Home
Products
Red Hat Advanced Cluster Security for Kubernetes
4.5
API reference
Chapter 45. PolicyService

Chapter 45. PolicyService

45.1. CancelDryRunJob
Copy link

DELETE /v1/policies/dryrunjob/{jobId}

45.1.2. Parameters
Copy link

45.1.2.1. Path Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
jobId		X	null

45.1.4. Content Type
Copy link

application/json

45.1.5. Responses
Copy link

Expand

Table 45.1. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

45.1.7. Common object reference
Copy link

45.1.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

The pack methods provided by protobuf library will by default use 'type.googleapis.com/full.type.name' as the type URL and the unpack methods only use the fully qualified type name after the last '/' in the type URL, for example "foo.bar.com/x/y.z" will yield type name "y.z".

45.1.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

If the embedded message type is well-known and has a custom JSON representation, that representation will be embedded adding a field value which holds the custom JSON in addition to the @type field. Example (for message [google.protobuf.Duration][]):

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.1.7.2. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.2. QueryDryRunJobStatus
Copy link

GET /v1/policies/dryrunjob/{jobId}

45.2.1. Description
Copy link

45.2.2. Parameters
Copy link

45.2.2.1. Path Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
jobId		X	null

45.2.3. Return Type
Copy link

V1DryRunJobStatusResponse

45.2.4. Content Type
Copy link

application/json

45.2.5. Responses
Copy link

Expand

Table 45.2. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1DryRunJobStatusResponse
0	An unexpected error response.	RuntimeError

45.2.6. Samples
Copy link

45.2.7. Common object reference
Copy link

45.2.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.2.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.2.7.2. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.2.7.3. V1DryRunJobStatusResponse
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
pending			Boolean
result			V1DryRunResponse

45.2.7.4. V1DryRunResponse
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
alerts			List of V1DryRunResponseAlert

45.2.7.5. V1DryRunResponseAlert
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
deployment			String
violations			List of `string`

45.3. SubmitDryRunPolicyJob
Copy link

POST /v1/policies/dryrunjob

45.3.1. Description
Copy link

45.3.2. Parameters
Copy link

45.3.2.1. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	StoragePolicy	X

45.3.3. Return Type
Copy link

V1JobId

45.3.4. Content Type
Copy link

application/json

45.3.5. Responses
Copy link

Expand

Table 45.3. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1JobId
0	An unexpected error response.	RuntimeError

45.3.6. Samples
Copy link

45.3.7. Common object reference
Copy link

45.3.7.1. PolicyMitreAttackVectors
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
tactic			String
techniques			List of `string`

45.3.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.3.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.3.7.3. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.3.7.4. StorageBooleanOperator
Copy link

Expand

Enum Values
OR
AND

45.3.7.5. StorageEnforcementAction
Copy link

FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

Expand

Enum Values
UNSET_ENFORCEMENT
SCALE_TO_ZERO_ENFORCEMENT
UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT
KILL_POD_ENFORCEMENT
FAIL_BUILD_ENFORCEMENT
FAIL_KUBE_REQUEST_ENFORCEMENT
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

45.3.7.6. StorageEventSource
Copy link

Expand

Enum Values
NOT_APPLICABLE
DEPLOYMENT_EVENT
AUDIT_LOG_EVENT

45.3.7.7. StorageExclusion
Copy link

Expand

Field Name	Type	Format
name	String
deployment	StorageExclusionDeployment
image	StorageExclusionImage
expiration	Date	date-time

45.3.7.8. StorageExclusionDeployment
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String
scope			StorageScope

45.3.7.9. StorageExclusionImage
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String

45.3.7.10. StorageLifecycleStage
Copy link

Expand

Enum Values
DEPLOY
BUILD
RUNTIME

45.3.7.11. StoragePolicy
Copy link

Expand

Field Name	Type	Description	Format
id	String
name	String
description	String
rationale	String
remediation	String
disabled	Boolean
categories	List of `string`
lifecycleStages	List of StorageLifecycleStage
eventSource	StorageEventSource		NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,
exclusions	List of StorageExclusion
scope	List of StorageScope
severity	StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
enforcementActions	List of StorageEnforcementAction	FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates/updates. FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.
notifiers	List of `string`
lastUpdated	Date		date-time
SORTName	String	For internal use only.
SORTLifecycleStage	String	For internal use only.
SORTEnforcement	Boolean	For internal use only.
policyVersion	String
policySections	List of StoragePolicySection
mitreAttackVectors	List of PolicyMitreAttackVectors
criteriaLocked	Boolean	Read-only field. If true, the policy’s criteria fields are rendered read-only.
mitreVectorsLocked	Boolean	Read-only field. If true, the policy’s MITRE ATT&CK fields are rendered read-only.
isDefault	Boolean	Read-only field. Indicates the policy is a default policy if true and a custom policy if false.

45.3.7.12. StoragePolicyGroup
Copy link

Expand

Field Name	Type	Format
fieldName	String
booleanOperator	StorageBooleanOperator	OR, AND,
negate	Boolean
values	List of StoragePolicyValue

45.3.7.13. StoragePolicySection
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
sectionName			String
policyGroups			List of StoragePolicyGroup

45.3.7.14. StoragePolicyValue
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
value			String

45.3.7.15. StorageScope
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
cluster			String
namespace			String
label			StorageScopeLabel

45.3.7.16. StorageScopeLabel
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
key			String
value			String

45.3.7.17. StorageSeverity
Copy link

Expand

Enum Values
UNSET_SEVERITY
LOW_SEVERITY
MEDIUM_SEVERITY
HIGH_SEVERITY
CRITICAL_SEVERITY

45.3.7.18. V1JobId
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
jobId			String

45.4. DryRunPolicy
Copy link

POST /v1/policies/dryrun

DryRunPolicy evaluates the given policy and returns any alerts without creating the policy.

45.4.1. Description
Copy link

45.4.2. Parameters
Copy link

45.4.2.1. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	StoragePolicy	X

45.4.3. Return Type
Copy link

V1DryRunResponse

45.4.4. Content Type
Copy link

application/json

45.4.5. Responses
Copy link

Expand

Table 45.4. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1DryRunResponse
0	An unexpected error response.	RuntimeError

45.4.6. Samples
Copy link

45.4.7. Common object reference
Copy link

45.4.7.1. PolicyMitreAttackVectors
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
tactic			String
techniques			List of `string`

45.4.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.4.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.4.7.3. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.4.7.4. StorageBooleanOperator
Copy link

Expand

Enum Values
OR
AND

45.4.7.5. StorageEnforcementAction
Copy link

FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

Expand

Enum Values
UNSET_ENFORCEMENT
SCALE_TO_ZERO_ENFORCEMENT
UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT
KILL_POD_ENFORCEMENT
FAIL_BUILD_ENFORCEMENT
FAIL_KUBE_REQUEST_ENFORCEMENT
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

45.4.7.6. StorageEventSource
Copy link

Expand

Enum Values
NOT_APPLICABLE
DEPLOYMENT_EVENT
AUDIT_LOG_EVENT

45.4.7.7. StorageExclusion
Copy link

Expand

Field Name	Type	Format
name	String
deployment	StorageExclusionDeployment
image	StorageExclusionImage
expiration	Date	date-time

