

value

  

String

  
10.2.7.6. V1InitBundleMeta
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

impactedClusters

  

List of InitBundleMetaImpactedCluster

  

createdAt

  

Date

 

date-time

createdBy

  

StorageUser

  

expiresAt

  

Date

 

date-time

10.2.7.7. V1InitBundleMetasResponse
Field NameRequiredNullableTypeDescriptionFormat

items

  

List of V1InitBundleMeta

  

10.3. GenerateInitBundle

POST /v1/cluster-init/init-bundles

10.3.1. Description

10.3.2. Parameters

10.3.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1InitBundleGenRequest

X

  

10.3.3. Return Type

V1InitBundleGenResponse

10.3.4. Content Type

  • application/json

10.3.5. Responses

Table 10.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1InitBundleGenResponse

0

An unexpected error response.

RuntimeError

10.3.6. Samples

10.3.7. Common object reference

10.3.7.1. InitBundleMetaImpactedCluster
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

id

  

String

  
10.3.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

10.3.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

10.3.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
10.3.7.4. StorageUser

User is an object that allows us to track the roles a user is tied to, and how they logged in.

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

authProviderId

  

String

  

attributes

  

List of StorageUserAttribute

  

idpToken

  

String

  
10.3.7.5. StorageUserAttribute
Field NameRequiredNullableTypeDescriptionFormat

key

  

String

  

value

  

String

  
10.3.7.6. V1InitBundleGenRequest
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  
10.3.7.7. V1InitBundleGenResponse
Field NameRequiredNullableTypeDescriptionFormat

meta

  

V1InitBundleMeta

  

helmValuesBundle

  

byte[]

 

byte

kubectlBundle

  

byte[]

 

byte

10.3.7.8. V1InitBundleMeta
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

impactedClusters

  

List of InitBundleMetaImpactedCluster

  

createdAt

  

Date

 

date-time

createdBy

  

StorageUser

  

expiresAt

  

Date

 

date-time

10.4. RevokeInitBundle

PATCH /v1/cluster-init/init-bundles/revoke

RevokeInitBundle deletes cluster init bundle. If this operation impacts any cluster then its ID should be included in request. If confirm_impacted_clusters_ids does not match with current impacted clusters then request will fail with error that includes all impacted clusters.

10.4.1. Description

10.4.2. Parameters

10.4.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1InitBundleRevokeRequest

X

  

10.4.3. Return Type

V1InitBundleRevokeResponse

10.4.4. Content Type

  • application/json

10.4.5. Responses

Table 10.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1InitBundleRevokeResponse

0

An unexpected error response.

RuntimeError

10.4.6. Samples

10.4.7. Common object reference

10.4.7.1. InitBundleMetaImpactedCluster
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

id

  

String

  
10.4.7.2. InitBundleRevokeResponseInitBundleRevocationError
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

error

  

String

  

impactedClusters

  

List of InitBundleMetaImpactedCluster

  
10.4.7.3. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

10.4.7.3.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

10.4.7.4. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
10.4.7.5. V1InitBundleRevokeRequest
Field NameRequiredNullableTypeDescriptionFormat

ids

  

List of string

  

confirmImpactedClustersIds

  

List of string

  
10.4.7.6. V1InitBundleRevokeResponse
Field NameRequiredNullableTypeDescriptionFormat

initBundleRevocationErrors

  

List of InitBundleRevokeResponseInitBundleRevocationError

  

initBundleRevokedIds

  

List of string

  

Chapter 11. ClustersService

11.1. GetClusterDefaultValues

GET /v1/cluster-defaults

11.1.1. Description

11.1.2. Parameters

11.1.3. Return Type

V1ClusterDefaultsResponse

11.1.4. Content Type

  • application/json

11.1.5. Responses

Table 11.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ClusterDefaultsResponse

0

An unexpected error response.

RuntimeError

11.1.6. Samples

11.1.7. Common object reference

11.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

11.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

11.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
11.1.7.3. V1ClusterDefaultsResponse
Field NameRequiredNullableTypeDescriptionFormat

mainImageRepository

  

String

  

collectorImageRepository

  

String

  

kernelSupportAvailable

  

Boolean

  

11.2. GetKernelSupportAvailable

GET /v1/clusters-env/kernel-support-available

GetKernelSupportAvailable is deprecated in favor of GetClusterDefaultValues.

11.2.1. Description

11.2.2. Parameters

11.2.3. Return Type

V1KernelSupportAvailableResponse

11.2.4. Content Type

  • application/json

11.2.5. Responses

Table 11.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1KernelSupportAvailableResponse

0

An unexpected error response.

RuntimeError

11.2.6. Samples

11.2.7. Common object reference

11.2.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

11.2.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

11.2.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
11.2.7.3. V1KernelSupportAvailableResponse
Field NameRequiredNullableTypeDescriptionFormat

kernelSupportAvailable

  

Boolean

  

11.3. GetClusters

GET /v1/clusters

11.3.1. Description

11.3.2. Parameters

11.3.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

query

 

-

null

 

11.3.3. Return Type

V1ClustersList

11.3.4. Content Type

  • application/json

11.3.5. Responses

Table 11.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ClustersList

0

An unexpected error response.

RuntimeError

11.3.6. Samples

11.3.7. Common object reference

11.3.7.1. ClusterHealthStatusHealthStatusLabel
  • UNAVAILABLE: Only collector can have unavailable status
Enum Values

UNINITIALIZED

UNAVAILABLE

UNHEALTHY

DEGRADED

HEALTHY

11.3.7.2. ClusterUpgradeStatusUpgradability
  • SENSOR_VERSION_HIGHER: SENSOR_VERSION_HIGHER occurs when we detect that the sensor is running a newer version than this Central. This is unexpected, but can occur depending on the patches a customer does. In this case, we will NOT automatically "upgrade" the sensor, since that would be a downgrade, even if the autoupgrade setting is on. The user will be allowed to manually trigger the upgrade, but they are strongly discouraged from doing so without upgrading Central first, since this is an unsupported configuration.
Enum Values

UNSET

UP_TO_DATE

MANUAL_UPGRADE_REQUIRED

AUTO_UPGRADE_POSSIBLE

SENSOR_VERSION_HIGHER

11.3.7.3. ClusterUpgradeStatusUpgradeProcessStatus
Field NameRequiredNullableTypeDescriptionFormat

active

  

Boolean

  

id

  

String

  

targetVersion

  

String

  

upgraderImage

  

String

  

initiatedAt

  

Date

 

date-time

progress

  

StorageUpgradeProgress

  

type

  

UpgradeProcessStatusUpgradeProcessType

 

UPGRADE, CERT_ROTATION,

11.3.7.4. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

11.3.7.4.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

11.3.7.5. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
11.3.7.6. StorageAWSProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

accountId

  

String

  
11.3.7.7. StorageAdmissionControlHealthInfo

AdmissionControlHealthInfo carries data about admission control deployment but does not include admission control health status derived from this data. Aggregated admission control health status is not included because it is derived in central and not in the component that first reports AdmissionControlHealthInfo (sensor).

Field NameRequiredNullableTypeDescriptionFormat

totalDesiredPods

  

Integer

 

int32

totalReadyPods

  

Integer

 

int32

statusErrors

  

List of string

Collection of errors that occurred while trying to obtain admission control health info.

 
11.3.7.8. StorageAdmissionControllerConfig
Field NameRequiredNullableTypeDescriptionFormat

enabled

  

Boolean

  

timeoutSeconds

  

Integer

 

int32

scanInline

  

Boolean

  

disableBypass

  

Boolean

  

enforceOnUpdates

  

Boolean

  
11.3.7.9. StorageAuditLogFileState
AuditLogFileState tracks the last audit log event timestamp and ID that was collected by Compliance For internal use only
Field NameRequiredNullableTypeDescriptionFormat

collectLogsSince

  

Date

 

date-time

lastAuditId

  

String

  
11.3.7.10. StorageAzureProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

subscriptionId

  

String

  
11.3.7.11. StorageCluster
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

StorageClusterType

 

GENERIC_CLUSTER, KUBERNETES_CLUSTER, OPENSHIFT_CLUSTER, OPENSHIFT4_CLUSTER,

labels

  

Map of string

  

mainImage

  

String

  

collectorImage

  

String

  

centralApiEndpoint

  

String

  

runtimeSupport

  

Boolean

  

collectionMethod

  

StorageCollectionMethod

 

UNSET_COLLECTION, NO_COLLECTION, KERNEL_MODULE, EBPF, CORE_BPF,

admissionController

  

Boolean

  

admissionControllerUpdates

  

Boolean

  

admissionControllerEvents

  

Boolean

  

status

  

StorageClusterStatus

  

dynamicConfig

  

StorageDynamicClusterConfig

  

tolerationsConfig

  

StorageTolerationsConfig

  

priority

  

String

 

int64

healthStatus

  

StorageClusterHealthStatus

  

slimCollector

  

Boolean

  

helmConfig

  

StorageCompleteClusterConfig

  

mostRecentSensorId

  

StorageSensorDeploymentIdentification

  

auditLogState

  

Map of StorageAuditLogFileState

For internal use only.

 

initBundleId

  

String

  

managedBy

  

StorageManagerType

 

MANAGER_TYPE_UNKNOWN, MANAGER_TYPE_MANUAL, MANAGER_TYPE_HELM_CHART, MANAGER_TYPE_KUBERNETES_OPERATOR,

11.3.7.12. StorageClusterCertExpiryStatus
Field NameRequiredNullableTypeDescriptionFormat

sensorCertExpiry

  

Date

 

date-time

sensorCertNotBefore

  

Date

 

date-time

11.3.7.13. StorageClusterHealthStatus
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

collectorHealthInfo

  

StorageCollectorHealthInfo

  

admissionControlHealthInfo

  

StorageAdmissionControlHealthInfo

  

scannerHealthInfo

  

StorageScannerHealthInfo

  

sensorHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

collectorHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

overallHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

admissionControlHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

scannerHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

lastContact

  

Date

 

date-time

healthInfoComplete

  

Boolean

  
11.3.7.14. StorageClusterMetadata

ClusterMetadata contains metadata information about the cluster infrastructure.

Field NameRequiredNullableTypeDescriptionFormat

type

  

StorageClusterMetadataType

 

UNSPECIFIED, AKS, ARO, EKS, GKE, OCP, OSD, ROSA,

name

  

String

Name represents the name under which the cluster is registered with the cloud provider. In case of self managed OpenShift it is the name chosen by the OpenShift installer.

 

id

  

String

Id represents a unique ID under which the cluster is registered with the cloud provider. Not all cluster types have an id. For all OpenShift clusters, this is the Red Hat cluster_id registered with OCM.

 
11.3.7.15. StorageClusterMetadataType
Enum Values

UNSPECIFIED

AKS

ARO

EKS

GKE

OCP

OSD

ROSA

11.3.7.16. StorageClusterStatus
Field NameRequiredNullableTypeDescriptionFormat

sensorVersion

  

String

  

DEPRECATEDLastContact

  

Date

This field has been deprecated starting release 49.0. Use healthStatus.lastContact instead.

date-time

providerMetadata

  

StorageProviderMetadata

  

orchestratorMetadata

  

StorageOrchestratorMetadata

  

upgradeStatus

  

StorageClusterUpgradeStatus

  

certExpiryStatus

  

StorageClusterCertExpiryStatus

  
11.3.7.17. StorageClusterType
Enum Values

GENERIC_CLUSTER

KUBERNETES_CLUSTER

OPENSHIFT_CLUSTER

OPENSHIFT4_CLUSTER

11.3.7.18. StorageClusterUpgradeStatus
Field NameRequiredNullableTypeDescriptionFormat

upgradability

  

ClusterUpgradeStatusUpgradability

 

UNSET, UP_TO_DATE, MANUAL_UPGRADE_REQUIRED, AUTO_UPGRADE_POSSIBLE, SENSOR_VERSION_HIGHER,

upgradabilityStatusReason

  

String

  

mostRecentProcess

  

ClusterUpgradeStatusUpgradeProcessStatus

  
11.3.7.19. StorageCollectionMethod
Enum Values

UNSET_COLLECTION

NO_COLLECTION

KERNEL_MODULE

EBPF

CORE_BPF

11.3.7.20. StorageCollectorHealthInfo

CollectorHealthInfo carries data about collector deployment but does not include collector health status derived from this data. Aggregated collector health status is not included because it is derived in central and not in the component that first reports CollectorHealthInfo (sensor).

Field NameRequiredNullableTypeDescriptionFormat

version

  

String

  

totalDesiredPods

  

Integer

 

int32

totalReadyPods

  

Integer

 

int32

totalRegisteredNodes

  

Integer

 

int32

statusErrors

  

List of string

Collection of errors that occurred while trying to obtain collector health info.

 
11.3.7.21. StorageCompleteClusterConfig

Encodes a complete cluster configuration minus ID/Name identifiers including static and dynamic settings.

Field NameRequiredNullableTypeDescriptionFormat

dynamicConfig

  

StorageDynamicClusterConfig

  

staticConfig

  

StorageStaticClusterConfig

  

configFingerprint

  

String

  

clusterLabels

  

Map of string

  
11.3.7.22. StorageDynamicClusterConfig

The difference between Static and Dynamic cluster config is that Dynamic values are sent over the Central to Sensor gRPC connection. This has the benefit of allowing for "hot reloading" of values without restarting Secured cluster components.

Field NameRequiredNullableTypeDescriptionFormat

admissionControllerConfig

  

StorageAdmissionControllerConfig

  

registryOverride

  

String

  

disableAuditLogs

  

Boolean

  
11.3.7.23. StorageGoogleProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

project

  

String

  

clusterName

  

String

Deprecated in favor of providerMetadata.cluster.name.

 
11.3.7.24. StorageManagerType
Enum Values

MANAGER_TYPE_UNKNOWN

MANAGER_TYPE_MANUAL

MANAGER_TYPE_HELM_CHART

MANAGER_TYPE_KUBERNETES_OPERATOR

11.3.7.25. StorageOrchestratorMetadata
Field NameRequiredNullableTypeDescriptionFormat

version

  

String

  

openshiftVersion

  

String

  

buildDate

  

Date

 

date-time

apiVersions

  

List of string

  
11.3.7.26. StorageProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

region

  

String

  

zone

  

String

  

google

  

StorageGoogleProviderMetadata

  

aws

  

StorageAWSProviderMetadata

  

azure

  

StorageAzureProviderMetadata

  

verified

  

Boolean

  

cluster

  

StorageClusterMetadata

  
11.3.7.27. StorageScannerHealthInfo

ScannerHealthInfo represents health info of a scanner instance that is deployed on a secured cluster (so called "local scanner"). When the scanner is deployed on a central cluster, the following message is NOT used. ScannerHealthInfo carries data about scanner deployment but does not include scanner health status derived from this data. Aggregated scanner health status is not included because it is derived in central and not in the component that first reports ScannerHealthInfo (sensor).

Field NameRequiredNullableTypeDescriptionFormat

totalDesiredAnalyzerPods

  

Integer

 

int32

totalReadyAnalyzerPods

  

Integer

 

int32

totalDesiredDbPods

  

Integer

 

int32

totalReadyDbPods

  

Integer

 

int32

statusErrors

  

List of string

Collection of errors that occurred while trying to obtain scanner health info.

 
11.3.7.28. StorageSensorDeploymentIdentification

StackRoxDeploymentIdentification aims at uniquely identifying a StackRox Sensor deployment. It is used to determine whether a sensor connection comes from a sensor pod that has restarted or was recreated (possibly after a network partition), or from a deployment in a different namespace or cluster.

Field NameRequiredNullableTypeDescriptionFormat

systemNamespaceId

  

String

  

defaultNamespaceId

  

String

  

appNamespace

  

String

  

appNamespaceId

  

String

  

appServiceaccountId

  

String

  

k8sNodeName

  

String

  
11.3.7.29. StorageStaticClusterConfig

The difference between Static and Dynamic cluster config is that Static values are not sent over the Central to Sensor gRPC connection. They are used, for example, to generate manifests that can be used to set up the Secured Cluster’s k8s components. They are not dynamically reloaded.

Field NameRequiredNullableTypeDescriptionFormat

type

  

StorageClusterType

 

GENERIC_CLUSTER, KUBERNETES_CLUSTER, OPENSHIFT_CLUSTER, OPENSHIFT4_CLUSTER,

mainImage

  

String

  

centralApiEndpoint

  

String

  

collectionMethod

  

StorageCollectionMethod

 

UNSET_COLLECTION, NO_COLLECTION, KERNEL_MODULE, EBPF, CORE_BPF,

collectorImage

  

String

  

admissionController

  

Boolean

  

admissionControllerUpdates

  

Boolean

  

tolerationsConfig

  

StorageTolerationsConfig

  

slimCollector

  

Boolean

  

admissionControllerEvents

  

Boolean

  
11.3.7.30. StorageTolerationsConfig
Field NameRequiredNullableTypeDescriptionFormat

disabled

  

Boolean

  
11.3.7.31. StorageUpgradeProgress
Field NameRequiredNullableTypeDescriptionFormat

upgradeState

  

UpgradeProgressUpgradeState

 

UPGRADE_INITIALIZING, UPGRADER_LAUNCHING, UPGRADER_LAUNCHED, PRE_FLIGHT_CHECKS_COMPLETE, UPGRADE_OPERATIONS_DONE, UPGRADE_COMPLETE, UPGRADE_INITIALIZATION_ERROR, PRE_FLIGHT_CHECKS_FAILED, UPGRADE_ERROR_ROLLING_BACK, UPGRADE_ERROR_ROLLED_BACK, UPGRADE_ERROR_ROLLBACK_FAILED, UPGRADE_ERROR_UNKNOWN, UPGRADE_TIMED_OUT,

upgradeStatusDetail

  

String

  

since

  

Date

 

date-time

11.3.7.32. UpgradeProcessStatusUpgradeProcessType
  • UPGRADE: UPGRADE represents a sensor version upgrade.
  • CERT_ROTATION: CERT_ROTATION represents an upgrade process that only rotates the TLS certs used by the cluster, without changing anything else.
Enum Values

UPGRADE

CERT_ROTATION

11.3.7.33. UpgradeProgressUpgradeState
  • UPGRADER_LAUNCHING: In-progress states.
  • UPGRADE_COMPLETE: The success state. PLEASE NUMBER ALL IN-PROGRESS STATES ABOVE THIS AND ALL ERROR STATES BELOW THIS.
  • UPGRADE_INITIALIZATION_ERROR: Error states.
Enum Values

UPGRADE_INITIALIZING

UPGRADER_LAUNCHING

UPGRADER_LAUNCHED

PRE_FLIGHT_CHECKS_COMPLETE

UPGRADE_OPERATIONS_DONE

UPGRADE_COMPLETE

UPGRADE_INITIALIZATION_ERROR

PRE_FLIGHT_CHECKS_FAILED

UPGRADE_ERROR_ROLLING_BACK

UPGRADE_ERROR_ROLLED_BACK

UPGRADE_ERROR_ROLLBACK_FAILED

UPGRADE_ERROR_UNKNOWN

UPGRADE_TIMED_OUT

11.3.7.34. V1ClustersList
Field NameRequiredNullableTypeDescriptionFormat

clusters

  

List of StorageCluster

  

clusterIdToRetentionInfo

  

Map of V1DecommissionedClusterRetentionInfo

  
11.3.7.35. V1DecommissionedClusterRetentionInfo
next available tag: 3
Field NameRequiredNullableTypeDescriptionFormat

isExcluded

  

Boolean

  

daysUntilDeletion

  

Integer

 

int32

11.4. DeleteCluster

DELETE /v1/clusters/{id}

11.4.1. Description

11.4.2. Parameters

11.4.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

11.4.3. Return Type

Object

11.4.4. Content Type

  • application/json

11.4.5. Responses

Table 11.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

11.4.6. Samples

11.4.7. Common object reference

11.4.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

11.4.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

11.4.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

11.5. GetCluster

GET /v1/clusters/{id}

11.5.1. Description

11.5.2. Parameters

11.5.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

11.5.3. Return Type

V1ClusterResponse

11.5.4. Content Type

  • application/json

11.5.5. Responses

Table 11.5. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ClusterResponse

0

An unexpected error response.

RuntimeError

11.5.6. Samples

11.5.7. Common object reference

11.5.7.1. ClusterHealthStatusHealthStatusLabel
  • UNAVAILABLE: Only collector can have unavailable status
Enum Values

UNINITIALIZED

UNAVAILABLE

UNHEALTHY

DEGRADED

HEALTHY

11.5.7.2. ClusterUpgradeStatusUpgradability
  • SENSOR_VERSION_HIGHER: SENSOR_VERSION_HIGHER occurs when we detect that the sensor is running a newer version than this Central. This is unexpected, but can occur depending on the patches a customer does. In this case, we will NOT automatically "upgrade" the sensor, since that would be a downgrade, even if the autoupgrade setting is on. The user will be allowed to manually trigger the upgrade, but they are strongly discouraged from doing so without upgrading Central first, since this is an unsupported configuration.
Enum Values

UNSET

UP_TO_DATE

MANUAL_UPGRADE_REQUIRED

AUTO_UPGRADE_POSSIBLE

SENSOR_VERSION_HIGHER

11.5.7.3. ClusterUpgradeStatusUpgradeProcessStatus
Field NameRequiredNullableTypeDescriptionFormat

active

  

Boolean

  

id

  

String

  

targetVersion

  

String

  

upgraderImage

  

String

  

initiatedAt

  

Date

 

date-time

progress

  

StorageUpgradeProgress

  

type

  

UpgradeProcessStatusUpgradeProcessType

 

UPGRADE, CERT_ROTATION,

11.5.7.4. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

11.5.7.4.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

11.5.7.5. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
11.5.7.6. StorageAWSProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

accountId

  

String

  
11.5.7.7. StorageAdmissionControlHealthInfo

AdmissionControlHealthInfo carries data about admission control deployment but does not include admission control health status derived from this data. Aggregated admission control health status is not included because it is derived in central and not in the component that first reports AdmissionControlHealthInfo (sensor).

Field NameRequiredNullableTypeDescriptionFormat

totalDesiredPods

  

Integer

 

int32

totalReadyPods

  

Integer

 

int32

statusErrors

  

List of string

Collection of errors that occurred while trying to obtain admission control health info.

 
11.5.7.8. StorageAdmissionControllerConfig
Field NameRequiredNullableTypeDescriptionFormat

enabled

  

Boolean

  

timeoutSeconds

  

Integer

 

int32

scanInline

  

Boolean

  

disableBypass

  

Boolean

  

enforceOnUpdates

  

Boolean

  
11.5.7.9. StorageAuditLogFileState
AuditLogFileState tracks the last audit log event timestamp and ID that was collected by Compliance For internal use only
Field NameRequiredNullableTypeDescriptionFormat

collectLogsSince

  

Date

 

date-time

lastAuditId

  

String

  
11.5.7.10. StorageAzureProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

subscriptionId

  

String

  
11.5.7.11. StorageCluster
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

StorageClusterType

 

GENERIC_CLUSTER, KUBERNETES_CLUSTER, OPENSHIFT_CLUSTER, OPENSHIFT4_CLUSTER,

labels

  

Map of string

  

mainImage

  

String

  

collectorImage

  

String

  

centralApiEndpoint

  

String

  

runtimeSupport

  

Boolean

  

collectionMethod

  

StorageCollectionMethod

 

UNSET_COLLECTION, NO_COLLECTION, KERNEL_MODULE, EBPF, CORE_BPF,

admissionController

  

Boolean

  

admissionControllerUpdates

  

Boolean

  

admissionControllerEvents

  

Boolean

  

status

  

StorageClusterStatus

  

dynamicConfig

  

StorageDynamicClusterConfig

  

tolerationsConfig

  

StorageTolerationsConfig

  

priority

  

String

 

int64

healthStatus

  

StorageClusterHealthStatus

  

slimCollector

  

Boolean

  

helmConfig

  

StorageCompleteClusterConfig

  

mostRecentSensorId

  

StorageSensorDeploymentIdentification

  

auditLogState

  

Map of StorageAuditLogFileState

For internal use only.

 

initBundleId

  

String

  

managedBy

  

StorageManagerType

 

MANAGER_TYPE_UNKNOWN, MANAGER_TYPE_MANUAL, MANAGER_TYPE_HELM_CHART, MANAGER_TYPE_KUBERNETES_OPERATOR,

11.5.7.12. StorageClusterCertExpiryStatus
Field NameRequiredNullableTypeDescriptionFormat

sensorCertExpiry

  

Date

 

date-time

sensorCertNotBefore

  

Date

 

date-time

11.5.7.13. StorageClusterHealthStatus
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

collectorHealthInfo

  

StorageCollectorHealthInfo

  

admissionControlHealthInfo

  

StorageAdmissionControlHealthInfo

  

scannerHealthInfo

  

StorageScannerHealthInfo

  

sensorHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

collectorHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

overallHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

admissionControlHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

scannerHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

lastContact

  

Date

 

date-time

healthInfoComplete

  

Boolean

  
11.5.7.14. StorageClusterMetadata

ClusterMetadata contains metadata information about the cluster infrastructure.

Field NameRequiredNullableTypeDescriptionFormat

type

  

StorageClusterMetadataType

 

UNSPECIFIED, AKS, ARO, EKS, GKE, OCP, OSD, ROSA,

name

  

String

Name represents the name under which the cluster is registered with the cloud provider. In case of self managed OpenShift it is the name chosen by the OpenShift installer.

 

id

  

String

Id represents a unique ID under which the cluster is registered with the cloud provider. Not all cluster types have an id. For all OpenShift clusters, this is the Red Hat cluster_id registered with OCM.

 
11.5.7.15. StorageClusterMetadataType
Enum Values

UNSPECIFIED

AKS

ARO

EKS

GKE

OCP

OSD

ROSA

11.5.7.16. StorageClusterStatus
Field NameRequiredNullableTypeDescriptionFormat

sensorVersion

  

String

  

DEPRECATEDLastContact

  

Date

This field has been deprecated starting release 49.0. Use healthStatus.lastContact instead.

date-time

providerMetadata

  

StorageProviderMetadata

  

orchestratorMetadata

  

StorageOrchestratorMetadata

  

upgradeStatus

  

StorageClusterUpgradeStatus

  

certExpiryStatus

  

StorageClusterCertExpiryStatus

  
11.5.7.17. StorageClusterType
Enum Values

GENERIC_CLUSTER

KUBERNETES_CLUSTER

OPENSHIFT_CLUSTER

OPENSHIFT4_CLUSTER

11.5.7.18. StorageClusterUpgradeStatus
Field NameRequiredNullableTypeDescriptionFormat

upgradability

  

ClusterUpgradeStatusUpgradability

 

UNSET, UP_TO_DATE, MANUAL_UPGRADE_REQUIRED, AUTO_UPGRADE_POSSIBLE, SENSOR_VERSION_HIGHER,

upgradabilityStatusReason

  

String

  

mostRecentProcess

  

ClusterUpgradeStatusUpgradeProcessStatus

  
11.5.7.19. StorageCollectionMethod
Enum Values

UNSET_COLLECTION

NO_COLLECTION

KERNEL_MODULE

EBPF

CORE_BPF

11.5.7.20. StorageCollectorHealthInfo

CollectorHealthInfo carries data about collector deployment but does not include collector health status derived from this data. Aggregated collector health status is not included because it is derived in central and not in the component that first reports CollectorHealthInfo (sensor).

Field NameRequiredNullableTypeDescriptionFormat

version

  

String

  

totalDesiredPods

  

Integer

 

int32

totalReadyPods

  

Integer

 

int32

totalRegisteredNodes

  

Integer

 

int32

statusErrors

  

List of string

Collection of errors that occurred while trying to obtain collector health info.

 
11.5.7.21. StorageCompleteClusterConfig

Encodes a complete cluster configuration minus ID/Name identifiers including static and dynamic settings.

Field NameRequiredNullableTypeDescriptionFormat

dynamicConfig

  

StorageDynamicClusterConfig

  

staticConfig

  

StorageStaticClusterConfig

  

configFingerprint

  

String

  

clusterLabels

  

Map of string

  
11.5.7.22. StorageDynamicClusterConfig

The difference between Static and Dynamic cluster config is that Dynamic values are sent over the Central to Sensor gRPC connection. This has the benefit of allowing for "hot reloading" of values without restarting Secured cluster components.

Field NameRequiredNullableTypeDescriptionFormat

admissionControllerConfig

  

StorageAdmissionControllerConfig

  

registryOverride

  

String

  

disableAuditLogs

  

Boolean

  
11.5.7.23. StorageGoogleProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

project

  

String

  

clusterName

  

String

Deprecated in favor of providerMetadata.cluster.name.

 
11.5.7.24. StorageManagerType
Enum Values

MANAGER_TYPE_UNKNOWN

MANAGER_TYPE_MANUAL

MANAGER_TYPE_HELM_CHART

MANAGER_TYPE_KUBERNETES_OPERATOR

11.5.7.25. StorageOrchestratorMetadata
Field NameRequiredNullableTypeDescriptionFormat

version

  

String

  

openshiftVersion

  

String

  

buildDate

  

Date

 

date-time

apiVersions

  

List of string

  
11.5.7.26. StorageProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

region

  

String

  

zone

  

String

  

google

  

StorageGoogleProviderMetadata

  

aws

  

StorageAWSProviderMetadata

  

azure

  

StorageAzureProviderMetadata

  

verified

  

Boolean

  

cluster

  

StorageClusterMetadata

  
11.5.7.27. StorageScannerHealthInfo

ScannerHealthInfo represents health info of a scanner instance that is deployed on a secured cluster (so called "local scanner"). When the scanner is deployed on a central cluster, the following message is NOT used. ScannerHealthInfo carries data about scanner deployment but does not include scanner health status derived from this data. Aggregated scanner health status is not included because it is derived in central and not in the component that first reports ScannerHealthInfo (sensor).

Field NameRequiredNullableTypeDescriptionFormat

totalDesiredAnalyzerPods

  

Integer

 

int32

totalReadyAnalyzerPods

  

Integer

 

int32

totalDesiredDbPods

  

Integer

 

int32

totalReadyDbPods

  

Integer

 

int32

statusErrors

  

List of string

Collection of errors that occurred while trying to obtain scanner health info.

 
11.5.7.28. StorageSensorDeploymentIdentification

StackRoxDeploymentIdentification aims at uniquely identifying a StackRox Sensor deployment. It is used to determine whether a sensor connection comes from a sensor pod that has restarted or was recreated (possibly after a network partition), or from a deployment in a different namespace or cluster.

Field NameRequiredNullableTypeDescriptionFormat

systemNamespaceId

  

String

  

defaultNamespaceId

  

String

  

appNamespace

  

String

  

appNamespaceId

  

String

  

appServiceaccountId

  

String

  

k8sNodeName

  

String

  
11.5.7.29. StorageStaticClusterConfig

The difference between Static and Dynamic cluster config is that Static values are not sent over the Central to Sensor gRPC connection. They are used, for example, to generate manifests that can be used to set up the Secured Cluster’s k8s components. They are not dynamically reloaded.