45.4.7.8. StorageExclusionDeployment
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String
scope			StorageScope

45.4.7.9. StorageExclusionImage
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String

45.4.7.10. StorageLifecycleStage
Copy link

Expand

Enum Values
DEPLOY
BUILD
RUNTIME

45.4.7.11. StoragePolicy
Copy link

Expand

Field Name	Type	Description	Format
id	String
name	String
description	String
rationale	String
remediation	String
disabled	Boolean
categories	List of `string`
lifecycleStages	List of StorageLifecycleStage
eventSource	StorageEventSource		NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,
exclusions	List of StorageExclusion
scope	List of StorageScope
severity	StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
enforcementActions	List of StorageEnforcementAction	FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates/updates. FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.
notifiers	List of `string`
lastUpdated	Date		date-time
SORTName	String	For internal use only.
SORTLifecycleStage	String	For internal use only.
SORTEnforcement	Boolean	For internal use only.
policyVersion	String
policySections	List of StoragePolicySection
mitreAttackVectors	List of PolicyMitreAttackVectors
criteriaLocked	Boolean	Read-only field. If true, the policy’s criteria fields are rendered read-only.
mitreVectorsLocked	Boolean	Read-only field. If true, the policy’s MITRE ATT&CK fields are rendered read-only.
isDefault	Boolean	Read-only field. Indicates the policy is a default policy if true and a custom policy if false.

45.4.7.12. StoragePolicyGroup
Copy link

Expand

Field Name	Type	Format
fieldName	String
booleanOperator	StorageBooleanOperator	OR, AND,
negate	Boolean
values	List of StoragePolicyValue

45.4.7.13. StoragePolicySection
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
sectionName			String
policyGroups			List of StoragePolicyGroup

45.4.7.14. StoragePolicyValue
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
value			String

45.4.7.15. StorageScope
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
cluster			String
namespace			String
label			StorageScopeLabel

45.4.7.16. StorageScopeLabel
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
key			String
value			String

45.4.7.17. StorageSeverity
Copy link

Expand

Enum Values
UNSET_SEVERITY
LOW_SEVERITY
MEDIUM_SEVERITY
HIGH_SEVERITY
CRITICAL_SEVERITY

45.4.7.18. V1DryRunResponse
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
alerts			List of V1DryRunResponseAlert

45.4.7.19. V1DryRunResponseAlert
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
deployment			String
violations			List of `string`

45.5. ExportPolicies
Copy link

POST /v1/policies/export

ExportPolicies takes a list of policy IDs and returns either the entire list of policies or an error message

45.5.1. Description
Copy link

45.5.2. Parameters
Copy link

45.5.2.1. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	V1ExportPoliciesRequest	X

45.5.3. Return Type
Copy link

StorageExportPoliciesResponse

45.5.4. Content Type
Copy link

application/json

45.5.5. Responses
Copy link

Expand

Table 45.5. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	StorageExportPoliciesResponse
0	An unexpected error response.	RuntimeError

45.5.6. Samples
Copy link

45.5.7. Common object reference
Copy link

45.5.7.1. PolicyMitreAttackVectors
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
tactic			String
techniques			List of `string`

45.5.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.5.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.5.7.3. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.5.7.4. StorageBooleanOperator
Copy link

Expand

Enum Values
OR
AND

45.5.7.5. StorageEnforcementAction
Copy link

FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

Expand

Enum Values
UNSET_ENFORCEMENT
SCALE_TO_ZERO_ENFORCEMENT
UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT
KILL_POD_ENFORCEMENT
FAIL_BUILD_ENFORCEMENT
FAIL_KUBE_REQUEST_ENFORCEMENT
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

45.5.7.6. StorageEventSource
Copy link

Expand

Enum Values
NOT_APPLICABLE
DEPLOYMENT_EVENT
AUDIT_LOG_EVENT

45.5.7.7. StorageExclusion
Copy link

Expand

Field Name	Type	Format
name	String
deployment	StorageExclusionDeployment
image	StorageExclusionImage
expiration	Date	date-time

45.5.7.8. StorageExclusionDeployment
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String
scope			StorageScope

45.5.7.9. StorageExclusionImage
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String

45.5.7.10. StorageExportPoliciesResponse
Copy link

ExportPoliciesResponse is used by the API but it is defined in storage because we expect customers to store them. We do backwards-compatibility checks on objects in the storge folder and those checks should be applied to this object

Expand

Field Name	Required	Nullable	Type	Description	Format
policies			List of StoragePolicy

45.5.7.11. StorageLifecycleStage
Copy link

Expand

Enum Values
DEPLOY
BUILD
RUNTIME

45.5.7.12. StoragePolicy
Copy link

Expand

Field Name	Type	Description	Format
id	String
name	String
description	String
rationale	String
remediation	String
disabled	Boolean
categories	List of `string`
lifecycleStages	List of StorageLifecycleStage
eventSource	StorageEventSource		NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,
exclusions	List of StorageExclusion
scope	List of StorageScope
severity	StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
enforcementActions	List of StorageEnforcementAction	FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates/updates. FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.
notifiers	List of `string`
lastUpdated	Date		date-time
SORTName	String	For internal use only.
SORTLifecycleStage	String	For internal use only.
SORTEnforcement	Boolean	For internal use only.
policyVersion	String
policySections	List of StoragePolicySection
mitreAttackVectors	List of PolicyMitreAttackVectors
criteriaLocked	Boolean	Read-only field. If true, the policy’s criteria fields are rendered read-only.
mitreVectorsLocked	Boolean	Read-only field. If true, the policy’s MITRE ATT&CK fields are rendered read-only.
isDefault	Boolean	Read-only field. Indicates the policy is a default policy if true and a custom policy if false.

45.5.7.13. StoragePolicyGroup
Copy link

Expand

Field Name	Type	Format
fieldName	String
booleanOperator	StorageBooleanOperator	OR, AND,
negate	Boolean
values	List of StoragePolicyValue

45.5.7.14. StoragePolicySection
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
sectionName			String
policyGroups			List of StoragePolicyGroup

45.5.7.15. StoragePolicyValue
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
value			String

45.5.7.16. StorageScope
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
cluster			String
namespace			String
label			StorageScopeLabel

45.5.7.17. StorageScopeLabel
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
key			String
value			String

45.5.7.18. StorageSeverity
Copy link

Expand

Enum Values
UNSET_SEVERITY
LOW_SEVERITY
MEDIUM_SEVERITY
HIGH_SEVERITY
CRITICAL_SEVERITY

45.5.7.19. V1ExportPoliciesRequest
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
policyIds			List of `string`

45.6. PolicyFromSearch
Copy link

POST /v1/policies/from-search

45.6.1. Description
Copy link

45.6.2. Parameters
Copy link

45.6.2.1. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	V1PolicyFromSearchRequest	X

45.6.3. Return Type
Copy link

V1PolicyFromSearchResponse

45.6.4. Content Type
Copy link

application/json

45.6.5. Responses
Copy link

Expand

Table 45.6. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1PolicyFromSearchResponse
0	An unexpected error response.	RuntimeError