Field NameRequiredNullableTypeDescriptionFormat

type

  

StorageClusterType

 

GENERIC_CLUSTER, KUBERNETES_CLUSTER, OPENSHIFT_CLUSTER, OPENSHIFT4_CLUSTER,

mainImage

  

String

  

centralApiEndpoint

  

String

  

collectionMethod

  

StorageCollectionMethod

 

UNSET_COLLECTION, NO_COLLECTION, KERNEL_MODULE, EBPF, CORE_BPF,

collectorImage

  

String

  

admissionController

  

Boolean

  

admissionControllerUpdates

  

Boolean

  

tolerationsConfig

  

StorageTolerationsConfig

  

slimCollector

  

Boolean

  

admissionControllerEvents

  

Boolean

  
11.5.7.30. StorageTolerationsConfig
Field NameRequiredNullableTypeDescriptionFormat

disabled

  

Boolean

  
11.5.7.31. StorageUpgradeProgress
Field NameRequiredNullableTypeDescriptionFormat

upgradeState

  

UpgradeProgressUpgradeState

 

UPGRADE_INITIALIZING, UPGRADER_LAUNCHING, UPGRADER_LAUNCHED, PRE_FLIGHT_CHECKS_COMPLETE, UPGRADE_OPERATIONS_DONE, UPGRADE_COMPLETE, UPGRADE_INITIALIZATION_ERROR, PRE_FLIGHT_CHECKS_FAILED, UPGRADE_ERROR_ROLLING_BACK, UPGRADE_ERROR_ROLLED_BACK, UPGRADE_ERROR_ROLLBACK_FAILED, UPGRADE_ERROR_UNKNOWN, UPGRADE_TIMED_OUT,

upgradeStatusDetail

  

String

  

since

  

Date

 

date-time

11.5.7.32. UpgradeProcessStatusUpgradeProcessType
  • UPGRADE: UPGRADE represents a sensor version upgrade.
  • CERT_ROTATION: CERT_ROTATION represents an upgrade process that only rotates the TLS certs used by the cluster, without changing anything else.
Enum Values

UPGRADE

CERT_ROTATION

11.5.7.33. UpgradeProgressUpgradeState
  • UPGRADER_LAUNCHING: In-progress states.
  • UPGRADE_COMPLETE: The success state. PLEASE NUMBER ALL IN-PROGRESS STATES ABOVE THIS AND ALL ERROR STATES BELOW THIS.
  • UPGRADE_INITIALIZATION_ERROR: Error states.
Enum Values

UPGRADE_INITIALIZING

UPGRADER_LAUNCHING

UPGRADER_LAUNCHED

PRE_FLIGHT_CHECKS_COMPLETE

UPGRADE_OPERATIONS_DONE

UPGRADE_COMPLETE

UPGRADE_INITIALIZATION_ERROR

PRE_FLIGHT_CHECKS_FAILED

UPGRADE_ERROR_ROLLING_BACK

UPGRADE_ERROR_ROLLED_BACK

UPGRADE_ERROR_ROLLBACK_FAILED

UPGRADE_ERROR_UNKNOWN

UPGRADE_TIMED_OUT

11.5.7.34. V1ClusterResponse
Field NameRequiredNullableTypeDescriptionFormat

cluster

  

StorageCluster

  

clusterRetentionInfo

  

V1DecommissionedClusterRetentionInfo

  
11.5.7.35. V1DecommissionedClusterRetentionInfo
next available tag: 3
Field NameRequiredNullableTypeDescriptionFormat

isExcluded

  

Boolean

  

daysUntilDeletion

  

Integer

 

int32

11.6. PutCluster

PUT /v1/clusters/{id}

11.6.1. Description

11.6.2. Parameters

11.6.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 
11.6.2.2. Body Parameter
NameDescriptionRequiredDefaultPattern

body

StorageCluster

X

  

11.6.3. Return Type

V1ClusterResponse

11.6.4. Content Type

  • application/json

11.6.5. Responses

Table 11.6. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ClusterResponse

0

An unexpected error response.

RuntimeError

11.6.6. Samples

11.6.7. Common object reference

11.6.7.1. ClusterHealthStatusHealthStatusLabel
  • UNAVAILABLE: Only collector can have unavailable status
Enum Values

UNINITIALIZED

UNAVAILABLE

UNHEALTHY

DEGRADED

HEALTHY

11.6.7.2. ClusterUpgradeStatusUpgradability
  • SENSOR_VERSION_HIGHER: SENSOR_VERSION_HIGHER occurs when we detect that the sensor is running a newer version than this Central. This is unexpected, but can occur depending on the patches a customer does. In this case, we will NOT automatically "upgrade" the sensor, since that would be a downgrade, even if the autoupgrade setting is on. The user will be allowed to manually trigger the upgrade, but they are strongly discouraged from doing so without upgrading Central first, since this is an unsupported configuration.
Enum Values

UNSET

UP_TO_DATE

MANUAL_UPGRADE_REQUIRED

AUTO_UPGRADE_POSSIBLE

SENSOR_VERSION_HIGHER

11.6.7.3. ClusterUpgradeStatusUpgradeProcessStatus
Field NameRequiredNullableTypeDescriptionFormat

active

  

Boolean

  

id

  

String

  

targetVersion

  

String

  

upgraderImage

  

String

  

initiatedAt

  

Date

 

date-time

progress

  

StorageUpgradeProgress

  

type

  

UpgradeProcessStatusUpgradeProcessType

 

UPGRADE, CERT_ROTATION,

11.6.7.4. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

11.6.7.4.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

11.6.7.5. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
11.6.7.6. StorageAWSProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

accountId

  

String

  
11.6.7.7. StorageAdmissionControlHealthInfo

AdmissionControlHealthInfo carries data about admission control deployment but does not include admission control health status derived from this data. Aggregated admission control health status is not included because it is derived in central and not in the component that first reports AdmissionControlHealthInfo (sensor).

Field NameRequiredNullableTypeDescriptionFormat

totalDesiredPods

  

Integer

 

int32

totalReadyPods

  

Integer

 

int32

statusErrors

  

List of string

Collection of errors that occurred while trying to obtain admission control health info.

 
11.6.7.8. StorageAdmissionControllerConfig
Field NameRequiredNullableTypeDescriptionFormat

enabled

  

Boolean

  

timeoutSeconds

  

Integer

 

int32

scanInline

  

Boolean

  

disableBypass

  

Boolean

  

enforceOnUpdates

  

Boolean

  
11.6.7.9. StorageAuditLogFileState
AuditLogFileState tracks the last audit log event timestamp and ID that was collected by Compliance For internal use only
Field NameRequiredNullableTypeDescriptionFormat

collectLogsSince

  

Date

 

date-time

lastAuditId

  

String

  
11.6.7.10. StorageAzureProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

subscriptionId

  

String

  
11.6.7.11. StorageCluster
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

StorageClusterType

 

GENERIC_CLUSTER, KUBERNETES_CLUSTER, OPENSHIFT_CLUSTER, OPENSHIFT4_CLUSTER,

labels

  

Map of string

  

mainImage

  

String

  

collectorImage

  

String

  

centralApiEndpoint

  

String

  

runtimeSupport

  

Boolean

  

collectionMethod

  

StorageCollectionMethod

 

UNSET_COLLECTION, NO_COLLECTION, KERNEL_MODULE, EBPF, CORE_BPF,

admissionController

  

Boolean

  

admissionControllerUpdates

  

Boolean

  

admissionControllerEvents

  

Boolean

  

status

  

StorageClusterStatus

  

dynamicConfig

  

StorageDynamicClusterConfig

  

tolerationsConfig

  

StorageTolerationsConfig

  

priority

  

String

 

int64

healthStatus

  

StorageClusterHealthStatus

  

slimCollector

  

Boolean

  

helmConfig

  

StorageCompleteClusterConfig

  

mostRecentSensorId

  

StorageSensorDeploymentIdentification

  

auditLogState

  

Map of StorageAuditLogFileState

For internal use only.

 

initBundleId

  

String

  

managedBy

  

StorageManagerType

 

MANAGER_TYPE_UNKNOWN, MANAGER_TYPE_MANUAL, MANAGER_TYPE_HELM_CHART, MANAGER_TYPE_KUBERNETES_OPERATOR,

11.6.7.12. StorageClusterCertExpiryStatus
Field NameRequiredNullableTypeDescriptionFormat

sensorCertExpiry

  

Date

 

date-time

sensorCertNotBefore

  

Date

 

date-time

11.6.7.13. StorageClusterHealthStatus
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

collectorHealthInfo

  

StorageCollectorHealthInfo

  

admissionControlHealthInfo

  

StorageAdmissionControlHealthInfo

  

scannerHealthInfo

  

StorageScannerHealthInfo

  

sensorHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

collectorHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

overallHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

admissionControlHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

scannerHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

lastContact

  

Date

 

date-time

healthInfoComplete

  

Boolean

  
11.6.7.14. StorageClusterMetadata

ClusterMetadata contains metadata information about the cluster infrastructure.

Field NameRequiredNullableTypeDescriptionFormat

type

  

StorageClusterMetadataType

 

UNSPECIFIED, AKS, ARO, EKS, GKE, OCP, OSD, ROSA,

name

  

String

Name represents the name under which the cluster is registered with the cloud provider. In case of self managed OpenShift it is the name chosen by the OpenShift installer.

 

id

  

String

Id represents a unique ID under which the cluster is registered with the cloud provider. Not all cluster types have an id. For all OpenShift clusters, this is the Red Hat cluster_id registered with OCM.

 
11.6.7.15. StorageClusterMetadataType
Enum Values

UNSPECIFIED

AKS

ARO

EKS

GKE

OCP

OSD

ROSA

11.6.7.16. StorageClusterStatus
Field NameRequiredNullableTypeDescriptionFormat

sensorVersion

  

String

  

DEPRECATEDLastContact

  

Date

This field has been deprecated starting release 49.0. Use healthStatus.lastContact instead.

date-time

providerMetadata

  

StorageProviderMetadata

  

orchestratorMetadata

  

StorageOrchestratorMetadata

  

upgradeStatus

  

StorageClusterUpgradeStatus

  

certExpiryStatus

  

StorageClusterCertExpiryStatus

  
11.6.7.17. StorageClusterType
Enum Values

GENERIC_CLUSTER

KUBERNETES_CLUSTER

OPENSHIFT_CLUSTER

OPENSHIFT4_CLUSTER

11.6.7.18. StorageClusterUpgradeStatus
Field NameRequiredNullableTypeDescriptionFormat

upgradability

  

ClusterUpgradeStatusUpgradability

 

UNSET, UP_TO_DATE, MANUAL_UPGRADE_REQUIRED, AUTO_UPGRADE_POSSIBLE, SENSOR_VERSION_HIGHER,

upgradabilityStatusReason

  

String

  

mostRecentProcess

  

ClusterUpgradeStatusUpgradeProcessStatus

  
11.6.7.19. StorageCollectionMethod
Enum Values

UNSET_COLLECTION

NO_COLLECTION

KERNEL_MODULE

EBPF

CORE_BPF

11.6.7.20. StorageCollectorHealthInfo

CollectorHealthInfo carries data about collector deployment but does not include collector health status derived from this data. Aggregated collector health status is not included because it is derived in central and not in the component that first reports CollectorHealthInfo (sensor).

Field NameRequiredNullableTypeDescriptionFormat

version

  

String

  

totalDesiredPods

  

Integer

 

int32

totalReadyPods

  

Integer

 

int32

totalRegisteredNodes

  

Integer

 

int32

statusErrors

  

List of string

Collection of errors that occurred while trying to obtain collector health info.

 
11.6.7.21. StorageCompleteClusterConfig

Encodes a complete cluster configuration minus ID/Name identifiers including static and dynamic settings.

Field NameRequiredNullableTypeDescriptionFormat

dynamicConfig

  

StorageDynamicClusterConfig

  

staticConfig

  

StorageStaticClusterConfig

  

configFingerprint

  

String

  

clusterLabels

  

Map of string

  
11.6.7.22. StorageDynamicClusterConfig

The difference between Static and Dynamic cluster config is that Dynamic values are sent over the Central to Sensor gRPC connection. This has the benefit of allowing for "hot reloading" of values without restarting Secured cluster components.

Field NameRequiredNullableTypeDescriptionFormat

admissionControllerConfig

  

StorageAdmissionControllerConfig

  

registryOverride

  

String

  

disableAuditLogs

  

Boolean

  
11.6.7.23. StorageGoogleProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

project

  

String

  

clusterName

  

String

Deprecated in favor of providerMetadata.cluster.name.

 
11.6.7.24. StorageManagerType
Enum Values

MANAGER_TYPE_UNKNOWN

MANAGER_TYPE_MANUAL

MANAGER_TYPE_HELM_CHART

MANAGER_TYPE_KUBERNETES_OPERATOR

11.6.7.25. StorageOrchestratorMetadata
Field NameRequiredNullableTypeDescriptionFormat

version

  

String

  

openshiftVersion

  

String

  

buildDate

  

Date

 

date-time

apiVersions

  

List of string

  
11.6.7.26. StorageProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

region

  

String

  

zone

  

String

  

google

  

StorageGoogleProviderMetadata

  

aws

  

StorageAWSProviderMetadata

  

azure

  

StorageAzureProviderMetadata

  

verified

  

Boolean

  

cluster

  

StorageClusterMetadata

  
11.6.7.27. StorageScannerHealthInfo

ScannerHealthInfo represents health info of a scanner instance that is deployed on a secured cluster (so called "local scanner"). When the scanner is deployed on a central cluster, the following message is NOT used. ScannerHealthInfo carries data about scanner deployment but does not include scanner health status derived from this data. Aggregated scanner health status is not included because it is derived in central and not in the component that first reports ScannerHealthInfo (sensor).

Field NameRequiredNullableTypeDescriptionFormat

totalDesiredAnalyzerPods

  

Integer

 

int32

totalReadyAnalyzerPods

  

Integer

 

int32

totalDesiredDbPods

  

Integer

 

int32

totalReadyDbPods

  

Integer

 

int32

statusErrors

  

List of string

Collection of errors that occurred while trying to obtain scanner health info.

 
11.6.7.28. StorageSensorDeploymentIdentification

StackRoxDeploymentIdentification aims at uniquely identifying a StackRox Sensor deployment. It is used to determine whether a sensor connection comes from a sensor pod that has restarted or was recreated (possibly after a network partition), or from a deployment in a different namespace or cluster.

Field NameRequiredNullableTypeDescriptionFormat

systemNamespaceId

  

String

  

defaultNamespaceId

  

String

  

appNamespace

  

String

  

appNamespaceId

  

String

  

appServiceaccountId

  

String

  

k8sNodeName

  

String

  
11.6.7.29. StorageStaticClusterConfig

The difference between Static and Dynamic cluster config is that Static values are not sent over the Central to Sensor gRPC connection. They are used, for example, to generate manifests that can be used to set up the Secured Cluster’s k8s components. They are not dynamically reloaded.

Field NameRequiredNullableTypeDescriptionFormat

type

  

StorageClusterType

 

GENERIC_CLUSTER, KUBERNETES_CLUSTER, OPENSHIFT_CLUSTER, OPENSHIFT4_CLUSTER,

mainImage

  

String

  

centralApiEndpoint

  

String

  

collectionMethod

  

StorageCollectionMethod

 

UNSET_COLLECTION, NO_COLLECTION, KERNEL_MODULE, EBPF, CORE_BPF,

collectorImage

  

String

  

admissionController

  

Boolean

  

admissionControllerUpdates

  

Boolean

  

tolerationsConfig

  

StorageTolerationsConfig

  

slimCollector

  

Boolean

  

admissionControllerEvents

  

Boolean

  
11.6.7.30. StorageTolerationsConfig
Field NameRequiredNullableTypeDescriptionFormat

disabled

  

Boolean

  
11.6.7.31. StorageUpgradeProgress
Field NameRequiredNullableTypeDescriptionFormat

upgradeState

  

UpgradeProgressUpgradeState

 

UPGRADE_INITIALIZING, UPGRADER_LAUNCHING, UPGRADER_LAUNCHED, PRE_FLIGHT_CHECKS_COMPLETE, UPGRADE_OPERATIONS_DONE, UPGRADE_COMPLETE, UPGRADE_INITIALIZATION_ERROR, PRE_FLIGHT_CHECKS_FAILED, UPGRADE_ERROR_ROLLING_BACK, UPGRADE_ERROR_ROLLED_BACK, UPGRADE_ERROR_ROLLBACK_FAILED, UPGRADE_ERROR_UNKNOWN, UPGRADE_TIMED_OUT,

upgradeStatusDetail

  

String

  

since

  

Date

 

date-time

11.6.7.32. UpgradeProcessStatusUpgradeProcessType
  • UPGRADE: UPGRADE represents a sensor version upgrade.
  • CERT_ROTATION: CERT_ROTATION represents an upgrade process that only rotates the TLS certs used by the cluster, without changing anything else.
Enum Values

UPGRADE

CERT_ROTATION

11.6.7.33. UpgradeProgressUpgradeState
  • UPGRADER_LAUNCHING: In-progress states.
  • UPGRADE_COMPLETE: The success state. PLEASE NUMBER ALL IN-PROGRESS STATES ABOVE THIS AND ALL ERROR STATES BELOW THIS.
  • UPGRADE_INITIALIZATION_ERROR: Error states.
Enum Values

UPGRADE_INITIALIZING

UPGRADER_LAUNCHING

UPGRADER_LAUNCHED

PRE_FLIGHT_CHECKS_COMPLETE

UPGRADE_OPERATIONS_DONE

UPGRADE_COMPLETE

UPGRADE_INITIALIZATION_ERROR

PRE_FLIGHT_CHECKS_FAILED

UPGRADE_ERROR_ROLLING_BACK

UPGRADE_ERROR_ROLLED_BACK

UPGRADE_ERROR_ROLLBACK_FAILED

UPGRADE_ERROR_UNKNOWN

UPGRADE_TIMED_OUT

11.6.7.34. V1ClusterResponse
Field NameRequiredNullableTypeDescriptionFormat

cluster

  

StorageCluster

  

clusterRetentionInfo

  

V1DecommissionedClusterRetentionInfo

  
11.6.7.35. V1DecommissionedClusterRetentionInfo
next available tag: 3
Field NameRequiredNullableTypeDescriptionFormat

isExcluded

  

Boolean

  

daysUntilDeletion

  

Integer

 

int32

11.7. PostCluster

POST /v1/clusters

11.7.1. Description

11.7.2. Parameters

11.7.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

StorageCluster

X

  

11.7.3. Return Type

V1ClusterResponse

11.7.4. Content Type

  • application/json

11.7.5. Responses

Table 11.7. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ClusterResponse

0

An unexpected error response.

RuntimeError

11.7.6. Samples

11.7.7. Common object reference

11.7.7.1. ClusterHealthStatusHealthStatusLabel
  • UNAVAILABLE: Only collector can have unavailable status
Enum Values

UNINITIALIZED

UNAVAILABLE

UNHEALTHY

DEGRADED

HEALTHY

11.7.7.2. ClusterUpgradeStatusUpgradability
  • SENSOR_VERSION_HIGHER: SENSOR_VERSION_HIGHER occurs when we detect that the sensor is running a newer version than this Central. This is unexpected, but can occur depending on the patches a customer does. In this case, we will NOT automatically "upgrade" the sensor, since that would be a downgrade, even if the autoupgrade setting is on. The user will be allowed to manually trigger the upgrade, but they are strongly discouraged from doing so without upgrading Central first, since this is an unsupported configuration.
Enum Values

UNSET

UP_TO_DATE

MANUAL_UPGRADE_REQUIRED

AUTO_UPGRADE_POSSIBLE

SENSOR_VERSION_HIGHER

11.7.7.3. ClusterUpgradeStatusUpgradeProcessStatus
Field NameRequiredNullableTypeDescriptionFormat

active

  

Boolean

  

id

  

String

  

targetVersion

  

String

  

upgraderImage

  

String

  

initiatedAt

  

Date

 

date-time

progress

  

StorageUpgradeProgress

  

type

  

UpgradeProcessStatusUpgradeProcessType

 

UPGRADE, CERT_ROTATION,

11.7.7.4. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

11.7.7.4.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

11.7.7.5. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
11.7.7.6. StorageAWSProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

accountId

  

String

  
11.7.7.7. StorageAdmissionControlHealthInfo

AdmissionControlHealthInfo carries data about admission control deployment but does not include admission control health status derived from this data. Aggregated admission control health status is not included because it is derived in central and not in the component that first reports AdmissionControlHealthInfo (sensor).

Field NameRequiredNullableTypeDescriptionFormat

totalDesiredPods

  

Integer

 

int32

totalReadyPods

  

Integer

 

int32

statusErrors

  

List of string

Collection of errors that occurred while trying to obtain admission control health info.

 
11.7.7.8. StorageAdmissionControllerConfig
Field NameRequiredNullableTypeDescriptionFormat

enabled

  

Boolean

  

timeoutSeconds

  

Integer

 

int32

scanInline

  

Boolean

  

disableBypass

  

Boolean

  

enforceOnUpdates

  

Boolean

  
11.7.7.9. StorageAuditLogFileState
AuditLogFileState tracks the last audit log event timestamp and ID that was collected by Compliance For internal use only
Field NameRequiredNullableTypeDescriptionFormat

collectLogsSince

  

Date

 

date-time

lastAuditId

  

String

  
11.7.7.10. StorageAzureProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

subscriptionId

  

String

  
11.7.7.11. StorageCluster
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

StorageClusterType

 

GENERIC_CLUSTER, KUBERNETES_CLUSTER, OPENSHIFT_CLUSTER, OPENSHIFT4_CLUSTER,

labels

  

Map of string

  

mainImage

  

String

  

collectorImage

  

String

  

centralApiEndpoint

  

String

  

runtimeSupport

  

Boolean

  

collectionMethod

  

StorageCollectionMethod

 

UNSET_COLLECTION, NO_COLLECTION, KERNEL_MODULE, EBPF, CORE_BPF,

admissionController

  

Boolean

  

admissionControllerUpdates

  

Boolean

  

admissionControllerEvents

  

Boolean

  

status

  

StorageClusterStatus

  

dynamicConfig

  

StorageDynamicClusterConfig

  

tolerationsConfig

  

StorageTolerationsConfig

  

priority

  

String

 

int64

healthStatus

  

StorageClusterHealthStatus

  

slimCollector

  

Boolean

  

helmConfig

  

StorageCompleteClusterConfig

  

mostRecentSensorId

  

StorageSensorDeploymentIdentification

  

auditLogState

  

Map of StorageAuditLogFileState

For internal use only.

 

initBundleId

  

String

  

managedBy

  

StorageManagerType

 

MANAGER_TYPE_UNKNOWN, MANAGER_TYPE_MANUAL, MANAGER_TYPE_HELM_CHART, MANAGER_TYPE_KUBERNETES_OPERATOR,

11.7.7.12. StorageClusterCertExpiryStatus
Field NameRequiredNullableTypeDescriptionFormat

sensorCertExpiry

  

Date

 

date-time

sensorCertNotBefore

  

Date

 

date-time

11.7.7.13. StorageClusterHealthStatus
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

collectorHealthInfo

  

StorageCollectorHealthInfo

  

admissionControlHealthInfo

  

StorageAdmissionControlHealthInfo

  

scannerHealthInfo

  

StorageScannerHealthInfo

  

sensorHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

collectorHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

overallHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

admissionControlHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

scannerHealthStatus

  

ClusterHealthStatusHealthStatusLabel

 

UNINITIALIZED, UNAVAILABLE, UNHEALTHY, DEGRADED, HEALTHY,

lastContact

  

Date

 

date-time

healthInfoComplete

  

Boolean

  
11.7.7.14. StorageClusterMetadata

ClusterMetadata contains metadata information about the cluster infrastructure.

Field NameRequiredNullableTypeDescriptionFormat

type

  

StorageClusterMetadataType

 

UNSPECIFIED, AKS, ARO, EKS, GKE, OCP, OSD, ROSA,

name

  

String

Name represents the name under which the cluster is registered with the cloud provider. In case of self managed OpenShift it is the name chosen by the OpenShift installer.

 

id

  

String

Id represents a unique ID under which the cluster is registered with the cloud provider. Not all cluster types have an id. For all OpenShift clusters, this is the Red Hat cluster_id registered with OCM.

 
11.7.7.15. StorageClusterMetadataType
Enum Values

UNSPECIFIED

AKS

ARO

EKS

GKE

OCP

OSD

ROSA

11.7.7.16. StorageClusterStatus
Field NameRequiredNullableTypeDescriptionFormat

sensorVersion

  

String

  

DEPRECATEDLastContact

  

Date

This field has been deprecated starting release 49.0. Use healthStatus.lastContact instead.

date-time

providerMetadata

  

StorageProviderMetadata

  

orchestratorMetadata

  

StorageOrchestratorMetadata

  

upgradeStatus

  

StorageClusterUpgradeStatus

  

certExpiryStatus

  

StorageClusterCertExpiryStatus

  
11.7.7.17. StorageClusterType
Enum Values

GENERIC_CLUSTER

KUBERNETES_CLUSTER

OPENSHIFT_CLUSTER

OPENSHIFT4_CLUSTER

11.7.7.18. StorageClusterUpgradeStatus
Field NameRequiredNullableTypeDescriptionFormat

upgradability

  

ClusterUpgradeStatusUpgradability

 

UNSET, UP_TO_DATE, MANUAL_UPGRADE_REQUIRED, AUTO_UPGRADE_POSSIBLE, SENSOR_VERSION_HIGHER,

upgradabilityStatusReason

  

String

  

mostRecentProcess

  

ClusterUpgradeStatusUpgradeProcessStatus

  
11.7.7.19. StorageCollectionMethod
Enum Values

UNSET_COLLECTION

NO_COLLECTION

KERNEL_MODULE

EBPF

CORE_BPF

11.7.7.20. StorageCollectorHealthInfo

CollectorHealthInfo carries data about collector deployment but does not include collector health status derived from this data. Aggregated collector health status is not included because it is derived in central and not in the component that first reports CollectorHealthInfo (sensor).

Field NameRequiredNullableTypeDescriptionFormat

version

  

String

  

totalDesiredPods

  

Integer

 

int32

totalReadyPods

  

Integer

 

int32

totalRegisteredNodes

  

Integer

 

int32

statusErrors

  

List of string

Collection of errors that occurred while trying to obtain collector health info.

 
11.7.7.21. StorageCompleteClusterConfig

Encodes a complete cluster configuration minus ID/Name identifiers including static and dynamic settings.

Field NameRequiredNullableTypeDescriptionFormat

dynamicConfig

  

StorageDynamicClusterConfig

  

staticConfig

  

StorageStaticClusterConfig

  

configFingerprint

  

String

  

clusterLabels

  

Map of string

  
11.7.7.22. StorageDynamicClusterConfig

The difference between Static and Dynamic cluster config is that Dynamic values are sent over the Central to Sensor gRPC connection. This has the benefit of allowing for "hot reloading" of values without restarting Secured cluster components.

Field NameRequiredNullableTypeDescriptionFormat

admissionControllerConfig

  

StorageAdmissionControllerConfig

  

registryOverride

  

String

  

disableAuditLogs

  

Boolean

  
11.7.7.23. StorageGoogleProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

project

  

String

  

clusterName

  

String

Deprecated in favor of providerMetadata.cluster.name.

 
11.7.7.24. StorageManagerType
Enum Values

MANAGER_TYPE_UNKNOWN

MANAGER_TYPE_MANUAL

MANAGER_TYPE_HELM_CHART

MANAGER_TYPE_KUBERNETES_OPERATOR

11.7.7.25. StorageOrchestratorMetadata
Field NameRequiredNullableTypeDescriptionFormat

version

  

String

  

openshiftVersion

  

String

  

buildDate

  

Date

 

date-time

apiVersions

  

List of string

  
11.7.7.26. StorageProviderMetadata
Field NameRequiredNullableTypeDescriptionFormat

region

  

String

  

zone

  

String

  

google

  

StorageGoogleProviderMetadata

  

aws

  

StorageAWSProviderMetadata

  

azure

  

StorageAzureProviderMetadata

  

verified

  

Boolean

  

cluster

  

StorageClusterMetadata

  
11.7.7.27. StorageScannerHealthInfo

ScannerHealthInfo represents health info of a scanner instance that is deployed on a secured cluster (so called "local scanner"). When the scanner is deployed on a central cluster, the following message is NOT used. ScannerHealthInfo carries data about scanner deployment but does not include scanner health status derived from this data. Aggregated scanner health status is not included because it is derived in central and not in the component that first reports ScannerHealthInfo (sensor).

Field NameRequiredNullableTypeDescriptionFormat

totalDesiredAnalyzerPods

  

Integer

 

int32

totalReadyAnalyzerPods

  

Integer

 

int32

totalDesiredDbPods

  

Integer

 

int32

totalReadyDbPods

  

Integer

 

int32

statusErrors

  

List of string

Collection of errors that occurred while trying to obtain scanner health info.

 
11.7.7.28. StorageSensorDeploymentIdentification

StackRoxDeploymentIdentification aims at uniquely identifying a StackRox Sensor deployment. It is used to determine whether a sensor connection comes from a sensor pod that has restarted or was recreated (possibly after a network partition), or from a deployment in a different namespace or cluster.

Field NameRequiredNullableTypeDescriptionFormat

systemNamespaceId

  

String

  

defaultNamespaceId

  

String

  

appNamespace

  

String

  

appNamespaceId

  

String

  

appServiceaccountId

  

String

  

k8sNodeName

  

String

  
11.7.7.29. StorageStaticClusterConfig

The difference between Static and Dynamic cluster config is that Static values are not sent over the Central to Sensor gRPC connection. They are used, for example, to generate manifests that can be used to set up the Secured Cluster’s k8s components. They are not dynamically reloaded.

Field NameRequiredNullableTypeDescriptionFormat

type

  

StorageClusterType

 

GENERIC_CLUSTER, KUBERNETES_CLUSTER, OPENSHIFT_CLUSTER, OPENSHIFT4_CLUSTER,

mainImage

  

String

  

centralApiEndpoint

  

String

  

collectionMethod

  

StorageCollectionMethod

 

UNSET_COLLECTION, NO_COLLECTION, KERNEL_MODULE, EBPF, CORE_BPF,

collectorImage

  

String

  

admissionController

  

Boolean

  

admissionControllerUpdates

  

Boolean

  

tolerationsConfig

  

StorageTolerationsConfig

  

slimCollector

  

Boolean

  

admissionControllerEvents

  

Boolean

  
11.7.7.30. StorageTolerationsConfig
Field NameRequiredNullableTypeDescriptionFormat

disabled

  

Boolean

  
11.7.7.31. StorageUpgradeProgress
Field NameRequiredNullableTypeDescriptionFormat

upgradeState

  

UpgradeProgressUpgradeState

 

UPGRADE_INITIALIZING, UPGRADER_LAUNCHING, UPGRADER_LAUNCHED, PRE_FLIGHT_CHECKS_COMPLETE, UPGRADE_OPERATIONS_DONE, UPGRADE_COMPLETE, UPGRADE_INITIALIZATION_ERROR, PRE_FLIGHT_CHECKS_FAILED, UPGRADE_ERROR_ROLLING_BACK, UPGRADE_ERROR_ROLLED_BACK, UPGRADE_ERROR_ROLLBACK_FAILED, UPGRADE_ERROR_UNKNOWN, UPGRADE_TIMED_OUT,

upgradeStatusDetail

  

String

  

since

  

Date

 

date-time

11.7.7.32. UpgradeProcessStatusUpgradeProcessType
  • UPGRADE: UPGRADE represents a sensor version upgrade.
  • CERT_ROTATION: CERT_ROTATION represents an upgrade process that only rotates the TLS certs used by the cluster, without changing anything else.
Enum Values

UPGRADE

CERT_ROTATION

11.7.7.33. UpgradeProgressUpgradeState
  • UPGRADER_LAUNCHING: In-progress states.
  • UPGRADE_COMPLETE: The success state. PLEASE NUMBER ALL IN-PROGRESS STATES ABOVE THIS AND ALL ERROR STATES BELOW THIS.
  • UPGRADE_INITIALIZATION_ERROR: Error states.
Enum Values

UPGRADE_INITIALIZING

UPGRADER_LAUNCHING

UPGRADER_LAUNCHED

PRE_FLIGHT_CHECKS_COMPLETE

UPGRADE_OPERATIONS_DONE

UPGRADE_COMPLETE

UPGRADE_INITIALIZATION_ERROR

PRE_FLIGHT_CHECKS_FAILED

UPGRADE_ERROR_ROLLING_BACK

UPGRADE_ERROR_ROLLED_BACK

UPGRADE_ERROR_ROLLBACK_FAILED

UPGRADE_ERROR_UNKNOWN

UPGRADE_TIMED_OUT

11.7.7.34. V1ClusterResponse
Field NameRequiredNullableTypeDescriptionFormat

cluster

  

StorageCluster

  

clusterRetentionInfo

  

V1DecommissionedClusterRetentionInfo

  
11.7.7.35. V1DecommissionedClusterRetentionInfo
next available tag: 3
Field NameRequiredNullableTypeDescriptionFormat

isExcluded

  

Boolean

  

daysUntilDeletion

  

Integer

 

int32

Chapter 12. CollectionService

12.1. GetCollectionCount

GET /v1/collectionscount

12.1.1. Description

12.1.2. Parameters

12.1.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

query.query

 

-

null

 

query.pagination.limit

 

-

null

 

query.pagination.offset

 

-

null

 

query.pagination.sortOption.field

 

-

null

 

query.pagination.sortOption.reversed

 

-

null

 

query.pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

query.pagination.sortOption.aggregateBy.distinct

 

-

null

 

12.1.3. Return Type

V1GetCollectionCountResponse

12.1.4. Content Type

  • application/json

12.1.5. Responses

Table 12.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetCollectionCountResponse

0

An unexpected error response.