45.6.6. Samples
Copy link

45.6.7. Common object reference
Copy link

45.6.7.1. PolicyMitreAttackVectors
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
tactic			String
techniques			List of `string`

45.6.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.6.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.6.7.3. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.6.7.4. StorageBooleanOperator
Copy link

Expand

Enum Values
OR
AND

45.6.7.5. StorageEnforcementAction
Copy link

FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

Expand

Enum Values
UNSET_ENFORCEMENT
SCALE_TO_ZERO_ENFORCEMENT
UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT
KILL_POD_ENFORCEMENT
FAIL_BUILD_ENFORCEMENT
FAIL_KUBE_REQUEST_ENFORCEMENT
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

45.6.7.6. StorageEventSource
Copy link

Expand

Enum Values
NOT_APPLICABLE
DEPLOYMENT_EVENT
AUDIT_LOG_EVENT

45.6.7.7. StorageExclusion
Copy link

Expand

Field Name	Type	Format
name	String
deployment	StorageExclusionDeployment
image	StorageExclusionImage
expiration	Date	date-time

45.6.7.8. StorageExclusionDeployment
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String
scope			StorageScope

45.6.7.9. StorageExclusionImage
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String

45.6.7.10. StorageLifecycleStage
Copy link

Expand

Enum Values
DEPLOY
BUILD
RUNTIME

45.6.7.11. StoragePolicy
Copy link

Expand

Field Name	Type	Description	Format
id	String
name	String
description	String
rationale	String
remediation	String
disabled	Boolean
categories	List of `string`
lifecycleStages	List of StorageLifecycleStage
eventSource	StorageEventSource		NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,
exclusions	List of StorageExclusion
scope	List of StorageScope
severity	StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
enforcementActions	List of StorageEnforcementAction	FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates/updates. FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.
notifiers	List of `string`
lastUpdated	Date		date-time
SORTName	String	For internal use only.
SORTLifecycleStage	String	For internal use only.
SORTEnforcement	Boolean	For internal use only.
policyVersion	String
policySections	List of StoragePolicySection
mitreAttackVectors	List of PolicyMitreAttackVectors
criteriaLocked	Boolean	Read-only field. If true, the policy’s criteria fields are rendered read-only.
mitreVectorsLocked	Boolean	Read-only field. If true, the policy’s MITRE ATT&CK fields are rendered read-only.
isDefault	Boolean	Read-only field. Indicates the policy is a default policy if true and a custom policy if false.

45.6.7.12. StoragePolicyGroup
Copy link

Expand

Field Name	Type	Format
fieldName	String
booleanOperator	StorageBooleanOperator	OR, AND,
negate	Boolean
values	List of StoragePolicyValue

45.6.7.13. StoragePolicySection
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
sectionName			String
policyGroups			List of StoragePolicyGroup

45.6.7.14. StoragePolicyValue
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
value			String

45.6.7.15. StorageScope
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
cluster			String
namespace			String
label			StorageScopeLabel

45.6.7.16. StorageScopeLabel
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
key			String
value			String

45.6.7.17. StorageSeverity
Copy link

Expand

Enum Values
UNSET_SEVERITY
LOW_SEVERITY
MEDIUM_SEVERITY
HIGH_SEVERITY
CRITICAL_SEVERITY

45.6.7.18. V1PolicyFromSearchRequest
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
searchParams			String

45.6.7.19. V1PolicyFromSearchResponse
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
policy			StoragePolicy
alteredSearchTerms			List of `string`
hasNestedFields			Boolean

45.7. ListPolicies
Copy link

GET /v1/policies

ListPolicies returns the list of policies.

45.7.1. Description
Copy link

45.7.2. Parameters
Copy link

45.7.2.1. Query Parameters
Copy link

Expand

Name	Required	Default
query	-	null
pagination.limit	-	null
pagination.offset	-	null
pagination.sortOption.field	-	null
pagination.sortOption.reversed	-	null
pagination.sortOption.aggregateBy.aggrFunc	-	UNSET
pagination.sortOption.aggregateBy.distinct	-	null

45.7.3. Return Type
Copy link

V1ListPoliciesResponse

45.7.4. Content Type
Copy link

application/json

45.7.5. Responses
Copy link

Expand

Table 45.7. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1ListPoliciesResponse
0	An unexpected error response.	RuntimeError

45.7.6. Samples
Copy link

45.7.7. Common object reference
Copy link

45.7.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.7.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.7.7.2. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.7.7.3. StorageEventSource
Copy link

Expand

Enum Values
NOT_APPLICABLE
DEPLOYMENT_EVENT
AUDIT_LOG_EVENT

45.7.7.4. StorageLifecycleStage
Copy link

Expand

Enum Values
DEPLOY
BUILD
RUNTIME

45.7.7.5. StorageListPolicy
Copy link

Expand

Field Name	Type	Format
id	String
name	String
description	String
severity	StorageSeverity	UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
disabled	Boolean
lifecycleStages	List of StorageLifecycleStage
notifiers	List of `string`
lastUpdated	Date	date-time
eventSource	StorageEventSource	NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,
isDefault	Boolean

45.7.7.6. StorageSeverity
Copy link

Expand

Enum Values
UNSET_SEVERITY
LOW_SEVERITY
MEDIUM_SEVERITY
HIGH_SEVERITY
CRITICAL_SEVERITY

45.7.7.7. V1ListPoliciesResponse
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
policies			List of StorageListPolicy

45.8. DeletePolicy
Copy link

DELETE /v1/policies/{id}

DeletePolicy removes a policy by ID.

45.8.1. Description
Copy link

45.8.2. Parameters
Copy link

45.8.2.1. Path Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
id		X	null

45.8.3. Return Type
Copy link

Object

45.8.4. Content Type
Copy link

application/json

45.8.5. Responses
Copy link

Expand

Table 45.8. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

45.8.6. Samples
Copy link

45.8.7. Common object reference
Copy link

45.8.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.8.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.8.7.2. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.9. GetPolicy
Copy link

GET /v1/policies/{id}

GetPolicy returns the requested policy by ID.