RuntimeError

12.1.6. Samples

12.1.7. Common object reference

12.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

12.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

12.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
12.1.7.3. V1GetCollectionCountResponse
Field NameRequiredNullableTypeDescriptionFormat

count

  

Integer

 

int32

12.2. DryRunCollection

POST /v1/collections/dryrun

12.2.1. Description

12.2.2. Parameters

12.2.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1DryRunCollectionRequest

X

  

12.2.3. Return Type

V1DryRunCollectionResponse

12.2.4. Content Type

  • application/json

12.2.5. Responses

Table 12.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1DryRunCollectionResponse

0

An unexpected error response.

RuntimeError

12.2.6. Samples

12.2.7. Common object reference

12.2.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

12.2.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

12.2.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
12.2.7.3. StorageBooleanOperator
Enum Values

OR

AND

12.2.7.4. StorageListDeployment
Next available tag: 9
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

hash

  

String

 

uint64

name

  

String

  

cluster

  

String

  

clusterId

  

String

  

namespace

  

String

  

created

  

Date

 

date-time

priority

  

String

 

int64

12.2.7.5. StorageMatchType
Enum Values

EXACT

REGEX

12.2.7.6. StorageResourceSelector
Field NameRequiredNullableTypeDescriptionFormat

rules

  

List of StorageSelectorRule

rules resolve as a conjunction (AND).

 
12.2.7.7. StorageRuleValue
Field NameRequiredNullableTypeDescriptionFormat

value

  

String

  

matchType

  

StorageMatchType

 

EXACT, REGEX,

12.2.7.8. StorageSelectorRule
Field NameRequiredNullableTypeDescriptionFormat

fieldName

  

String

  

operator

  

StorageBooleanOperator

 

OR, AND,

values

  

List of StorageRuleValue

values resolve as a conjunction (AND) or disjunction (OR) depending on operator. For MVP, only OR is supported from UX standpoint.

 
12.2.7.9. V1AggregateBy
Field NameRequiredNullableTypeDescriptionFormat

aggrFunc

  

V1Aggregation

 

UNSET, COUNT, MIN, MAX,

distinct

  

Boolean

  
12.2.7.10. V1Aggregation
Enum Values

UNSET

COUNT

MIN

MAX

12.2.7.11. V1CollectionDeploymentMatchOptions
Field NameRequiredNullableTypeDescriptionFormat

withMatches

  

Boolean

  

filterQuery

  

V1RawQuery

  
12.2.7.12. V1DryRunCollectionRequest
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

id

  

String

  

description

  

String

  

resourceSelectors

  

List of StorageResourceSelector

  

embeddedCollectionIds

  

List of string

  

options

  

V1CollectionDeploymentMatchOptions

  
12.2.7.13. V1DryRunCollectionResponse
Field NameRequiredNullableTypeDescriptionFormat

deployments

  

List of StorageListDeployment

  
12.2.7.14. V1Pagination
Field NameRequiredNullableTypeDescriptionFormat

limit

  

Integer

 

int32

offset

  

Integer

 

int32

sortOption

  

V1SortOption

  

sortOptions

  

List of V1SortOption

This field is under development. It is not supported on any REST APIs.

 
12.2.7.15. V1RawQuery

RawQuery represents the search query string. The format of the query string is "<field name>:<value,value,…​><field name>:<value, value,...>…​" For example: To search for deployments named "central" and "sensor" in the namespace "stackrox", the query string would be "Deployment:central,sensor+Namespace:stackrox" RawQuery is used in ListAPIs to search for a particular object.

Field NameRequiredNullableTypeDescriptionFormat

query

  

String

  

pagination

  

V1Pagination

  
12.2.7.16. V1SortOption
Field NameRequiredNullableTypeDescriptionFormat

field

  

String

  

reversed

  

Boolean

  

aggregateBy

  

V1AggregateBy

  

12.3. ListCollections

GET /v1/collections

12.3.1. Description

12.3.2. Parameters

12.3.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

query.query

 

-

null

 

query.pagination.limit

 

-

null

 

query.pagination.offset

 

-

null

 

query.pagination.sortOption.field

 

-

null

 

query.pagination.sortOption.reversed

 

-

null

 

query.pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

query.pagination.sortOption.aggregateBy.distinct

 

-

null

 

12.3.3. Return Type

V1ListCollectionsResponse

12.3.4. Content Type

  • application/json

12.3.5. Responses

Table 12.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ListCollectionsResponse

0

An unexpected error response.

RuntimeError

12.3.6. Samples

12.3.7. Common object reference

12.3.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

12.3.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

12.3.7.2. ResourceCollectionEmbeddedResourceCollection
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  
12.3.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
12.3.7.4. StorageBooleanOperator
Enum Values

OR

AND

12.3.7.5. StorageMatchType
Enum Values

EXACT

REGEX

12.3.7.6. StorageResourceCollection
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

description

  

String

  

createdAt

  

Date

 

date-time

lastUpdated

  

Date

 

date-time

createdBy

  

StorageSlimUser

  

updatedBy

  

StorageSlimUser

  

resourceSelectors

  

List of StorageResourceSelector

resource_selectors resolve as disjunction (OR) with each-other and with selectors from embedded_collections. For MVP, the size of resource_selectors will at most be 1 from UX standpoint.

 

embeddedCollections

  

List of ResourceCollectionEmbeddedResourceCollection

  
12.3.7.7. StorageResourceSelector
Field NameRequiredNullableTypeDescriptionFormat

rules

  

List of StorageSelectorRule

rules resolve as a conjunction (AND).

 
12.3.7.8. StorageRuleValue
Field NameRequiredNullableTypeDescriptionFormat

value

  

String

  

matchType

  

StorageMatchType

 

EXACT, REGEX,

12.3.7.9. StorageSelectorRule
Field NameRequiredNullableTypeDescriptionFormat

fieldName

  

String

  

operator

  

StorageBooleanOperator

 

OR, AND,

values

  

List of StorageRuleValue

values resolve as a conjunction (AND) or disjunction (OR) depending on operator. For MVP, only OR is supported from UX standpoint.

 
12.3.7.10. StorageSlimUser
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  
12.3.7.11. V1ListCollectionsResponse
Field NameRequiredNullableTypeDescriptionFormat

collections

  

List of StorageResourceCollection

  

12.4. DeleteCollection

DELETE /v1/collections/{id}

12.4.1. Description

12.4.2. Parameters

12.4.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

12.4.3. Return Type

Object

12.4.4. Content Type

  • application/json

12.4.5. Responses

Table 12.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

12.4.6. Samples

12.4.7. Common object reference

12.4.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

12.4.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

12.4.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

12.5. GetCollection

GET /v1/collections/{id}

12.5.1. Description

12.5.2. Parameters

12.5.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 
12.5.2.2. Query Parameters
NameDescriptionRequiredDefaultPattern

options.withMatches

 

-

null

 

options.filterQuery.query

 

-

null

 

options.filterQuery.pagination.limit

 

-

null

 

options.filterQuery.pagination.offset

 

-

null

 

options.filterQuery.pagination.sortOption.field

 

-

null

 

options.filterQuery.pagination.sortOption.reversed

 

-

null

 

options.filterQuery.pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

options.filterQuery.pagination.sortOption.aggregateBy.distinct

 

-

null

 

12.5.3. Return Type

V1GetCollectionResponse

12.5.4. Content Type

  • application/json

12.5.5. Responses

Table 12.5. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetCollectionResponse

0

An unexpected error response.

RuntimeError

12.5.6. Samples

12.5.7. Common object reference

12.5.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

12.5.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

12.5.7.2. ResourceCollectionEmbeddedResourceCollection
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  
12.5.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
12.5.7.4. StorageBooleanOperator
Enum Values

OR

AND

12.5.7.5. StorageListDeployment
Next available tag: 9
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

hash

  

String

 

uint64

name

  

String

  

cluster

  

String

  

clusterId

  

String

  

namespace

  

String

  

created

  

Date

 

date-time

priority

  

String

 

int64

12.5.7.6. StorageMatchType
Enum Values

EXACT

REGEX

12.5.7.7. StorageResourceCollection
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

description

  

String

  

createdAt

  

Date

 

date-time

lastUpdated

  

Date

 

date-time

createdBy

  

StorageSlimUser

  

updatedBy

  

StorageSlimUser

  

resourceSelectors

  

List of StorageResourceSelector

resource_selectors resolve as disjunction (OR) with each-other and with selectors from embedded_collections. For MVP, the size of resource_selectors will at most be 1 from UX standpoint.

 

embeddedCollections

  

List of ResourceCollectionEmbeddedResourceCollection

  
12.5.7.8. StorageResourceSelector
Field NameRequiredNullableTypeDescriptionFormat

rules

  

List of StorageSelectorRule

rules resolve as a conjunction (AND).

 
12.5.7.9. StorageRuleValue
Field NameRequiredNullableTypeDescriptionFormat

value

  

String

  

matchType

  

StorageMatchType

 

EXACT, REGEX,

12.5.7.10. StorageSelectorRule
Field NameRequiredNullableTypeDescriptionFormat

fieldName

  

String

  

operator

  

StorageBooleanOperator

 

OR, AND,

values

  

List of StorageRuleValue

values resolve as a conjunction (AND) or disjunction (OR) depending on operator. For MVP, only OR is supported from UX standpoint.

 
12.5.7.11. StorageSlimUser
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  
12.5.7.12. V1GetCollectionResponse
Field NameRequiredNullableTypeDescriptionFormat

collection

  

StorageResourceCollection

  

deployments

  

List of StorageListDeployment

  

12.6. UpdateCollection

PATCH /v1/collections/{id}

12.6.1. Description

12.6.2. Parameters

12.6.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 
12.6.2.2. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1UpdateCollectionRequest

X

  

12.6.3. Return Type

V1UpdateCollectionResponse

12.6.4. Content Type

  • application/json

12.6.5. Responses

Table 12.6. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1UpdateCollectionResponse

0

An unexpected error response.

RuntimeError

12.6.6. Samples

12.6.7. Common object reference

12.6.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

12.6.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

12.6.7.2. ResourceCollectionEmbeddedResourceCollection
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  
12.6.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
12.6.7.4. StorageBooleanOperator
Enum Values

OR

AND

12.6.7.5. StorageMatchType
Enum Values

EXACT

REGEX

12.6.7.6. StorageResourceCollection
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

description

  

String

  

createdAt

  

Date

 

date-time

lastUpdated

  

Date

 

date-time

createdBy

  

StorageSlimUser

  

updatedBy

  

StorageSlimUser

  

resourceSelectors

  

List of StorageResourceSelector

resource_selectors resolve as disjunction (OR) with each-other and with selectors from embedded_collections. For MVP, the size of resource_selectors will at most be 1 from UX standpoint.

 

embeddedCollections

  

List of ResourceCollectionEmbeddedResourceCollection

  
12.6.7.7. StorageResourceSelector
Field NameRequiredNullableTypeDescriptionFormat

rules

  

List of StorageSelectorRule

rules resolve as a conjunction (AND).

 
12.6.7.8. StorageRuleValue
Field NameRequiredNullableTypeDescriptionFormat

value

  

String

  

matchType

  

StorageMatchType

 

EXACT, REGEX,

12.6.7.9. StorageSelectorRule
Field NameRequiredNullableTypeDescriptionFormat

fieldName

  

String

  

operator

  

StorageBooleanOperator

 

OR, AND,

values

  

List of StorageRuleValue

values resolve as a conjunction (AND) or disjunction (OR) depending on operator. For MVP, only OR is supported from UX standpoint.

 
12.6.7.10. StorageSlimUser
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  
12.6.7.11. V1UpdateCollectionRequest
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

description

  

String

  

resourceSelectors

  

List of StorageResourceSelector

  

embeddedCollectionIds

  

List of string

  
12.6.7.12. V1UpdateCollectionResponse
Field NameRequiredNullableTypeDescriptionFormat

collection

  

StorageResourceCollection

  

12.7. CreateCollection

POST /v1/collections

12.7.1. Description

12.7.2. Parameters

12.7.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1CreateCollectionRequest

X

  

12.7.3. Return Type

V1CreateCollectionResponse

12.7.4. Content Type

  • application/json

12.7.5. Responses

Table 12.7. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1CreateCollectionResponse

0

An unexpected error response.

RuntimeError

12.7.6. Samples

12.7.7. Common object reference

12.7.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

12.7.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

12.7.7.2. ResourceCollectionEmbeddedResourceCollection
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  
12.7.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
12.7.7.4. StorageBooleanOperator
Enum Values

OR

AND

12.7.7.5. StorageMatchType
Enum Values

EXACT

REGEX

12.7.7.6. StorageResourceCollection
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

description

  

String

  

createdAt

  

Date

 

date-time

lastUpdated

  

Date

 

date-time

createdBy

  

StorageSlimUser

  

updatedBy

  

StorageSlimUser

  

resourceSelectors

  

List of StorageResourceSelector

resource_selectors resolve as disjunction (OR) with each-other and with selectors from embedded_collections. For MVP, the size of resource_selectors will at most be 1 from UX standpoint.

 

embeddedCollections

  

List of ResourceCollectionEmbeddedResourceCollection

  
12.7.7.7. StorageResourceSelector
Field NameRequiredNullableTypeDescriptionFormat

rules

  

List of StorageSelectorRule

rules resolve as a conjunction (AND).

 
12.7.7.8. StorageRuleValue
Field NameRequiredNullableTypeDescriptionFormat

value

  

String

  

matchType

  

StorageMatchType

 

EXACT, REGEX,

12.7.7.9. StorageSelectorRule
Field NameRequiredNullableTypeDescriptionFormat

fieldName

  

String

  

operator

  

StorageBooleanOperator

 

OR, AND,

values

  

List of StorageRuleValue

values resolve as a conjunction (AND) or disjunction (OR) depending on operator. For MVP, only OR is supported from UX standpoint.

 
12.7.7.10. StorageSlimUser
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  
12.7.7.11. V1CreateCollectionRequest
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

description

  

String

  

resourceSelectors

  

List of StorageResourceSelector

  

embeddedCollectionIds

  

List of string

  
12.7.7.12. V1CreateCollectionResponse
Field NameRequiredNullableTypeDescriptionFormat

collection

  

StorageResourceCollection

  

12.8. ListCollectionSelectors

GET /v1/collections/selectors

12.8.1. Description

12.8.2. Parameters

12.8.3. Return Type

V1ListCollectionSelectorsResponse

12.8.4. Content Type

  • application/json

12.8.5. Responses

Table 12.8. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1ListCollectionSelectorsResponse

0

An unexpected error response.

RuntimeError

12.8.6. Samples

12.8.7. Common object reference

12.8.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

12.8.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

12.8.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
12.8.7.3. V1ListCollectionSelectorsResponse
Field NameRequiredNullableTypeDescriptionFormat

selectors

  

List of string

  

Chapter 13. ComplianceManagementService

13.1. GetRecentRuns

GET /v1/complianceManagement/runs

13.1.1. Description

13.1.2. Parameters

13.1.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

clusterId

 

-

null

 

standardId

 

-

null

 

since

 

-

null

 

13.1.3. Return Type

V1GetRecentComplianceRunsResponse

13.1.4. Content Type

  • application/json

13.1.5. Responses

Table 13.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetRecentComplianceRunsResponse

0

An unexpected error response.

RuntimeError

13.1.6. Samples

13.1.7. Common object reference

13.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

13.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

13.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
13.1.7.3. V1ComplianceRun
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

clusterId

  

String

  

standardId

  

String

  

startTime

  

Date

 

date-time

finishTime

  

Date

 

date-time

state

  

V1ComplianceRunState

 

INVALID, READY, STARTED, WAIT_FOR_DATA, EVALUTING_CHECKS, FINISHED,

errorMessage

  

String

  
13.1.7.4. V1ComplianceRunState
Enum Values

INVALID

READY

STARTED

WAIT_FOR_DATA

EVALUTING_CHECKS

FINISHED

13.1.7.5. V1GetRecentComplianceRunsResponse
Field NameRequiredNullableTypeDescriptionFormat

complianceRuns

  

List of V1ComplianceRun

  

13.2. TriggerRuns

POST /v1/compliancemanagement/runs

13.2.1. Description

13.2.2. Parameters

13.2.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1TriggerComplianceRunsRequest

X

  

13.2.3. Return Type

V1TriggerComplianceRunsResponse

13.2.4. Content Type

  • application/json

13.2.5. Responses

Table 13.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1TriggerComplianceRunsResponse

0

An unexpected error response.

RuntimeError

13.2.6. Samples

13.2.7. Common object reference

13.2.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

13.2.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

13.2.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
13.2.7.3. V1ComplianceRun
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

clusterId

  

String

  

standardId

  

String

  

startTime

  

Date

 

date-time

finishTime

  

Date

 

date-time

state

  

V1ComplianceRunState

 

INVALID, READY, STARTED, WAIT_FOR_DATA, EVALUTING_CHECKS, FINISHED,

errorMessage

  

String

  
13.2.7.4. V1ComplianceRunSelection
Field NameRequiredNullableTypeDescriptionFormat

clusterId

  

String

The ID of the cluster. \"*\" means \"all clusters\".

 

standardId

  

String

The ID of the compliance standard. \"*\" means \"all standards\".

 
13.2.7.5. V1ComplianceRunState
Enum Values

INVALID

READY

STARTED

WAIT_FOR_DATA

EVALUTING_CHECKS

FINISHED

13.2.7.6. V1TriggerComplianceRunsRequest
Field NameRequiredNullableTypeDescriptionFormat

selection

  

V1ComplianceRunSelection

  
13.2.7.7. V1TriggerComplianceRunsResponse
Field NameRequiredNullableTypeDescriptionFormat

startedRuns

  

List of V1ComplianceRun

  

13.3. GetRunStatuses

GET /v1/compliancemanagement/runstatuses

13.3.1. Description

13.3.2. Parameters

13.3.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

runIds

String

-

null

 

latest

 

-

null

 

13.3.3. Return Type

V1GetComplianceRunStatusesResponse

13.3.4. Content Type

  • application/json

13.3.5. Responses

Table 13.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetComplianceRunStatusesResponse

0

An unexpected error response.

RuntimeError

13.3.6. Samples

13.3.7. Common object reference

13.3.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

13.3.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

13.3.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
13.3.7.3. V1ComplianceRun
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

clusterId

  

String

  

standardId

  

String

  

startTime

  

Date

 

date-time

finishTime

  

Date

 

date-time

state

  

V1ComplianceRunState

 

INVALID, READY, STARTED, WAIT_FOR_DATA, EVALUTING_CHECKS, FINISHED,

errorMessage

  

String

  
13.3.7.4. V1ComplianceRunState
Enum Values

INVALID

READY

STARTED

WAIT_FOR_DATA

EVALUTING_CHECKS

FINISHED

13.3.7.5. V1GetComplianceRunStatusesResponse
Field NameRequiredNullableTypeDescriptionFormat

invalidRunIds

  

List of string

  

runs

  

List of V1ComplianceRun

  

Chapter 14. ComplianceService

14.1. GetAggregatedResults

GET /v1/compliance/aggregatedresults

14.1.1. Description

14.1.2. Parameters

14.1.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

groupBy

String

-

null

 

unit

 

-

UNKNOWN

 

where.query

 

-

null

 

where.pagination.limit

 

-

null

 

where.pagination.offset

 

-

null

 

where.pagination.sortOption.field

 

-

null

 

where.pagination.sortOption.reversed

 

-

null

 

where.pagination.sortOption.aggregateBy.aggrFunc

 

-

UNSET

 

where.pagination.sortOption.aggregateBy.distinct

 

-

null

 

14.1.3. Return Type

StorageComplianceAggregationResponse

14.1.4. Content Type

  • application/json

14.1.5. Responses

Table 14.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

StorageComplianceAggregationResponse

0

An unexpected error response.

RuntimeError

14.1.6. Samples

14.1.7. Common object reference

14.1.7.1. ComplianceAggregationAggregationKey
Next available tag: 3
Field NameRequiredNullableTypeDescriptionFormat

scope

  

StorageComplianceAggregationScope

 

UNKNOWN, STANDARD, CLUSTER, CATEGORY, CONTROL, NAMESPACE, NODE, DEPLOYMENT, CHECK,

id

  

String

  
14.1.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

14.1.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

14.1.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
14.1.7.4. StorageComplianceAggregationResponse
Next available tag: 3
Field NameRequiredNullableTypeDescriptionFormat

results

  

List of StorageComplianceAggregationResult

  

sources

  

List of StorageComplianceAggregationSource

  

errorMessage

  

String

  
14.1.7.5. StorageComplianceAggregationResult
Next available tag: 5
Field NameRequiredNullableTypeDescriptionFormat

aggregationKeys

  

List of ComplianceAggregationAggregationKey

  

unit

  

StorageComplianceAggregationScope

 

UNKNOWN, STANDARD, CLUSTER, CATEGORY, CONTROL, NAMESPACE, NODE, DEPLOYMENT, CHECK,

numPassing

  

Integer

 

int32

numFailing

  

Integer

 

int32

numSkipped

  

Integer

 

int32

14.1.7.6. StorageComplianceAggregationScope
Enum Values

UNKNOWN

STANDARD

CLUSTER

CATEGORY

CONTROL

NAMESPACE

NODE

DEPLOYMENT

CHECK

14.1.7.7. StorageComplianceAggregationSource
Next available tag: 5
Field NameRequiredNullableTypeDescriptionFormat

clusterId

  

String

  

standardId

  

String

  

successfulRun

  

StorageComplianceRunMetadata

  

failedRuns

  

List of StorageComplianceRunMetadata

  
14.1.7.8. StorageComplianceRunMetadata
Next available tag: 5
Field NameRequiredNullableTypeDescriptionFormat

runId

  

String

  

standardId

  

String

  

clusterId

  

String

  

startTimestamp

  

Date

 

date-time

finishTimestamp

  

Date

 

date-time

success

  

Boolean

  

errorMessage

  

String

  

domainId

  

String

  

14.2. GetRunResults

GET /v1/compliance/runresults

14.2.1. Description

14.2.2. Parameters

14.2.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

clusterId

 

-

null

 

standardId

 

-

null

 

runId

Specifies the run ID for which to return results. If empty, the most recent run is returned. CAVEAT: Setting this field circumvents the results cache on the server-side, which may lead to significantly increased memory pressure and decreased performance.

-

null

 

14.2.3. Return Type

V1GetComplianceRunResultsResponse

14.2.4. Content Type

  • application/json

14.2.5. Responses

Table 14.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetComplianceRunResultsResponse

0

An unexpected error response.

RuntimeError

14.2.6. Samples

14.2.7. Common object reference

14.2.7.1. ComplianceResultValueEvidence
Field NameRequiredNullableTypeDescriptionFormat

state

  

StorageComplianceState

 

COMPLIANCE_STATE_UNKNOWN, COMPLIANCE_STATE_SKIP, COMPLIANCE_STATE_NOTE, COMPLIANCE_STATE_SUCCESS, COMPLIANCE_STATE_FAILURE, COMPLIANCE_STATE_ERROR,

message

  

String

  

messageId

  

Integer

 

int32

14.2.7.2. ComplianceRunResultsEntityResults
Field NameRequiredNullableTypeDescriptionFormat

controlResults

  

Map of StorageComplianceResultValue

  
14.2.7.3. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

14.2.7.3.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

14.2.7.4. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
14.2.7.5. StorageComplianceDomain
Next available tag: 5
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

cluster

  

StorageComplianceDomainCluster

  

nodes

  

Map of StorageComplianceDomainNode

  

deployments

  

Map of StorageComplianceDomainDeployment

  
14.2.7.6. StorageComplianceDomainCluster
These must mirror the tags _exactly_ in cluster.proto for backwards compatibility
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  
14.2.7.7. StorageComplianceDomainDeployment
This must mirror the tags _exactly_ in deployment.proto for backwards compatibility
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

type

  

String

  

namespace

  

String

  

namespaceId

  

String

  

clusterId

  

String

  

clusterName

  

String

  
14.2.7.8. StorageComplianceDomainNode
These must mirror the tags _exactly_ in node.proto for backwards compatibility
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

clusterId

  

String

  

clusterName

  

String

  
14.2.7.9. StorageComplianceResultValue
Field NameRequiredNullableTypeDescriptionFormat

evidence

  

List of ComplianceResultValueEvidence

  

overallState

  

StorageComplianceState

 

COMPLIANCE_STATE_UNKNOWN, COMPLIANCE_STATE_SKIP, COMPLIANCE_STATE_NOTE, COMPLIANCE_STATE_SUCCESS, COMPLIANCE_STATE_FAILURE, COMPLIANCE_STATE_ERROR,

14.2.7.10. StorageComplianceRunMetadata
Next available tag: 5
Field NameRequiredNullableTypeDescriptionFormat

runId

  

String

  

standardId

  

String

  

clusterId

  

String

  

startTimestamp

  

Date

 

date-time

finishTimestamp

  

Date

 

date-time

success

  

Boolean

  

errorMessage

  

String

  

domainId

  

String

  
14.2.7.11. StorageComplianceRunResults
Next available tag: 6
Field NameRequiredNullableTypeDescriptionFormat

domain

  

StorageComplianceDomain

  

runMetadata

  

StorageComplianceRunMetadata

  

clusterResults

  

ComplianceRunResultsEntityResults

  

nodeResults

  

Map of ComplianceRunResultsEntityResults

  

deploymentResults

  

Map of ComplianceRunResultsEntityResults

  

machineConfigResults

  

Map of ComplianceRunResultsEntityResults

  
14.2.7.12. StorageComplianceState
Enum Values

COMPLIANCE_STATE_UNKNOWN

COMPLIANCE_STATE_SKIP

COMPLIANCE_STATE_NOTE

COMPLIANCE_STATE_SUCCESS

COMPLIANCE_STATE_FAILURE

COMPLIANCE_STATE_ERROR

14.2.7.13. V1GetComplianceRunResultsResponse
Field NameRequiredNullableTypeDescriptionFormat

results

  

StorageComplianceRunResults

  

failedRuns

  

List of StorageComplianceRunMetadata

  

14.3. GetStandards

GET /v1/compliance/standards

14.3.1. Description

14.3.2. Parameters

14.3.3. Return Type

V1GetComplianceStandardsResponse

14.3.4. Content Type

  • application/json

14.3.5. Responses

Table 14.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetComplianceStandardsResponse

0

An unexpected error response.

RuntimeError

14.3.6. Samples

14.3.7. Common object reference

14.3.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

14.3.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

14.3.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
14.3.7.3. V1ComplianceStandardMetadata
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

description

  

String

  

numImplementedChecks

  

Integer

 

int32

scopes

  

List of V1ComplianceStandardMetadataScope

  

dynamic

  

Boolean

  

hideScanResults

  

Boolean

  
14.3.7.4. V1ComplianceStandardMetadataScope
Enum Values

UNSET

CLUSTER

NAMESPACE

DEPLOYMENT

NODE

14.3.7.5. V1GetComplianceStandardsResponse
Field NameRequiredNullableTypeDescriptionFormat

standards

  

List of V1ComplianceStandardMetadata

  

14.4. GetStandard

GET /v1/compliance/standards/{id}

14.4.1. Description

14.4.2. Parameters

14.4.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

14.4.3. Return Type

V1GetComplianceStandardResponse

14.4.4. Content Type

  • application/json

14.4.5. Responses

Table 14.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetComplianceStandardResponse

0

An unexpected error response.

RuntimeError

14.4.6. Samples

14.4.7. Common object reference

14.4.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

14.4.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

14.4.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
14.4.7.3. V1ComplianceControl
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

standardId

  

String

  

groupId

  

String

  

name

  

String

  

description

  

String

  

implemented

  

Boolean

  

interpretationText

  

String

  
14.4.7.4. V1ComplianceControlGroup
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

standardId

  

String

  

name

  

String

  

description

  

String

  

numImplementedChecks

  

Integer

 

int32

14.4.7.5. V1ComplianceStandard
Field NameRequiredNullableTypeDescriptionFormat

metadata

  

V1ComplianceStandardMetadata

  

groups

  

List of V1ComplianceControlGroup

  

controls

  

List of V1ComplianceControl

  
14.4.7.6. V1ComplianceStandardMetadata
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

description

  

String

  

numImplementedChecks

  

Integer

 

int32

scopes

  

List of V1ComplianceStandardMetadataScope

  

dynamic

  

Boolean

  

hideScanResults

  

Boolean

  
14.4.7.7. V1ComplianceStandardMetadataScope
Enum Values

UNSET

CLUSTER

NAMESPACE

DEPLOYMENT

NODE

14.4.7.8. V1GetComplianceStandardResponse
Field NameRequiredNullableTypeDescriptionFormat

standard

  

V1ComplianceStandard

  

14.5. UpdateComplianceStandardConfig

PATCH /v1/compliance/standards/{id}

14.5.1. Description

14.5.2. Parameters

14.5.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 
14.5.2.2. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1UpdateComplianceRequest

X

  

14.5.3. Return Type

Object

14.5.4. Content Type

  • application/json

14.5.5. Responses

Table 14.5. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

14.5.6. Samples

14.5.7. Common object reference

14.5.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

14.5.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

14.5.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
14.5.7.3. V1UpdateComplianceRequest
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

hideScanResults

  

Boolean

  

Chapter 15. ConfigService

15.1. GetConfig

GET /v1/config

15.1.1. Description

15.1.2. Parameters

15.1.3. Return Type

StorageConfig

15.1.4. Content Type

  • application/json

15.1.5. Responses

Table 15.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

StorageConfig

0

An unexpected error response.

RuntimeError

15.1.6. Samples

15.1.7. Common object reference

15.1.7.1. BannerConfigSize
Enum Values

UNSET

SMALL

MEDIUM

LARGE

15.1.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

15.1.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

15.1.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
15.1.7.4. StorageAdministrationEventsConfig
Field NameRequiredNullableTypeDescriptionFormat

retentionDurationDays

  

Long

 

int64

15.1.7.5. StorageAlertRetentionConfig
Field NameRequiredNullableTypeDescriptionFormat

resolvedDeployRetentionDurationDays

  

Integer

 

int32

deletedRuntimeRetentionDurationDays

  

Integer

This runtime alert retention configuration takes precedence after allRuntimeRetentionDurationDays.

int32

allRuntimeRetentionDurationDays

  

Integer

This runtime alert retention configuration has highest precedence. All runtime alerts, including attempted alerts and deleted deployment alerts, are deleted even if respective retention is longer.

int32

attemptedDeployRetentionDurationDays

  

Integer

 

int32

attemptedRuntimeRetentionDurationDays

  

Integer

This runtime alert retention configuration has lowest precedence.

int32

15.1.7.6. StorageBannerConfig
Field NameRequiredNullableTypeDescriptionFormat

enabled

  

Boolean

  

text

  

String

  

size

  

BannerConfigSize

 

UNSET, SMALL, MEDIUM, LARGE,

color

  

String

  

backgroundColor

  

String

  
15.1.7.7. StorageConfig
Field NameRequiredNullableTypeDescriptionFormat

publicConfig

  

StoragePublicConfig

  

privateConfig

  

StoragePrivateConfig

  
15.1.7.8. StorageDayOption
Field NameRequiredNullableTypeDescriptionFormat

numDays

  

Long

 

int64

enabled

  

Boolean

  
15.1.7.9. StorageDecommissionedClusterRetentionConfig
next available tag: 5
Field NameRequiredNullableTypeDescriptionFormat

retentionDurationDays

  

Integer

 

int32

ignoreClusterLabels

  

Map of string

  

lastUpdated

  

Date

 

date-time

createdAt

  

Date

 

date-time

15.1.7.10. StorageLoginNotice
Field NameRequiredNullableTypeDescriptionFormat

enabled

  

Boolean

  

text

  

String

  
15.1.7.11. StoragePrivateConfig
next available tag:9
Field NameRequiredNullableTypeDescriptionFormat

DEPRECATEDAlertRetentionDurationDays

  

Integer

 

int32

alertConfig

  

StorageAlertRetentionConfig

  

imageRetentionDurationDays

  

Integer

 

int32

expiredVulnReqRetentionDurationDays

  

Integer

 

int32

decommissionedClusterRetention

  

StorageDecommissionedClusterRetentionConfig

  

reportRetentionConfig

  

StorageReportRetentionConfig

  

vulnerabilityExceptionConfig

  

StorageVulnerabilityExceptionConfig

  

administrationEventsConfig

  

StorageAdministrationEventsConfig

  
15.1.7.12. StoragePublicConfig
Field NameRequiredNullableTypeDescriptionFormat

loginNotice

  

StorageLoginNotice

  

header

  

StorageBannerConfig

  

footer

  

StorageBannerConfig

  

telemetry

  

StorageTelemetryConfiguration

  
15.1.7.13. StorageReportRetentionConfig
next available tag: 4
Field NameRequiredNullableTypeDescriptionFormat

historyRetentionDurationDays

  

Long

 

int64

downloadableReportRetentionDays

  

Long

 

int64

downloadableReportGlobalRetentionBytes

  

Long

 

int64

15.1.7.14. StorageTelemetryConfiguration
Field NameRequiredNullableTypeDescriptionFormat

enabled

  

Boolean

  

lastSetTime

  

Date

 

date-time

15.1.7.15. StorageVulnerabilityExceptionConfig
Field NameRequiredNullableTypeDescriptionFormat

expiryOptions

  

StorageVulnerabilityExceptionConfigExpiryOptions

  
15.1.7.16. StorageVulnerabilityExceptionConfigExpiryOptions
Field NameRequiredNullableTypeDescriptionFormat

dayOptions

  

List of StorageDayOption

  

fixableCveOptions

  

StorageVulnerabilityExceptionConfigFixableCVEOptions

  

customDate

  

Boolean

  

indefinite

  

Boolean

  
15.1.7.17. StorageVulnerabilityExceptionConfigFixableCVEOptions
Field NameRequiredNullableTypeDescriptionFormat

allFixable

  

Boolean

  

anyFixable

  

Boolean

  

15.2. GetVulnerabilityExceptionConfig

GET /v1/config/private/exception/vulnerabilities

15.2.1. Description

15.2.2. Parameters

15.2.3. Return Type

V1GetVulnerabilityExceptionConfigResponse

15.2.4. Content Type

  • application/json

15.2.5. Responses

Table 15.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetVulnerabilityExceptionConfigResponse

0

An unexpected error response.