45.9.1. Description
Copy link

45.9.2. Parameters
Copy link

45.9.2.1. Path Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
id		X	null

45.9.3. Return Type
Copy link

StoragePolicy

45.9.4. Content Type
Copy link

application/json

45.9.5. Responses
Copy link

Expand

Table 45.9. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	StoragePolicy
0	An unexpected error response.	RuntimeError

45.9.6. Samples
Copy link

45.9.7. Common object reference
Copy link

45.9.7.1. PolicyMitreAttackVectors
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
tactic			String
techniques			List of `string`

45.9.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.9.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.9.7.3. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.9.7.4. StorageBooleanOperator
Copy link

Expand

Enum Values
OR
AND

45.9.7.5. StorageEnforcementAction
Copy link

FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

Expand

Enum Values
UNSET_ENFORCEMENT
SCALE_TO_ZERO_ENFORCEMENT
UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT
KILL_POD_ENFORCEMENT
FAIL_BUILD_ENFORCEMENT
FAIL_KUBE_REQUEST_ENFORCEMENT
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

45.9.7.6. StorageEventSource
Copy link

Expand

Enum Values
NOT_APPLICABLE
DEPLOYMENT_EVENT
AUDIT_LOG_EVENT

45.9.7.7. StorageExclusion
Copy link

Expand

Field Name	Type	Format
name	String
deployment	StorageExclusionDeployment
image	StorageExclusionImage
expiration	Date	date-time

45.9.7.8. StorageExclusionDeployment
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String
scope			StorageScope

45.9.7.9. StorageExclusionImage
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String

45.9.7.10. StorageLifecycleStage
Copy link

Expand

Enum Values
DEPLOY
BUILD
RUNTIME

45.9.7.11. StoragePolicy
Copy link

Expand

Field Name	Type	Description	Format
id	String
name	String
description	String
rationale	String
remediation	String
disabled	Boolean
categories	List of `string`
lifecycleStages	List of StorageLifecycleStage
eventSource	StorageEventSource		NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,
exclusions	List of StorageExclusion
scope	List of StorageScope
severity	StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
enforcementActions	List of StorageEnforcementAction	FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates/updates. FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.
notifiers	List of `string`
lastUpdated	Date		date-time
SORTName	String	For internal use only.
SORTLifecycleStage	String	For internal use only.
SORTEnforcement	Boolean	For internal use only.
policyVersion	String
policySections	List of StoragePolicySection
mitreAttackVectors	List of PolicyMitreAttackVectors
criteriaLocked	Boolean	Read-only field. If true, the policy’s criteria fields are rendered read-only.
mitreVectorsLocked	Boolean	Read-only field. If true, the policy’s MITRE ATT&CK fields are rendered read-only.
isDefault	Boolean	Read-only field. Indicates the policy is a default policy if true and a custom policy if false.

45.9.7.12. StoragePolicyGroup
Copy link

Expand

Field Name	Type	Format
fieldName	String
booleanOperator	StorageBooleanOperator	OR, AND,
negate	Boolean
values	List of StoragePolicyValue

45.9.7.13. StoragePolicySection
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
sectionName			String
policyGroups			List of StoragePolicyGroup

45.9.7.14. StoragePolicyValue
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
value			String

45.9.7.15. StorageScope
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
cluster			String
namespace			String
label			StorageScopeLabel

45.9.7.16. StorageScopeLabel
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
key			String
value			String

45.9.7.17. StorageSeverity
Copy link

Expand

Enum Values
UNSET_SEVERITY
LOW_SEVERITY
MEDIUM_SEVERITY
HIGH_SEVERITY
CRITICAL_SEVERITY

45.10. GetPolicyMitreVectors
Copy link

GET /v1/policies/{id}/mitrevectors

GetMitreVectorsForPolicy returns the requested policy by ID.

45.10.1. Description
Copy link

45.10.2. Parameters
Copy link

45.10.2.1. Path Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
id		X	null

45.10.2.2. Query Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
options.excludePolicy	If set to true, policy is excluded from the response.	-	null

45.10.3. Return Type
Copy link

V1GetPolicyMitreVectorsResponse

45.10.4. Content Type
Copy link

application/json

45.10.5. Responses
Copy link

Expand

Table 45.10. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1GetPolicyMitreVectorsResponse
0	An unexpected error response.	RuntimeError

45.10.6. Samples
Copy link

45.10.7. Common object reference
Copy link

45.10.7.1. PolicyMitreAttackVectors
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
tactic			String
techniques			List of `string`

45.10.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.10.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.10.7.3. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.10.7.4. StorageBooleanOperator
Copy link

Expand

Enum Values
OR
AND

45.10.7.5. StorageEnforcementAction
Copy link

FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

Expand

Enum Values
UNSET_ENFORCEMENT
SCALE_TO_ZERO_ENFORCEMENT
UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT
KILL_POD_ENFORCEMENT
FAIL_BUILD_ENFORCEMENT
FAIL_KUBE_REQUEST_ENFORCEMENT
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

45.10.7.6. StorageEventSource
Copy link

Expand

Enum Values
NOT_APPLICABLE
DEPLOYMENT_EVENT
AUDIT_LOG_EVENT

45.10.7.7. StorageExclusion
Copy link

Expand

Field Name	Type	Format
name	String
deployment	StorageExclusionDeployment
image	StorageExclusionImage
expiration	Date	date-time

45.10.7.8. StorageExclusionDeployment
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String
scope			StorageScope

45.10.7.9. StorageExclusionImage
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String

45.10.7.10. StorageLifecycleStage
Copy link

Expand

Enum Values
DEPLOY
BUILD
RUNTIME

45.10.7.11. StorageMitreAttackVector
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
tactic			StorageMitreTactic
techniques			List of StorageMitreTechnique

45.10.7.12. StorageMitreTactic
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
description			String

45.10.7.13. StorageMitreTechnique
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
id			String
name			String
description			String

45.10.7.14. StoragePolicy
Copy link

Expand

Field Name	Type	Description	Format
id	String
name	String
description	String
rationale	String
remediation	String
disabled	Boolean
categories	List of `string`
lifecycleStages	List of StorageLifecycleStage
eventSource	StorageEventSource		NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,
exclusions	List of StorageExclusion
scope	List of StorageScope
severity	StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
enforcementActions	List of StorageEnforcementAction	FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates/updates. FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.
notifiers	List of `string`
lastUpdated	Date		date-time
SORTName	String	For internal use only.
SORTLifecycleStage	String	For internal use only.
SORTEnforcement	Boolean	For internal use only.
policyVersion	String
policySections	List of StoragePolicySection
mitreAttackVectors	List of PolicyMitreAttackVectors
criteriaLocked	Boolean	Read-only field. If true, the policy’s criteria fields are rendered read-only.
mitreVectorsLocked	Boolean	Read-only field. If true, the policy’s MITRE ATT&CK fields are rendered read-only.
isDefault	Boolean	Read-only field. Indicates the policy is a default policy if true and a custom policy if false.

45.10.7.15. StoragePolicyGroup
Copy link

Expand

Field Name	Type	Format
fieldName	String
booleanOperator	StorageBooleanOperator	OR, AND,
negate	Boolean
values	List of StoragePolicyValue

45.10.7.16. StoragePolicySection
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
sectionName			String
policyGroups			List of StoragePolicyGroup

45.10.7.17. StoragePolicyValue
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
value			String

45.10.7.18. StorageScope
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
cluster			String
namespace			String
label			StorageScopeLabel

45.10.7.19. StorageScopeLabel
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
key			String
value			String

45.10.7.20. StorageSeverity
Copy link

Expand

Enum Values
UNSET_SEVERITY
LOW_SEVERITY
MEDIUM_SEVERITY
HIGH_SEVERITY
CRITICAL_SEVERITY

45.10.7.21. V1GetPolicyMitreVectorsResponse
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
policy			StoragePolicy
vectors			List of StorageMitreAttackVector

45.11. PatchPolicy
Copy link

PATCH /v1/policies/{id}

PatchPolicy edits an existing policy.