RuntimeError

15.2.6. Samples

15.2.7. Common object reference

15.2.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

15.2.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

15.2.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
15.2.7.3. V1DayOption
Field NameRequiredNullableTypeDescriptionFormat

numDays

  

Long

 

int64

enabled

  

Boolean

  
15.2.7.4. V1GetVulnerabilityExceptionConfigResponse
Field NameRequiredNullableTypeDescriptionFormat

config

  

V1VulnerabilityExceptionConfig

  
15.2.7.5. V1VulnerabilityExceptionConfig
Field NameRequiredNullableTypeDescriptionFormat

expiryOptions

  

V1VulnerabilityExceptionConfigExpiryOptions

  
15.2.7.6. V1VulnerabilityExceptionConfigExpiryOptions
Field NameRequiredNullableTypeDescriptionFormat

dayOptions

  

List of V1DayOption

This allows users to set expiry interval based on number of days.

 

fixableCveOptions

  

V1VulnerabilityExceptionConfigFixableCVEOptions

  

customDate

  

Boolean

This option, if true, allows UI to show a custom date picker for setting expiry date.

 

indefinite

  

Boolean

  
15.2.7.7. V1VulnerabilityExceptionConfigFixableCVEOptions
Field NameRequiredNullableTypeDescriptionFormat

allFixable

  

Boolean

This options allows users to expire the vulnerability deferral request if and only if all vulnerabilities in the requests become fixable.

 

anyFixable

  

Boolean

This options allows users to expire the vulnerability deferral request if any vulnerability in the requests become fixable.

 

15.3. UpdateVulnerabilityExceptionConfig

PUT /v1/config/private/exception/vulnerabilities

15.3.1. Description

15.3.2. Parameters

15.3.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1UpdateVulnerabilityExceptionConfigRequest

X

  

15.3.3. Return Type

V1UpdateVulnerabilityExceptionConfigResponse

15.3.4. Content Type

  • application/json

15.3.5. Responses

Table 15.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1UpdateVulnerabilityExceptionConfigResponse

0

An unexpected error response.

RuntimeError

15.3.6. Samples

15.3.7. Common object reference

15.3.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

15.3.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

15.3.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
15.3.7.3. V1DayOption
Field NameRequiredNullableTypeDescriptionFormat

numDays

  

Long

 

int64

enabled

  

Boolean

  
15.3.7.4. V1UpdateVulnerabilityExceptionConfigRequest
Field NameRequiredNullableTypeDescriptionFormat

config

  

V1VulnerabilityExceptionConfig

  
15.3.7.5. V1UpdateVulnerabilityExceptionConfigResponse
Field NameRequiredNullableTypeDescriptionFormat

config

  

V1VulnerabilityExceptionConfig

  
15.3.7.6. V1VulnerabilityExceptionConfig
Field NameRequiredNullableTypeDescriptionFormat

expiryOptions

  

V1VulnerabilityExceptionConfigExpiryOptions

  
15.3.7.7. V1VulnerabilityExceptionConfigExpiryOptions
Field NameRequiredNullableTypeDescriptionFormat

dayOptions

  

List of V1DayOption

This allows users to set expiry interval based on number of days.

 

fixableCveOptions

  

V1VulnerabilityExceptionConfigFixableCVEOptions

  

customDate

  

Boolean

This option, if true, allows UI to show a custom date picker for setting expiry date.

 

indefinite

  

Boolean

  
15.3.7.8. V1VulnerabilityExceptionConfigFixableCVEOptions
Field NameRequiredNullableTypeDescriptionFormat

allFixable

  

Boolean

This options allows users to expire the vulnerability deferral request if and only if all vulnerabilities in the requests become fixable.

 

anyFixable

  

Boolean

This options allows users to expire the vulnerability deferral request if any vulnerability in the requests become fixable.

 

15.4. GetPrivateConfig

GET /v1/config/private

15.4.1. Description

15.4.2. Parameters

15.4.3. Return Type

StoragePrivateConfig

15.4.4. Content Type

  • application/json

15.4.5. Responses

Table 15.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

StoragePrivateConfig

0

An unexpected error response.

RuntimeError

15.4.6. Samples

15.4.7. Common object reference

15.4.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

15.4.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

15.4.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
15.4.7.3. StorageAdministrationEventsConfig
Field NameRequiredNullableTypeDescriptionFormat

retentionDurationDays

  

Long

 

int64

15.4.7.4. StorageAlertRetentionConfig
Field NameRequiredNullableTypeDescriptionFormat

resolvedDeployRetentionDurationDays

  

Integer

 

int32

deletedRuntimeRetentionDurationDays

  

Integer

This runtime alert retention configuration takes precedence after allRuntimeRetentionDurationDays.

int32

allRuntimeRetentionDurationDays

  

Integer

This runtime alert retention configuration has highest precedence. All runtime alerts, including attempted alerts and deleted deployment alerts, are deleted even if respective retention is longer.

int32

attemptedDeployRetentionDurationDays

  

Integer

 

int32

attemptedRuntimeRetentionDurationDays

  

Integer

This runtime alert retention configuration has lowest precedence.

int32

15.4.7.5. StorageDayOption
Field NameRequiredNullableTypeDescriptionFormat

numDays

  

Long

 

int64

enabled

  

Boolean

  
15.4.7.6. StorageDecommissionedClusterRetentionConfig
next available tag: 5
Field NameRequiredNullableTypeDescriptionFormat

retentionDurationDays

  

Integer

 

int32

ignoreClusterLabels

  

Map of string

  

lastUpdated

  

Date

 

date-time

createdAt

  

Date

 

date-time

15.4.7.7. StoragePrivateConfig
next available tag:9
Field NameRequiredNullableTypeDescriptionFormat

DEPRECATEDAlertRetentionDurationDays

  

Integer

 

int32

alertConfig

  

StorageAlertRetentionConfig

  

imageRetentionDurationDays

  

Integer

 

int32

expiredVulnReqRetentionDurationDays

  

Integer

 

int32

decommissionedClusterRetention

  

StorageDecommissionedClusterRetentionConfig

  

reportRetentionConfig

  

StorageReportRetentionConfig

  

vulnerabilityExceptionConfig

  

StorageVulnerabilityExceptionConfig

  

administrationEventsConfig

  

StorageAdministrationEventsConfig

  
15.4.7.8. StorageReportRetentionConfig
next available tag: 4
Field NameRequiredNullableTypeDescriptionFormat

historyRetentionDurationDays

  

Long

 

int64

downloadableReportRetentionDays

  

Long

 

int64

downloadableReportGlobalRetentionBytes

  

Long

 

int64

15.4.7.9. StorageVulnerabilityExceptionConfig
Field NameRequiredNullableTypeDescriptionFormat

expiryOptions

  

StorageVulnerabilityExceptionConfigExpiryOptions

  
15.4.7.10. StorageVulnerabilityExceptionConfigExpiryOptions
Field NameRequiredNullableTypeDescriptionFormat

dayOptions

  

List of StorageDayOption

  

fixableCveOptions

  

StorageVulnerabilityExceptionConfigFixableCVEOptions

  

customDate

  

Boolean

  

indefinite

  

Boolean

  
15.4.7.11. StorageVulnerabilityExceptionConfigFixableCVEOptions
Field NameRequiredNullableTypeDescriptionFormat

allFixable

  

Boolean

  

anyFixable

  

Boolean

  

15.5. GetPublicConfig

GET /v1/config/public

15.5.1. Description

15.5.2. Parameters

15.5.3. Return Type

StoragePublicConfig

15.5.4. Content Type

  • application/json

15.5.5. Responses

Table 15.5. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

StoragePublicConfig

0

An unexpected error response.

RuntimeError

15.5.6. Samples

15.5.7. Common object reference

15.5.7.1. BannerConfigSize
Enum Values

UNSET

SMALL

MEDIUM

LARGE

15.5.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

15.5.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

15.5.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
15.5.7.4. StorageBannerConfig
Field NameRequiredNullableTypeDescriptionFormat

enabled

  

Boolean

  

text

  

String

  

size

  

BannerConfigSize

 

UNSET, SMALL, MEDIUM, LARGE,

color

  

String

  

backgroundColor

  

String

  
15.5.7.5. StorageLoginNotice
Field NameRequiredNullableTypeDescriptionFormat

enabled

  

Boolean

  

text

  

String

  
15.5.7.6. StoragePublicConfig
Field NameRequiredNullableTypeDescriptionFormat

loginNotice

  

StorageLoginNotice

  

header

  

StorageBannerConfig

  

footer

  

StorageBannerConfig

  

telemetry

  

StorageTelemetryConfiguration

  
15.5.7.7. StorageTelemetryConfiguration
Field NameRequiredNullableTypeDescriptionFormat

enabled

  

Boolean

  

lastSetTime

  

Date

 

date-time

15.6. PutConfig

PUT /v1/config

15.6.1. Description

15.6.2. Parameters

15.6.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1PutConfigRequest

X

  

15.6.3. Return Type

StorageConfig

15.6.4. Content Type

  • application/json

15.6.5. Responses

Table 15.6. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

StorageConfig

0

An unexpected error response.

RuntimeError

15.6.6. Samples

15.6.7. Common object reference

15.6.7.1. BannerConfigSize
Enum Values

UNSET

SMALL

MEDIUM

LARGE

15.6.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

15.6.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

15.6.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
15.6.7.4. StorageAdministrationEventsConfig
Field NameRequiredNullableTypeDescriptionFormat

retentionDurationDays

  

Long

 

int64

15.6.7.5. StorageAlertRetentionConfig
Field NameRequiredNullableTypeDescriptionFormat

resolvedDeployRetentionDurationDays

  

Integer

 

int32

deletedRuntimeRetentionDurationDays

  

Integer

This runtime alert retention configuration takes precedence after allRuntimeRetentionDurationDays.

int32

allRuntimeRetentionDurationDays

  

Integer

This runtime alert retention configuration has highest precedence. All runtime alerts, including attempted alerts and deleted deployment alerts, are deleted even if respective retention is longer.

int32

attemptedDeployRetentionDurationDays

  

Integer

 

int32

attemptedRuntimeRetentionDurationDays

  

Integer

This runtime alert retention configuration has lowest precedence.

int32

15.6.7.6. StorageBannerConfig
Field NameRequiredNullableTypeDescriptionFormat

enabled

  

Boolean

  

text

  

String

  

size

  

BannerConfigSize

 

UNSET, SMALL, MEDIUM, LARGE,

color

  

String

  

backgroundColor

  

String

  
15.6.7.7. StorageConfig
Field NameRequiredNullableTypeDescriptionFormat

publicConfig

  

StoragePublicConfig

  

privateConfig

  

StoragePrivateConfig

  
15.6.7.8. StorageDayOption
Field NameRequiredNullableTypeDescriptionFormat

numDays

  

Long

 

int64

enabled

  

Boolean

  
15.6.7.9. StorageDecommissionedClusterRetentionConfig
next available tag: 5
Field NameRequiredNullableTypeDescriptionFormat

retentionDurationDays

  

Integer

 

int32

ignoreClusterLabels

  

Map of string

  

lastUpdated

  

Date

 

date-time

createdAt

  

Date

 

date-time

15.6.7.10. StorageLoginNotice
Field NameRequiredNullableTypeDescriptionFormat

enabled

  

Boolean

  

text

  

String

  
15.6.7.11. StoragePrivateConfig
next available tag:9
Field NameRequiredNullableTypeDescriptionFormat

DEPRECATEDAlertRetentionDurationDays

  

Integer

 

int32

alertConfig

  

StorageAlertRetentionConfig

  

imageRetentionDurationDays

  

Integer

 

int32

expiredVulnReqRetentionDurationDays

  

Integer

 

int32

decommissionedClusterRetention

  

StorageDecommissionedClusterRetentionConfig

  

reportRetentionConfig

  

StorageReportRetentionConfig

  

vulnerabilityExceptionConfig

  

StorageVulnerabilityExceptionConfig

  

administrationEventsConfig

  

StorageAdministrationEventsConfig

  
15.6.7.12. StoragePublicConfig
Field NameRequiredNullableTypeDescriptionFormat

loginNotice

  

StorageLoginNotice

  

header

  

StorageBannerConfig

  

footer

  

StorageBannerConfig

  

telemetry

  

StorageTelemetryConfiguration

  
15.6.7.13. StorageReportRetentionConfig
next available tag: 4
Field NameRequiredNullableTypeDescriptionFormat

historyRetentionDurationDays

  

Long

 

int64

downloadableReportRetentionDays

  

Long

 

int64

downloadableReportGlobalRetentionBytes

  

Long

 

int64

15.6.7.14. StorageTelemetryConfiguration
Field NameRequiredNullableTypeDescriptionFormat

enabled

  

Boolean

  

lastSetTime

  

Date

 

date-time

15.6.7.15. StorageVulnerabilityExceptionConfig
Field NameRequiredNullableTypeDescriptionFormat

expiryOptions

  

StorageVulnerabilityExceptionConfigExpiryOptions

  
15.6.7.16. StorageVulnerabilityExceptionConfigExpiryOptions
Field NameRequiredNullableTypeDescriptionFormat

dayOptions

  

List of StorageDayOption

  

fixableCveOptions

  

StorageVulnerabilityExceptionConfigFixableCVEOptions

  

customDate

  

Boolean

  

indefinite

  

Boolean

  
15.6.7.17. StorageVulnerabilityExceptionConfigFixableCVEOptions
Field NameRequiredNullableTypeDescriptionFormat

allFixable

  

Boolean

  

anyFixable

  

Boolean

  
15.6.7.18. V1PutConfigRequest
Field NameRequiredNullableTypeDescriptionFormat

config

  

StorageConfig

  

Chapter 16. CredentialExpiryService

16.1. GetCertExpiry

GET /v1/credentialexpiry

GetCertExpiry returns information related to the expiry component mTLS certificate.

16.1.1. Description

16.1.2. Parameters

16.1.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

component

 

-

UNKNOWN

 

16.1.3. Return Type

V1GetCertExpiryResponse

16.1.4. Content Type

  • application/json

16.1.5. Responses

Table 16.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetCertExpiryResponse

0

An unexpected error response.

RuntimeError

16.1.6. Samples

16.1.7. Common object reference

16.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

16.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

16.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
16.1.7.3. V1GetCertExpiryResponse
Field NameRequiredNullableTypeDescriptionFormat

expiry

  

Date

 

date-time

Chapter 17. DBService

17.1. GetExportCapabilities

GET /v1/db/exportcaps

17.1.1. Description

17.1.2. Parameters

17.1.3. Return Type

V1GetDBExportCapabilitiesResponse

17.1.4. Content Type

  • application/json

17.1.5. Responses

Table 17.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetDBExportCapabilitiesResponse

0

An unexpected error response.

RuntimeError

17.1.6. Samples

17.1.7. Common object reference

17.1.7.1. DBExportManifestEncodingType

The encoding of the file data in the restore body, usually for compression purposes.

Enum Values

UNKNOWN

UNCOMPREESSED

DEFLATED

17.1.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

17.1.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

17.1.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
17.1.7.4. V1DBExportFormat

DBExportFormat describes a format (= a collection of files) for the database export.

Field NameRequiredNullableTypeDescriptionFormat

formatName

  

String

  

files

  

List of V1DBExportFormatFile

  
17.1.7.5. V1DBExportFormatFile
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

optional

  

Boolean

  
17.1.7.6. V1GetDBExportCapabilitiesResponse
Field NameRequiredNullableTypeDescriptionFormat

formats

  

List of V1DBExportFormat

  

supportedEncodings

  

List of DBExportManifestEncodingType

  

17.2. InterruptRestoreProcess

POST /v1/db/interruptrestore/{processId}/{attemptId}

17.2.1. Description

17.2.2. Parameters

17.2.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

processId

 

X

null

 

attemptId

 

X

null

 

17.2.3. Return Type

V1InterruptDBRestoreProcessResponse

17.2.4. Content Type

  • application/json

17.2.5. Responses

Table 17.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1InterruptDBRestoreProcessResponse

0

An unexpected error response.

RuntimeError

17.2.6. Samples

17.2.7. Common object reference

17.2.7.1. DBRestoreProcessStatusResumeInfo
Field NameRequiredNullableTypeDescriptionFormat

pos

  

String

 

int64

17.2.7.2. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

17.2.7.2.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

17.2.7.3. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
17.2.7.4. V1InterruptDBRestoreProcessResponse
Field NameRequiredNullableTypeDescriptionFormat

resumeInfo

  

DBRestoreProcessStatusResumeInfo

  

17.3. GetActiveRestoreProcess

GET /v1/db/restore

17.3.1. Description

17.3.2. Parameters

17.3.3. Return Type

V1GetActiveDBRestoreProcessResponse

17.3.4. Content Type

  • application/json

17.3.5. Responses

Table 17.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetActiveDBRestoreProcessResponse

0

An unexpected error response.

RuntimeError

17.3.6. Samples

17.3.7. Common object reference

17.3.7.1. DBExportManifestEncodingType

The encoding of the file data in the restore body, usually for compression purposes.

Enum Values

UNKNOWN

UNCOMPREESSED

DEFLATED

17.3.7.2. DBRestoreProcessStatusResumeInfo
Field NameRequiredNullableTypeDescriptionFormat

pos

  

String

 

int64

17.3.7.3. DBRestoreRequestHeaderLocalFileInfo

LocalFileInfo provides information about the file on the local machine of the user initiating the restore process, in order to provide information to other users about ongoing restore processes.

Field NameRequiredNullableTypeDescriptionFormat

path

  

String

The full path of the file.

 

bytesSize

  

String

The size of the file, in bytes. 0 if unknown.

int64

17.3.7.4. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

17.3.7.4.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

17.3.7.5. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
17.3.7.6. V1DBExportManifest

A DB export manifest describes the file contents of a restore request. To prevent data loss, a manifest is always interpreted as binding, i.e., the server must ensure that it will read and make use of every file listed in the manifest, otherwise it must reject the request.

Field NameRequiredNullableTypeDescriptionFormat

files

  

List of V1DBExportManifestFile

  
17.3.7.7. V1DBExportManifestFile

A single file in the restore body.

Field NameRequiredNullableTypeDescriptionFormat

name

  

String

The name of the file. This may or may not be a (relative) file path and up to the server to interpret. For databases exported as ZIP files, this is the path relative to the root of the archive.

 

encoding

  

DBExportManifestEncodingType

 

UNKNOWN, UNCOMPREESSED, DEFLATED,

encodedSize

  

String

 

int64

decodedSize

  

String

 

int64

decodedCrc32

  

Long

The CRC32 (IEEE) checksum of the decoded(!) data.

int64

17.3.7.8. V1DBRestoreProcessMetadata

The metadata of an ongoing or completed restore process. This is the static metadata, which will not change (i.e., it is not a status).

Field NameRequiredNullableTypeDescriptionFormat

id

  

String

An ID identifying the restore process. Auto-assigned.

 

header

  

V1DBRestoreRequestHeader

  

startTime

  

Date

The time at which the restore process was started.

date-time

initiatingUserName

  

String

The user who initiated the database restore process.

 
17.3.7.9. V1DBRestoreProcessStatus
Field NameRequiredNullableTypeDescriptionFormat

metadata

  

V1DBRestoreProcessMetadata

  

attemptId

  

String

  

state

  

V1DBRestoreProcessStatusState

 

UNKNOWN, NOT_STARTED, IN_PROGRESS, PAUSED, COMPLETED,

resumeInfo

  

DBRestoreProcessStatusResumeInfo

  

error

  

String

  

bytesRead

  

String

 

int64

filesProcessed

  

String

 

int64

17.3.7.10. V1DBRestoreProcessStatusState
Enum Values

UNKNOWN

NOT_STARTED

IN_PROGRESS

PAUSED

COMPLETED

17.3.7.11. V1DBRestoreRequestHeader
Field NameRequiredNullableTypeDescriptionFormat

formatName

  

String

The name of the database export format. Mandatory.

 

manifest

  

V1DBExportManifest

  

localFile

  

DBRestoreRequestHeaderLocalFileInfo

  
17.3.7.12. V1GetActiveDBRestoreProcessResponse
Field NameRequiredNullableTypeDescriptionFormat

activeStatus

  

V1DBRestoreProcessStatus

  

17.4. CancelRestoreProcess

DELETE /v1/db/restore/{id}

17.4.1. Description

17.4.2. Parameters

17.4.2.1. Path Parameters
NameDescriptionRequiredDefaultPattern

id

 

X

null

 

17.4.3. Return Type

Object

17.4.4. Content Type

  • application/json

17.4.5. Responses

Table 17.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

17.4.6. Samples

17.4.7. Common object reference

17.4.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

17.4.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

17.4.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

Chapter 18. DebugService

18.1. StreamAuthzTraces

GET /v1/debug/authz/trace

Stream authorization traces for all incoming requests.

18.1.1. Description

18.1.2. Parameters

18.1.3. Return Type

Stream_result_of_v1AuthorizationTraceResponse

18.1.4. Content Type

  • application/json

18.1.5. Responses

Table 18.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.(streaming responses)

Stream_result_of_v1AuthorizationTraceResponse

0

An unexpected error response.

RuntimeError

18.1.6. Samples

18.1.7. Common object reference

18.1.7.1. AuthorizationTraceResponseResponseStatus
Enum Values

UNKNOWN_STATUS

SUCCESS

FAILURE

18.1.7.2. AuthorizationTraceResponseTrace
Field NameRequiredNullableTypeDescriptionFormat

scopeCheckerType

  

String

  

builtIn

  

TraceBuiltInAuthorizer

  
18.1.7.3. AuthorizationTraceResponseUserRole
Field NameRequiredNullableTypeDescriptionFormat

name

  

String

  

permissions

  

Map of StorageAccess

  

accessScopeName

  

String

  

accessScope

  

SimpleAccessScopeRules

  
18.1.7.4. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

18.1.7.4.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

18.1.7.5. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
18.1.7.6. RuntimeStreamError
Field NameRequiredNullableTypeDescriptionFormat

grpcCode

  

Integer

 

int32

httpCode

  

Integer

 

int32

message

  

String

  

httpStatus

  

String

  

details

  

List of ProtobufAny

  
18.1.7.7. SimpleAccessScopeRules

Each element of any repeated field is an individual rule. Rules are joined by logical OR: if there exists a rule allowing resource x, x is in the access scope.

Field NameRequiredNullableTypeDescriptionFormat

includedClusters

  

List of string

  

includedNamespaces

  

List of SimpleAccessScopeRulesNamespace

  

clusterLabelSelectors

  

List of StorageSetBasedLabelSelector

  

namespaceLabelSelectors

  

List of StorageSetBasedLabelSelector

  
18.1.7.8. SimpleAccessScopeRulesNamespace
Field NameRequiredNullableTypeDescriptionFormat

clusterName

  

String

Both fields must be set.

 

namespaceName

  

String

  
18.1.7.9. StorageAccess
Enum Values

NO_ACCESS

READ_ACCESS

READ_WRITE_ACCESS

18.1.7.10. StorageSetBasedLabelSelector

SetBasedLabelSelector only allows set-based label requirements.

Next available tag: 3

Field NameRequiredNullableTypeDescriptionFormat

requirements

  

List of StorageSetBasedLabelSelectorRequirement

  
18.1.7.11. StorageSetBasedLabelSelectorOperator
Enum Values

UNKNOWN

IN

NOT_IN

EXISTS

NOT_EXISTS

18.1.7.12. StorageSetBasedLabelSelectorRequirement
Next available tag: 4
Field NameRequiredNullableTypeDescriptionFormat

key

  

String

  

op

  

StorageSetBasedLabelSelectorOperator

 

UNKNOWN, IN, NOT_IN, EXISTS, NOT_EXISTS,

values

  

List of string

  
18.1.7.13. StreamResultOfV1AuthorizationTraceResponse
Stream result of v1AuthorizationTraceResponse
Field NameRequiredNullableTypeDescriptionFormat

result

  

V1AuthorizationTraceResponse

  

error

  

RuntimeStreamError

  
18.1.7.14. TraceBuiltInAuthorizer
Field NameRequiredNullableTypeDescriptionFormat

clustersTotalNum

  

Integer

 

int32

namespacesTotalNum

  

Integer

 

int32

deniedAuthzDecisions

  

Map of integer

 

int32

allowedAuthzDecisions

  

Map of integer

 

int32

effectiveAccessScopes

  

Map of string

  
18.1.7.15. V1AuthorizationTraceResponse
Field NameRequiredNullableTypeDescriptionFormat

arrivedAt

  

Date

 

date-time

processedAt

  

Date

 

date-time

request

  

V1AuthorizationTraceResponseRequest

  

response

  

V1AuthorizationTraceResponseResponse

  

user

  

V1AuthorizationTraceResponseUser

  

trace

  

AuthorizationTraceResponseTrace

  
18.1.7.16. V1AuthorizationTraceResponseRequest
Field NameRequiredNullableTypeDescriptionFormat

endpoint

  

String

  

method

  

String

  
18.1.7.17. V1AuthorizationTraceResponseResponse
Field NameRequiredNullableTypeDescriptionFormat

status

  

AuthorizationTraceResponseResponseStatus

 

UNKNOWN_STATUS, SUCCESS, FAILURE,

error

  

String

  
18.1.7.18. V1AuthorizationTraceResponseUser
Field NameRequiredNullableTypeDescriptionFormat

username

  

String

  

friendlyName

  

String

  

aggregatedPermissions

  

Map of StorageAccess

  

roles

  

List of AuthorizationTraceResponseUserRole

  

18.2. ResetDBStats

POST /v1/debug/db/stats/reset

Reset database debugging statistics.

18.2.1. Description

18.2.2. Parameters

18.2.3. Return Type

Object

18.2.4. Content Type

  • application/json

18.2.5. Responses

Table 18.2. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

18.2.6. Samples

18.2.7. Common object reference

18.2.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

18.2.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

18.2.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  

18.3. GetLogLevel

GET /v1/debug/loglevel

Get the current logging level for StackRox services.

18.3.1. Description

18.3.2. Parameters

18.3.2.1. Query Parameters
NameDescriptionRequiredDefaultPattern

modules

String

-

null

 

18.3.3. Return Type

V1LogLevelResponse

18.3.4. Content Type

  • application/json

18.3.5. Responses

Table 18.3. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1LogLevelResponse

0

An unexpected error response.

RuntimeError

18.3.6. Samples

18.3.7. Common object reference

18.3.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

18.3.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

18.3.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
18.3.7.3. V1LogLevelResponse
Field NameRequiredNullableTypeDescriptionFormat

level

  

String

  

moduleLevels

  

List of V1ModuleLevel

  
18.3.7.4. V1ModuleLevel
Field NameRequiredNullableTypeDescriptionFormat

module

  

String

  

level

  

String

  

18.4. SetLogLevel

PATCH /v1/debug/loglevel

Set logging level for StackRox services.

18.4.1. Description

18.4.2. Parameters

18.4.2.1. Body Parameter
NameDescriptionRequiredDefaultPattern

body

V1LogLevelRequest

X

  

18.4.3. Return Type

Object

18.4.4. Content Type

  • application/json

18.4.5. Responses

Table 18.4. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

Object

0

An unexpected error response.

RuntimeError

18.4.6. Samples

18.4.7. Common object reference

18.4.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

18.4.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

18.4.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
18.4.7.3. V1LogLevelRequest
Field NameRequiredNullableTypeDescriptionFormat

level

  

String

  

modules

  

List of string

  

Chapter 19. DeclarativeConfigHealthService

19.1. GetDeclarativeConfigHealths

GET /v1/declarative-config/health

19.1.1. Description

19.1.2. Parameters

19.1.3. Return Type

V1GetDeclarativeConfigHealthsResponse

19.1.4. Content Type

  • application/json

19.1.5. Responses

Table 19.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1GetDeclarativeConfigHealthsResponse

0

An unexpected error response.

RuntimeError

19.1.6. Samples

19.1.7. Common object reference

19.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

19.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

19.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code

  

Integer

 

int32

message

  

String

  

details

  

List of ProtobufAny

  
19.1.7.3. StorageDeclarativeConfigHealth
Field NameRequiredNullableTypeDescriptionFormat

id

  

String

  

name

  

String

  

status

  

StorageDeclarativeConfigHealthStatus

 

UNHEALTHY, HEALTHY,

errorMessage

  

String

  

resourceName

  

String

  

resourceType

  

StorageDeclarativeConfigHealthResourceType

 

CONFIG_MAP, ACCESS_SCOPE, PERMISSION_SET, ROLE, AUTH_PROVIDER, GROUP, NOTIFIER,

lastTimestamp

  

Date

Timestamp when the current status was set.

date-time

19.1.7.4. StorageDeclarativeConfigHealthResourceType
Enum Values

CONFIG_MAP

ACCESS_SCOPE

PERMISSION_SET

ROLE

AUTH_PROVIDER

GROUP

NOTIFIER

19.1.7.5. StorageDeclarativeConfigHealthStatus
Enum Values

UNHEALTHY

HEALTHY

19.1.7.6. V1GetDeclarativeConfigHealthsResponse
Field NameRequiredNullableTypeDescriptionFormat

healths

  

List of StorageDeclarativeConfigHealth

  

Chapter 20. DelegatedRegistryConfigService

20.1. GetClusters

GET /v1/delegatedregistryconfig/clusters

GetClusters returns the list of clusters (id + name) and a flag indicating whether or not the cluster is valid for use in the delegated registry config

20.1.1. Description

20.1.2. Parameters

20.1.3. Return Type

V1DelegatedRegistryClustersResponse

20.1.4. Content Type

  • application/json

20.1.5. Responses

Table 20.1. HTTP Response Codes
CodeMessageDatatype

200

A successful response.

V1DelegatedRegistryClustersResponse

0

An unexpected error response.

RuntimeError

20.1.6. Samples

20.1.7. Common object reference

20.1.7.1. ProtobufAny

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++. 

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java. 

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}
Example 3: Pack and unpack a message in Python.
foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...
Example 4: Pack and unpack a message in Go
foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

20.1.7.1.1. JSON representation

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example: 

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}
{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]): 

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}
Field NameRequiredNullableTypeDescriptionFormat

typeUrl

  

String

A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in path/google.protobuf.Duration). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme http, https, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, https is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than http, https (or the empty scheme) might be used with implementation specific semantics.

 

value

  

byte[]

Must be a valid serialized protocol buffer of the above specified type.

byte

20.1.7.2. RuntimeError
Field NameRequiredNullableTypeDescriptionFormat

error

  

String

  

code