45.11.1. Description
Copy link

45.11.2. Parameters
Copy link

45.11.2.1. Path Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
id		X	null

45.11.2.2. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	V1PatchPolicyRequest	X

45.11.3. Return Type
Copy link

Object

45.11.4. Content Type
Copy link

application/json

45.11.5. Responses
Copy link

Expand

Table 45.11. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

45.11.6. Samples
Copy link

45.11.7. Common object reference
Copy link

45.11.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.11.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.11.7.2. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.11.7.3. V1PatchPolicyRequest
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
id			String
disabled			Boolean

45.12. PutPolicy
Copy link

PUT /v1/policies/{id}

PutPolicy modifies an existing policy.

45.12.1. Description
Copy link

45.12.2. Parameters
Copy link

45.12.2.1. Path Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
id		X	null

45.12.2.2. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	StoragePolicy	X

45.12.3. Return Type
Copy link

Object

45.12.4. Content Type
Copy link

application/json

45.12.5. Responses
Copy link

Expand

Table 45.12. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

45.12.6. Samples
Copy link

45.12.7. Common object reference
Copy link

45.12.7.1. PolicyMitreAttackVectors
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
tactic			String
techniques			List of `string`

45.12.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.12.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.12.7.3. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.12.7.4. StorageBooleanOperator
Copy link

Expand

Enum Values
OR
AND

45.12.7.5. StorageEnforcementAction
Copy link

FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

Expand

Enum Values
UNSET_ENFORCEMENT
SCALE_TO_ZERO_ENFORCEMENT
UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT
KILL_POD_ENFORCEMENT
FAIL_BUILD_ENFORCEMENT
FAIL_KUBE_REQUEST_ENFORCEMENT
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

45.12.7.6. StorageEventSource
Copy link

Expand

Enum Values
NOT_APPLICABLE
DEPLOYMENT_EVENT
AUDIT_LOG_EVENT

45.12.7.7. StorageExclusion
Copy link

Expand

Field Name	Type	Format
name	String
deployment	StorageExclusionDeployment
image	StorageExclusionImage
expiration	Date	date-time

45.12.7.8. StorageExclusionDeployment
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String
scope			StorageScope

45.12.7.9. StorageExclusionImage
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String

45.12.7.10. StorageLifecycleStage
Copy link

Expand

Enum Values
DEPLOY
BUILD
RUNTIME

45.12.7.11. StoragePolicy
Copy link

Expand

Field Name	Type	Description	Format
id	String
name	String
description	String
rationale	String
remediation	String
disabled	Boolean
categories	List of `string`
lifecycleStages	List of StorageLifecycleStage
eventSource	StorageEventSource		NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,
exclusions	List of StorageExclusion
scope	List of StorageScope
severity	StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
enforcementActions	List of StorageEnforcementAction	FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates/updates. FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.
notifiers	List of `string`
lastUpdated	Date		date-time
SORTName	String	For internal use only.
SORTLifecycleStage	String	For internal use only.
SORTEnforcement	Boolean	For internal use only.
policyVersion	String
policySections	List of StoragePolicySection
mitreAttackVectors	List of PolicyMitreAttackVectors
criteriaLocked	Boolean	Read-only field. If true, the policy’s criteria fields are rendered read-only.
mitreVectorsLocked	Boolean	Read-only field. If true, the policy’s MITRE ATT&CK fields are rendered read-only.
isDefault	Boolean	Read-only field. Indicates the policy is a default policy if true and a custom policy if false.

45.12.7.12. StoragePolicyGroup
Copy link

Expand

Field Name	Type	Format
fieldName	String
booleanOperator	StorageBooleanOperator	OR, AND,
negate	Boolean
values	List of StoragePolicyValue

45.12.7.13. StoragePolicySection
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
sectionName			String
policyGroups			List of StoragePolicyGroup

45.12.7.14. StoragePolicyValue
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
value			String

45.12.7.15. StorageScope
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
cluster			String
namespace			String
label			StorageScopeLabel

45.12.7.16. StorageScopeLabel
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
key			String
value			String

45.12.7.17. StorageSeverity
Copy link

Expand

Enum Values
UNSET_SEVERITY
LOW_SEVERITY
MEDIUM_SEVERITY
HIGH_SEVERITY
CRITICAL_SEVERITY

45.13. ImportPolicies
Copy link

POST /v1/policies/import

ImportPolicies accepts a list of Policies and returns a list of the policies which could not be imported

45.13.1. Description
Copy link

45.13.2. Parameters
Copy link

45.13.2.1. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	V1ImportPoliciesRequest	X

45.13.3. Return Type
Copy link

V1ImportPoliciesResponse

45.13.4. Content Type
Copy link

application/json

45.13.5. Responses
Copy link

Expand

Table 45.13. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1ImportPoliciesResponse
0	An unexpected error response.	RuntimeError

45.13.6. Samples
Copy link

45.13.7. Common object reference
Copy link

45.13.7.1. PolicyMitreAttackVectors
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
tactic			String
techniques			List of `string`

45.13.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.13.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.13.7.3. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.13.7.4. StorageBooleanOperator
Copy link

Expand

Enum Values
OR
AND

45.13.7.5. StorageEnforcementAction
Copy link

FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

Expand

Enum Values
UNSET_ENFORCEMENT
SCALE_TO_ZERO_ENFORCEMENT
UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT
KILL_POD_ENFORCEMENT
FAIL_BUILD_ENFORCEMENT
FAIL_KUBE_REQUEST_ENFORCEMENT
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

45.13.7.6. StorageEventSource
Copy link

Expand

Enum Values
NOT_APPLICABLE
DEPLOYMENT_EVENT
AUDIT_LOG_EVENT

45.13.7.7. StorageExclusion
Copy link

Expand

Field Name	Type	Format
name	String
deployment	StorageExclusionDeployment
image	StorageExclusionImage
expiration	Date	date-time

45.13.7.8. StorageExclusionDeployment
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String
scope			StorageScope

45.13.7.9. StorageExclusionImage
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String

45.13.7.10. StorageLifecycleStage
Copy link

Expand

Enum Values
DEPLOY
BUILD
RUNTIME

45.13.7.11. StoragePolicy
Copy link

Expand

Field Name	Type	Description	Format
id	String
name	String
description	String
rationale	String
remediation	String
disabled	Boolean
categories	List of `string`
lifecycleStages	List of StorageLifecycleStage
eventSource	StorageEventSource		NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,
exclusions	List of StorageExclusion
scope	List of StorageScope
severity	StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
enforcementActions	List of StorageEnforcementAction	FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates/updates. FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.
notifiers	List of `string`
lastUpdated	Date		date-time
SORTName	String	For internal use only.
SORTLifecycleStage	String	For internal use only.
SORTEnforcement	Boolean	For internal use only.
policyVersion	String
policySections	List of StoragePolicySection
mitreAttackVectors	List of PolicyMitreAttackVectors
criteriaLocked	Boolean	Read-only field. If true, the policy’s criteria fields are rendered read-only.
mitreVectorsLocked	Boolean	Read-only field. If true, the policy’s MITRE ATT&CK fields are rendered read-only.
isDefault	Boolean	Read-only field. Indicates the policy is a default policy if true and a custom policy if false.

45.13.7.12. StoragePolicyGroup
Copy link

Expand

Field Name	Type	Format
fieldName	String
booleanOperator	StorageBooleanOperator	OR, AND,
negate	Boolean
values	List of StoragePolicyValue

45.13.7.13. StoragePolicySection
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
sectionName			String
policyGroups			List of StoragePolicyGroup

45.13.7.14. StoragePolicyValue
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
value			String

45.13.7.15. StorageScope
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
cluster			String
namespace			String
label			StorageScopeLabel

45.13.7.16. StorageScopeLabel
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
key			String
value			String

45.13.7.17. StorageSeverity
Copy link

Expand

Enum Values
UNSET_SEVERITY
LOW_SEVERITY
MEDIUM_SEVERITY
HIGH_SEVERITY
CRITICAL_SEVERITY

45.13.7.18. V1ImportPoliciesMetadata
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
overwrite			Boolean

45.13.7.19. V1ImportPoliciesRequest
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
metadata			V1ImportPoliciesMetadata
policies			List of StoragePolicy

45.13.7.20. V1ImportPoliciesResponse
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
responses			List of V1ImportPolicyResponse
allSucceeded			Boolean

45.13.7.21. V1ImportPolicyError
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
message			String
type			String
duplicateName			String
validationError			String

45.13.7.22. V1ImportPolicyResponse
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
succeeded			Boolean
policy			StoragePolicy
errors			List of V1ImportPolicyError

45.14. EnableDisablePolicyNotification
Copy link

PATCH /v1/policies/{policyId}/notifiers

EnableDisablePolicyNotification enables or disables notifications for a policy by ID.

45.14.1. Description
Copy link

45.14.2. Parameters
Copy link

45.14.2.1. Path Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
policyId		X	null

45.14.2.2. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	V1EnableDisablePolicyNotificationRequest	X

45.14.3. Return Type
Copy link

Object

45.14.4. Content Type
Copy link

application/json

45.14.5. Responses
Copy link

Expand

Table 45.14. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

45.14.6. Samples
Copy link

45.14.7. Common object reference
Copy link

45.14.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.14.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.14.7.2. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.14.7.3. V1EnableDisablePolicyNotificationRequest
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
policyId			String
notifierIds			List of `string`
disable			Boolean

45.15. PostPolicy
Copy link

POST /v1/policies

PostPolicy creates a new policy.

45.15.1. Description
Copy link

45.15.2. Parameters
Copy link

45.15.2.1. Body Parameter
Copy link

Expand

Name	Description	Required	Default	Pattern
body	StoragePolicy	X

45.15.2.2. Query Parameters
Copy link

Expand

Name	Description	Required	Default	Pattern
enableStrictValidation		-	null

45.15.3. Return Type
Copy link

StoragePolicy

45.15.4. Content Type
Copy link

application/json

45.15.5. Responses
Copy link

Expand

Table 45.15. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	StoragePolicy
0	An unexpected error response.	RuntimeError

45.15.6. Samples
Copy link

45.15.7. Common object reference
Copy link

45.15.7.1. PolicyMitreAttackVectors
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
tactic			String
techniques			List of `string`

45.15.7.2. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.15.7.2.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.15.7.3. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.15.7.4. StorageBooleanOperator
Copy link

Expand

Enum Values
OR
AND

45.15.7.5. StorageEnforcementAction
Copy link

FAIL_KUBE_REQUEST_ENFORCEMENT: FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events.
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT: FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates.
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT: FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.

Expand

Enum Values
UNSET_ENFORCEMENT
SCALE_TO_ZERO_ENFORCEMENT
UNSATISFIABLE_NODE_CONSTRAINT_ENFORCEMENT
KILL_POD_ENFORCEMENT
FAIL_BUILD_ENFORCEMENT
FAIL_KUBE_REQUEST_ENFORCEMENT
FAIL_DEPLOYMENT_CREATE_ENFORCEMENT
FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT

45.15.7.6. StorageEventSource
Copy link

Expand

Enum Values
NOT_APPLICABLE
DEPLOYMENT_EVENT
AUDIT_LOG_EVENT

45.15.7.7. StorageExclusion
Copy link

Expand

Field Name	Type	Format
name	String
deployment	StorageExclusionDeployment
image	StorageExclusionImage
expiration	Date	date-time

45.15.7.8. StorageExclusionDeployment
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String
scope			StorageScope

45.15.7.9. StorageExclusionImage
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
name			String

45.15.7.10. StorageLifecycleStage
Copy link

Expand

Enum Values
DEPLOY
BUILD
RUNTIME

45.15.7.11. StoragePolicy
Copy link

Expand

Field Name	Type	Description	Format
id	String
name	String
description	String
rationale	String
remediation	String
disabled	Boolean
categories	List of `string`
lifecycleStages	List of StorageLifecycleStage
eventSource	StorageEventSource		NOT_APPLICABLE, DEPLOYMENT_EVENT, AUDIT_LOG_EVENT,
exclusions	List of StorageExclusion
scope	List of StorageScope
severity	StorageSeverity		UNSET_SEVERITY, LOW_SEVERITY, MEDIUM_SEVERITY, HIGH_SEVERITY, CRITICAL_SEVERITY,
enforcementActions	List of StorageEnforcementAction	FAIL_DEPLOYMENT_CREATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object creates/updates. FAIL_KUBE_REQUEST_ENFORCEMENT takes effect only if admission control webhook is enabled to listen on exec and port-forward events. FAIL_DEPLOYMENT_UPDATE_ENFORCEMENT takes effect only if admission control webhook is configured to enforce on object updates.
notifiers	List of `string`
lastUpdated	Date		date-time
SORTName	String	For internal use only.
SORTLifecycleStage	String	For internal use only.
SORTEnforcement	Boolean	For internal use only.
policyVersion	String
policySections	List of StoragePolicySection
mitreAttackVectors	List of PolicyMitreAttackVectors
criteriaLocked	Boolean	Read-only field. If true, the policy’s criteria fields are rendered read-only.
mitreVectorsLocked	Boolean	Read-only field. If true, the policy’s MITRE ATT&CK fields are rendered read-only.
isDefault	Boolean	Read-only field. Indicates the policy is a default policy if true and a custom policy if false.

45.15.7.12. StoragePolicyGroup
Copy link

Expand

Field Name	Type	Format
fieldName	String
booleanOperator	StorageBooleanOperator	OR, AND,
negate	Boolean
values	List of StoragePolicyValue

45.15.7.13. StoragePolicySection
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
sectionName			String
policyGroups			List of StoragePolicyGroup

45.15.7.14. StoragePolicyValue
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
value			String

45.15.7.15. StorageScope
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
cluster			String
namespace			String
label			StorageScopeLabel

45.15.7.16. StorageScopeLabel
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
key			String
value			String

45.15.7.17. StorageSeverity
Copy link

Expand

Enum Values
UNSET_SEVERITY
LOW_SEVERITY
MEDIUM_SEVERITY
HIGH_SEVERITY
CRITICAL_SEVERITY

45.16. ReassessPolicies
Copy link

POST /v1/policies/reassess

ReassessPolicies reevaluates all the policies.

45.16.1. Description
Copy link

45.16.2. Parameters
Copy link

45.16.3. Return Type
Copy link

Object

45.16.4. Content Type
Copy link

application/json

45.16.5. Responses
Copy link

Expand

Table 45.16. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	`Object`
0	An unexpected error response.	RuntimeError

45.16.6. Samples
Copy link

45.16.7. Common object reference
Copy link

45.16.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.16.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.16.7.2. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.17. GetPolicyCategories
Copy link

GET /v1/policyCategories

GetPolicyCategories returns the policy categories.

45.17.1. Description
Copy link

45.17.2. Parameters
Copy link

45.17.3. Return Type
Copy link

V1PolicyCategoriesResponse

45.17.4. Content Type
Copy link

application/json

45.17.5. Responses
Copy link

Expand

Table 45.17. HTTP Response Codes
Code	Message	Datatype
200	A successful response.	V1PolicyCategoriesResponse
0	An unexpected error response.	RuntimeError

45.17.6. Samples
Copy link

45.17.7. Common object reference
Copy link

45.17.7.1. ProtobufAny
Copy link

Any contains an arbitrary serialized protocol buffer message along with a URL that describes the type of the serialized message.

Protobuf library provides support to pack/unpack Any values in the form of utility functions or additional generated methods of the Any type.

Example 1: Pack and unpack a message in C++.

Foo foo = ...;
Any any;
any.PackFrom(foo);
...
if (any.UnpackTo(&foo)) {
  ...
}

Example 2: Pack and unpack a message in Java.

Foo foo = ...;
Any any = Any.pack(foo);
...
if (any.is(Foo.class)) {
  foo = any.unpack(Foo.class);
}
// or ...
if (any.isSameTypeAs(Foo.getDefaultInstance())) {
  foo = any.unpack(Foo.getDefaultInstance());
}

Example 3: Pack and unpack a message in Python.

foo = Foo(...)
any = Any()
any.Pack(foo)
...
if any.Is(Foo.DESCRIPTOR):
  any.Unpack(foo)
  ...

Example 4: Pack and unpack a message in Go

foo := &pb.Foo{...}
any, err := anypb.New(foo)
if err != nil {
  ...
}
...
foo := &pb.Foo{}
if err := any.UnmarshalTo(foo); err != nil {
  ...
}

45.17.7.1.1. JSON representation
Copy link

The JSON representation of an Any value uses the regular representation of the deserialized, embedded message, with an additional field @type which contains the type URL. Example:

package google.profile;
message Person {
  string first_name = 1;
  string last_name = 2;
}

{
  "@type": "type.googleapis.com/google.profile.Person",
  "firstName": <string>,
  "lastName": <string>
}

{
  "@type": "type.googleapis.com/google.protobuf.Duration",
  "value": "1.212s"
}

Expand

Field Name	Required	Nullable	Type	Description	Format
typeUrl			String	A URL/resource name that uniquely identifies the type of the serialized protocol buffer message. This string must contain at least one \"/\" character. The last segment of the URL’s path must represent the fully qualified name of the type (as in `path/google.protobuf.Duration`). The name should be in a canonical form (e.g., leading \".\" is not accepted). In practice, teams usually precompile into the binary all types that they expect it to use in the context of Any. However, for URLs which use the scheme `http`, `https`, or no scheme, one can optionally set up a type server that maps type URLs to message definitions as follows: * If no scheme is provided, `https` is assumed. * An HTTP GET on the URL must yield a [google.protobuf.Type][] value in binary format, or produce an error. * Applications are allowed to cache lookup results based on the URL, or have them precompiled into a binary to avoid any lookup. Therefore, binary compatibility needs to be preserved on changes to types. (Use versioned type names to manage breaking changes.) Note: this functionality is not currently available in the official protobuf release, and it is not used for type URLs beginning with type.googleapis.com. As of May 2023, there are no widely used type server implementations and no plans to implement one. Schemes other than `http`, `https` (or the empty scheme) might be used with implementation specific semantics.
value			byte[]	Must be a valid serialized protocol buffer of the above specified type.	byte

45.17.7.2. RuntimeError
Copy link

Expand

Field Name	Type	Format
error	String
code	Integer	int32
message	String
details	List of ProtobufAny

45.17.7.3. V1PolicyCategoriesResponse
Copy link

Expand

Field Name	Required	Nullable	Type	Description	Format
categories			List of `string`

Chapter 45. PolicyService

45.1. CancelDryRunJobCopy linkLink copied to clipboard!

45.1.1. DescriptionCopy linkLink copied to clipboard!

45.1.2. ParametersCopy linkLink copied to clipboard!

45.1.2.1. Path ParametersCopy linkLink copied to clipboard!

45.1.3. Return TypeCopy linkLink copied to clipboard!

45.1.4. Content TypeCopy linkLink copied to clipboard!

45.1.5. ResponsesCopy linkLink copied to clipboard!

45.1.6. SamplesCopy linkLink copied to clipboard!

45.1.7. Common object referenceCopy linkLink copied to clipboard!

45.1.7.1. ProtobufAnyCopy linkLink copied to clipboard!

45.1.7.1.1. JSON representationCopy linkLink copied to clipboard!

45.1.7.2. RuntimeErrorCopy linkLink copied to clipboard!

45.2. QueryDryRunJobStatusCopy linkLink copied to clipboard!

45.2.1. DescriptionCopy linkLink copied to clipboard!

45.2.2. ParametersCopy linkLink copied to clipboard!

45.2.2.1. Path ParametersCopy linkLink copied to clipboard!

45.2.3. Return TypeCopy linkLink copied to clipboard!

45.2.4. Content TypeCopy linkLink copied to clipboard!

45.2.5. ResponsesCopy linkLink copied to clipboard!

45.2.6. SamplesCopy linkLink copied to clipboard!

45.2.7. Common object referenceCopy linkLink copied to clipboard!

45.2.7.1. ProtobufAnyCopy linkLink copied to clipboard!

45.2.7.1.1. JSON representationCopy linkLink copied to clipboard!

45.2.7.2. RuntimeErrorCopy linkLink copied to clipboard!

45.2.7.3. V1DryRunJobStatusResponseCopy linkLink copied to clipboard!

45.2.7.4. V1DryRunResponseCopy linkLink copied to clipboard!

45.2.7.5. V1DryRunResponseAlertCopy linkLink copied to clipboard!

45.3. SubmitDryRunPolicyJobCopy linkLink copied to clipboard!

45.3.1. DescriptionCopy linkLink copied to clipboard!

45.3.2. ParametersCopy linkLink copied to clipboard!

45.3.2.1. Body ParameterCopy linkLink copied to clipboard!

45.3.3. Return TypeCopy linkLink copied to clipboard!

45.3.4. Content TypeCopy linkLink copied to clipboard!

45.3.5. ResponsesCopy linkLink copied to clipboard!

45.3.6. SamplesCopy linkLink copied to clipboard!

45.3.7. Common object referenceCopy linkLink copied to clipboard!

45.3.7.1. PolicyMitreAttackVectorsCopy linkLink copied to clipboard!

45.3.7.2. ProtobufAnyCopy linkLink copied to clipboard!

45.3.7.2.1. JSON representationCopy linkLink copied to clipboard!

45.3.7.3. RuntimeErrorCopy linkLink copied to clipboard!

45.3.7.4. StorageBooleanOperatorCopy linkLink copied to clipboard!

45.3.7.5. StorageEnforcementActionCopy linkLink copied to clipboard!

45.3.7.6. StorageEventSourceCopy linkLink copied to clipboard!

45.3.7.7. StorageExclusionCopy linkLink copied to clipboard!

45.3.7.8. StorageExclusionDeploymentCopy linkLink copied to clipboard!

45.3.7.9. StorageExclusionImageCopy linkLink copied to clipboard!

45.3.7.10. StorageLifecycleStageCopy linkLink copied to clipboard!

45.3.7.11. StoragePolicyCopy linkLink copied to clipboard!

45.3.7.12. StoragePolicyGroupCopy linkLink copied to clipboard!

45.3.7.13. StoragePolicySectionCopy linkLink copied to clipboard!

45.3.7.14. StoragePolicyValueCopy linkLink copied to clipboard!

45.3.7.15. StorageScopeCopy linkLink copied to clipboard!

45.3.7.16. StorageScopeLabelCopy linkLink copied to clipboard!

45.3.7.17. StorageSeverityCopy linkLink copied to clipboard!

45.3.7.18. V1JobIdCopy linkLink copied to clipboard!

45.4. DryRunPolicyCopy linkLink copied to clipboard!

45.4.1. DescriptionCopy linkLink copied to clipboard!

45.4.2. ParametersCopy linkLink copied to clipboard!

45.4.2.1. Body ParameterCopy linkLink copied to clipboard!

45.4.3. Return TypeCopy linkLink copied to clipboard!

45.4.4. Content TypeCopy linkLink copied to clipboard!

45.4.5. ResponsesCopy linkLink copied to clipboard!

45.4.6. SamplesCopy linkLink copied to clipboard!

45.4.7. Common object referenceCopy linkLink copied to clipboard!

45.4.7.1. PolicyMitreAttackVectorsCopy linkLink copied to clipboard!

45.4.7.2. ProtobufAnyCopy linkLink copied to clipboard!

45.4.7.2.1. JSON representationCopy linkLink copied to clipboard!

45.4.7.3. RuntimeErrorCopy linkLink copied to clipboard!

45.4.7.4. StorageBooleanOperatorCopy linkLink copied to clipboard!

45.4.7.5. StorageEnforcementActionCopy linkLink copied to clipboard!

45.4.7.6. StorageEventSourceCopy linkLink copied to clipboard!

45.4.7.7. StorageExclusionCopy linkLink copied to clipboard!

45.4.7.8. StorageExclusionDeploymentCopy linkLink copied to clipboard!

45.4.7.9. StorageExclusionImageCopy linkLink copied to clipboard!

45.4.7.10. StorageLifecycleStageCopy linkLink copied to clipboard!

45.4.7.11. StoragePolicyCopy linkLink copied to clipboard!

45.4.7.12. StoragePolicyGroupCopy linkLink copied to clipboard!

45.4.7.13. StoragePolicySectionCopy linkLink copied to clipboard!

45.4.7.14. StoragePolicyValueCopy linkLink copied to clipboard!

45.1. CancelDryRunJob
Copy link

45.1.1. Description
Copy link

45.1.2. Parameters
Copy link

45.1.2.1. Path Parameters
Copy link

45.1.3. Return Type
Copy link

45.1.4. Content Type
Copy link

45.1.5. Responses
Copy link

45.1.6. Samples
Copy link

45.1.7. Common object reference
Copy link

45.1.7.1. ProtobufAny
Copy link

45.1.7.1.1. JSON representation
Copy link

45.1.7.2. RuntimeError
Copy link

45.2. QueryDryRunJobStatus
Copy link

45.2.1. Description
Copy link

45.2.2. Parameters
Copy link

45.2.2.1. Path Parameters
Copy link

45.2.3. Return Type
Copy link

45.2.4. Content Type
Copy link

45.2.5. Responses
Copy link

45.2.6. Samples
Copy link

45.2.7. Common object reference
Copy link

45.2.7.1. ProtobufAny
Copy link

45.2.7.1.1. JSON representation
Copy link

45.2.7.2. RuntimeError
Copy link

45.2.7.3. V1DryRunJobStatusResponse
Copy link

45.2.7.4. V1DryRunResponse
Copy link

45.2.7.5. V1DryRunResponseAlert
Copy link

45.3. SubmitDryRunPolicyJob
Copy link

45.3.1. Description
Copy link

45.3.2. Parameters
Copy link

45.3.2.1. Body Parameter
Copy link

45.3.3. Return Type
Copy link

45.3.4. Content Type
Copy link

45.3.5. Responses
Copy link

45.3.6. Samples
Copy link

45.3.7. Common object reference
Copy link

45.3.7.1. PolicyMitreAttackVectors
Copy link

45.3.7.2. ProtobufAny
Copy link

45.3.7.2.1. JSON representation
Copy link

45.3.7.3. RuntimeError
Copy link

45.3.7.4. StorageBooleanOperator
Copy link

45.3.7.5. StorageEnforcementAction
Copy link

45.3.7.6. StorageEventSource
Copy link

45.3.7.7. StorageExclusion
Copy link

45.3.7.8. StorageExclusionDeployment
Copy link

45.3.7.9. StorageExclusionImage
Copy link

45.3.7.10. StorageLifecycleStage
Copy link

45.3.7.11. StoragePolicy
Copy link

45.3.7.12. StoragePolicyGroup
Copy link

45.3.7.13. StoragePolicySection
Copy link

45.3.7.14. StoragePolicyValue
Copy link

45.3.7.15. StorageScope
Copy link

45.3.7.16. StorageScopeLabel
Copy link

45.3.7.17. StorageSeverity
Copy link

45.3.7.18. V1JobId
Copy link

45.4. DryRunPolicy
Copy link

45.4.1. Description
Copy link

45.4.2. Parameters
Copy link

45.4.2.1. Body Parameter
Copy link

45.4.3. Return Type
Copy link

45.4.4. Content Type
Copy link

45.4.5. Responses
Copy link

45.4.6. Samples
Copy link

45.4.7. Common object reference
Copy link

45.4.7.1. PolicyMitreAttackVectors
Copy link

45.4.7.2. ProtobufAny
Copy link

45.4.7.2.1. JSON representation
Copy link

45.4.7.3. RuntimeError
Copy link

45.4.7.4. StorageBooleanOperator
Copy link

45.4.7.5. StorageEnforcementAction
Copy link

45.4.7.6. StorageEventSource
Copy link

45.4.7.7. StorageExclusion
Copy link

45.4.7.8. StorageExclusionDeployment
Copy link

45.4.7.9. StorageExclusionImage
Copy link

45.4.7.10. StorageLifecycleStage
Copy link

45.4.7.11. StoragePolicy
Copy link

45.4.7.12. StoragePolicyGroup
Copy link

45.4.7.13. StoragePolicySection
Copy link

45.4.7.14. StoragePolicyValue
Copy link

45.4.7.15. StorageScope
Copy link